From nobody Tue Sep  1 08:14:18 2015
Return-Path: <gis-saag-2-moved1@m.gmane.org>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 93CBC1B323A for <saag@ietfa.amsl.com>; Mon, 31 Aug 2015 09:40:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.088
X-Spam-Level: 
X-Spam-Status: No, score=0.088 tagged_above=-999 required=5 tests=[BAYES_50=0.8, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4UBw7MWwBFbH for <saag@ietfa.amsl.com>; Mon, 31 Aug 2015 09:40:09 -0700 (PDT)
Received: from plane.gmane.org (plane.gmane.org [80.91.229.3]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B9D7C1B377F for <saag@ietf.org>; Mon, 31 Aug 2015 09:40:07 -0700 (PDT)
Received: from list by plane.gmane.org with local (Exim 4.69) (envelope-from <gis-saag-2-moved1@m.gmane.org>) id 1ZWS7n-0007Se-Fu for saag@ietf.org; Mon, 31 Aug 2015 18:40:04 +0200
Received: from ppp118-209-173-126.lns20.mel8.internode.on.net ([118.209.173.126]) by main.gmane.org with esmtp (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for <saag@ietf.org>; Mon, 31 Aug 2015 18:40:03 +0200
Received: from jsing by ppp118-209-173-126.lns20.mel8.internode.on.net with local (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for <saag@ietf.org>; Mon, 31 Aug 2015 18:40:03 +0200
X-Injected-Via-Gmane: http://gmane.org/
To: saag@ietf.org
From: Joel Sing <jsing@openbsd.org>
Date: Mon, 31 Aug 2015 16:38:00 +0000 (UTC)
Lines: 62
Message-ID: <loom.20150828T064228-679@post.gmane.org>
References: <CAHbuEH7B3_G9vAhw=U2tuz-Uh8mKMUfL6s=H+BOG96FDZaACig@mail.gmail.com> <20150824212907.GN9021@mournblade.imrryr.org> <619ffebb05ba4e2a9af03a6dcc768d6e@ustx2ex-dag1mb2.msg.corp.akamai.com> <20150824215037.GO9021@mournblade.imrryr.org> <9A043F3CF02CD34C8E74AC1594475C73F4AE62A1@uxcn10-5.UoA.auckland.ac.nz> <20150825134333.GX9021@mournblade.imrryr.org> <6b5167f3d0684a8a91caa6d37dec65e3@ustx2ex-dag1mb2.msg.corp.akamai.com> <20150825160627.GH9021@mournblade.imrryr.org> <CAHbuEH5r5s8ofChzt0_Rd8dxKqf8KXLDteYw8RSBX43nyFrN+A@mail.gmail.com> <2E7E9F38-DA68-4933-AD67-CF2A8E51B4F7@dukhovni.org> <20150825214411.GS9021@mournblade.imrryr.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
X-Complaints-To: usenet@ger.gmane.org
X-Gmane-NNTP-Posting-Host: sea.gmane.org
User-Agent: Loom/3.14 (http://gmane.org/)
X-Loom-IP: 118.209.173.126 (Mozilla/5.0 (X11; OpenBSD amd64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.125 Safari/537.36)
Archived-At: <http://mailarchive.ietf.org/arch/msg/saag/o9kWb64UZz1lCFQtkWludlT7muo>
X-Mailman-Approved-At: Tue, 01 Sep 2015 08:14:17 -0700
Subject: Re: [saag] AD review of draft-iab-crypto-alg-agility-06
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 31 Aug 2015 16:40:11 -0000

Viktor Dukhovni <ietf-dane <at> dukhovni.org> writes:
> I should note, that premature deprecation of algorithms and/or
> protocol features by library maintainers who are not attuned to
> the needs of OS applications is already having detrimental effects.
> 
> For example, LibreSSL 2.2.2 has not only removed support for SSL
> 2.0 and SSL 3.0, but has also removed TLS server support for
> SSL-2.0-compatible HELLO.

I strongly recommend that you check your facts, in order to avoid 
distributing misinformation in a public forum:

- LibreSSL 2.2.2 has support for SSLv3 - it is disabled by default,
  however it can be re-enabled by an application at runtime (or by using
  the appropriate functions directly).

- LibreSSL 2.2.2 has server support for SSLv2 ClientHello messages and it 
  will not be removed any time soon.

> This means that servers linked with LibresSSL are unable to complete
> a TLS handshake with clients that have not yet disabled SSL 2.0
> and are still sending SSLv2-compatible HELLO.

This is inaccurate. I believe you are confusing this with a bug that was
introduced in the 2.2.2 release, which has already been fixed in 2.2.3. A 
TLS ClientHello that contained no extensions was incorrectly handled,
resulting in interoperability issues and handshake failures with some
clients.

> Such clients are not uncommon.  The Postfix user who ran into this
> problem reverted to linking Postfix with OpenSSL.  In the OpenSSL
> "master" branch (future 1.1.0), SSL 2.0 and SSL 3.0 are disabled
> just like in LibreSSL 2.2.2, but support for SSLv2-compatible HELLO
> is retained (on servers, but the client code will never send such
> a HELLO).
>
> It takes care and sound judgement to preserve interoperability,
> and not all applications have the same needs.  So while the
> "marketing" message needs to be clear and unequivocal (stop using
> obsolete crypto), in libraries the underlying technical changes to
> support that need to be constructed more carefully, and final
> removal may be the last step of a process that happens across
> multiple releases that gradually reduce support. 
> 
>     * Remove from use by default.
>     * Reduce relative preference.
>     * Require non-default compile-time options to enable.
>     * Remove the code.

You have practically just described the process that LibreSSL is using.
The main difference is the timeline under which the process is being
executed.

> Applications can move more aggressively, and use appropriate APIs
> to disable obsolete crypto faster because they are better positioned
> to know where to draw the line between security and interoperability
> with legacy systems.

Deprecation is difficult, since those who are doing it are often told
that they are doing the wrong thing, usually by people who try to discredit
the projects and teams that are busy making progress. Hopefully the
misinformation and inaccurate assertions above are not an example of this.


From nobody Tue Sep  1 08:40:10 2015
Return-Path: <ietf-dane@dukhovni.org>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8228E1B2B87 for <saag@ietfa.amsl.com>; Tue,  1 Sep 2015 08:40:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level: 
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1dbUXAI5D9cQ for <saag@ietfa.amsl.com>; Tue,  1 Sep 2015 08:40:07 -0700 (PDT)
Received: from mournblade.imrryr.org (mournblade.imrryr.org [38.117.134.19]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A4EF21A0018 for <saag@ietf.org>; Tue,  1 Sep 2015 08:40:07 -0700 (PDT)
Received: by mournblade.imrryr.org (Postfix, from userid 1034) id 890CB284B6C; Tue,  1 Sep 2015 15:40:06 +0000 (UTC)
Date: Tue, 1 Sep 2015 15:40:06 +0000
From: Viktor Dukhovni <ietf-dane@dukhovni.org>
To: saag@ietf.org
Message-ID: <20150901154006.GQ9021@mournblade.imrryr.org>
References: <619ffebb05ba4e2a9af03a6dcc768d6e@ustx2ex-dag1mb2.msg.corp.akamai.com> <20150824215037.GO9021@mournblade.imrryr.org> <9A043F3CF02CD34C8E74AC1594475C73F4AE62A1@uxcn10-5.UoA.auckland.ac.nz> <20150825134333.GX9021@mournblade.imrryr.org> <6b5167f3d0684a8a91caa6d37dec65e3@ustx2ex-dag1mb2.msg.corp.akamai.com> <20150825160627.GH9021@mournblade.imrryr.org> <CAHbuEH5r5s8ofChzt0_Rd8dxKqf8KXLDteYw8RSBX43nyFrN+A@mail.gmail.com> <2E7E9F38-DA68-4933-AD67-CF2A8E51B4F7@dukhovni.org> <20150825214411.GS9021@mournblade.imrryr.org> <loom.20150828T064228-679@post.gmane.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <loom.20150828T064228-679@post.gmane.org>
User-Agent: Mutt/1.5.23 (2014-03-12)
Archived-At: <http://mailarchive.ietf.org/arch/msg/saag/k8EZcxygMR53Z628rmQP72ZzCkU>
Subject: Re: [saag] AD review of draft-iab-crypto-alg-agility-06
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: saag@ietf.org
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 01 Sep 2015 15:40:09 -0000

On Mon, Aug 31, 2015 at 04:38:00PM +0000, Joel Sing wrote:

> Viktor Dukhovni <ietf-dane <at> dukhovni.org> writes:
> > I should note, that premature deprecation of algorithms and/or
> > protocol features by library maintainers who are not attuned to
> > the needs of OS applications is already having detrimental effects.
> > 
> > For example, LibreSSL 2.2.2 has not only removed support for SSL
> > 2.0 and SSL 3.0, but has also removed TLS server support for
> > SSL-2.0-compatible HELLO.
> 
> I strongly recommend that you check your facts, in order to avoid 
> distributing misinformation in a public forum:

Turns out the removal was inadvertent, as a side-effect of a bug
in handling HELLO with no extensions.  And the issue was resolved
in 2.2.3.  My larger point still stands, removal needs to be
handled with are.

> This is inaccurate. I believe you are confusing this with a bug that was
> introduced in the 2.2.2 release, which has already been fixed in 2.2.3. A 
> TLS ClientHello that contained no extensions was incorrectly handled,
> resulting in interoperability issues and handshake failures with some
> clients.

Not confusing, as the bug had not yet been identified, but rather
reporting the best information I had at the time.  Yes, non-support
for SSL 2.0 turned out to be unintentional.

My post was not about LibreSSL as-such, LibreSSL just happened to
be a convenient recent example.  I have many more issues with
opportunistic TLS interoperability in Microsoft's Schannel than
LibreSSL, but most are long-standing problems, rather than real or
apparent recent changes.  I've reported the problems to Microsoft.

The Postfix users who ran into problems with LibreSSL 2.2.2 reported
the problem to the LibreSSL team.  We're all doing what we can.

> >     * Remove from use by default.
> >     * Reduce relative preference.
> >     * Require non-default compile-time options to enable.
> >     * Remove the code.
> 
> You have practically just described the process that LibreSSL is using.
> The main difference is the timeline under which the process is being
> executed.

Good to know.  Timelines are of course a matter of judgement and
the needs of the community using the software.

> > Applications can move more aggressively, and use appropriate APIs
> > to disable obsolete crypto faster because they are better positioned
> > to know where to draw the line between security and interoperability
> > with legacy systems.
> 
> Deprecation is difficult, since those who are doing it are often told
> that they are doing the wrong thing, usually by people who try to discredit
> the projects and teams that are busy making progress. Hopefully the
> misinformation and inaccurate assertions above are not an example of this.

Let's not get carried away with imputing ill-will.  A follow-up
correction of the factual details is quite sufficient.

-- 
	Viktor.


From nobody Tue Sep  1 09:10:52 2015
Return-Path: <kathleen.moriarty.ietf@gmail.com>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E71631B432D for <saag@ietfa.amsl.com>; Tue,  1 Sep 2015 09:10:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level: 
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9,  DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id S4ns0ulWZCQ9 for <saag@ietfa.amsl.com>; Tue,  1 Sep 2015 09:10:49 -0700 (PDT)
Received: from mail-wi0-x234.google.com (mail-wi0-x234.google.com [IPv6:2a00:1450:400c:c05::234]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 03A4E1AC3BA for <saag@ietf.org>; Tue,  1 Sep 2015 09:10:42 -0700 (PDT)
Received: by wiclp12 with SMTP id lp12so36216376wic.1 for <saag@ietf.org>; Tue, 01 Sep 2015 09:10:40 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;  h=mime-version:date:message-id:subject:from:to:content-type; bh=F+vi6FrEA2P1Yf4hrgHqZElhyPGEjtHDTs+lP2FV2Zc=; b=nU8HAbEYqAY/ywI2a6Bt7uTguh9BH1Nwcg5mjKepCGR1kydA/wtRp8zLWlCVdOiVb6 7gbhdtsjRBedA43sjZnQ4zAqzLknLWRVSO5FXzTt312kvo9ym/rBoxjj4l6uSqrUdEOl rAhO4Z2MdDTzmPJ91dtR69YOAmvbx5no7oTmywRLXJbwFrwPLi8Ggiy237b3JCE5A5Ny flVN7Fq01lbC4srI9KimgkB9GE/Az1xG6t7jQecIOYSe6gAJ6LEVpXKiQtdB3sVzFeUb 8apSH/+ljJdfm9aUFO0Nn4UP87QhUMaYu7i8j7meV2vC4WIUns3HGtnCZIH9ZztD+QXu /8Jw==
MIME-Version: 1.0
X-Received: by 10.194.205.37 with SMTP id ld5mr37677325wjc.14.1441123840564; Tue, 01 Sep 2015 09:10:40 -0700 (PDT)
Received: by 10.28.157.84 with HTTP; Tue, 1 Sep 2015 09:10:40 -0700 (PDT)
Date: Tue, 1 Sep 2015 12:10:40 -0400
Message-ID: <CAHbuEH6w+O-TSA9SRP-9TrM+Hdh+vn7Me+tdJrFTNY_-Nbenug@mail.gmail.com>
From: Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com>
To: "saag@ietf.org" <saag@ietf.org>
Content-Type: text/plain; charset=UTF-8
Archived-At: <http://mailarchive.ietf.org/arch/msg/saag/juZbx10bDiW8xDPIk1JUQ0cW_QM>
Subject: [saag] Section 2.9: was Re: AD review of draft-iab-crypto-alg-agility-06
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 01 Sep 2015 16:10:51 -0000

In going through the mail on this and the Perpass list, then also
re-reading RFC7435, I think I see more of where the discrepancies are,
but do need to make sure there is agreement.  I don't think there is
consensus for what is stated in section 2.9 of this draft after
reading through the threads, but will propose something after
explaining why.

While the detailed discussions were helpful, let's keep this to a
high-level as the text in draft-iab-crypto-alg-agility is high-level
and that will help us get to something workable (assuming there is
agreement that a change would better reflect consensus).

Current text:

2.9.  Opportunistic Security

   Despite the guidance in Section 2.4, opportunistic security [RFC7435]
   SHOULD also be considered, especially at the time a protocol
   implementation is deployed and configured.  Using algorithms that are
   weak against advanced attackers but sufficient against others is a
   way to make pervasive surveillance significantly more difficult.  As
   a result, algorithms that would not be acceptable in many negotiated
   situations are acceptable for opportunistic security.  Similarly,
   weaker algorithms and shorter key sizes are also acceptable for
   opportunistic security.  That said, the use of strong algorithms is
   always preferable.

If you go back to the OS RFC, RFC7435, the discussions of OS with
general definitions are kept to clear text, unauthenticated session
encryption, and authenticated encryption.  The use of weaker or
deprecated crypto is discussed, but that starts in section 3,
Opportunistic Security Design Principles.  Section 3 has carefully
worded constraints on this use, so when I read it originally, I didn't
think of this as part of the definition for OS, but rather that it
would be okay with legacy systems.

Here is the text:

RFC7435, Section 3:

   With unauthenticated, encrypted communication, OS protocols may
   employ more liberal settings than would be best practice when
   security is mandated by policy.  Some legacy systems support
   encryption, but implement only outdated algorithms or protocol
   versions.  Compatibility with these systems avoids the need to resort
   to cleartext fallback.

   For greater assurance of channel security, an OS protocol may enforce
   more stringent cryptographic parameters when the session is
   authenticated.  For example, the set of enabled Transport Layer
   Security (TLS) [RFC5246] cipher suites might exclude deprecated
   algorithms that would be tolerated with unauthenticated, encrypted
   communication.

   OS protocols should produce authenticated, encrypted communication
   when authentication of the peer is "expected".  Here, "expected"
   means a determination via a downgrade-resistant method that
   authentication of that peer is expected to work.  Downgrade-resistant
   methods include: validated DANE DNS records, existing TOFU identity
   information, and manual configuration.  Such use of authentication is
   "opportunistic", in that it is performed when possible, on a per-
   session basis.

   When communicating with a peer that supports encryption but not
   authentication, any authentication checks enabled by default must be
   disabled or configured to soft-fail in order to avoid unnecessary
   communications failure or needless downgrade to cleartext.

   The support of cleartext and the use of outdated algorithms, and
   especially broken algorithms, is for backwards compatibility with
   systems already deployed.  Protocol designs based on Opportunistic
   Security prefer to encrypt and prefer to use the best available
   encryption algorithms available.  OS protocols employ cleartext or
   broken encryption algorithms only with peers that do not appear to be
   capable of doing otherwise.  The eventual desire is to transition
   away from cleartext and broken algorithms, and particularly for
   broken algorithms, it is highly desirable to remove such
   functionality from implementations.

Considering that the use of less than ideal crypto is somewhat
restricted to the unauthenticated session encryption and is acceptable
only with legacy systems (and the messages on this thread about
reaching consensus), I propose the following text changes to 2.9 of
the crypto agility draft:

2.9.  Opportunistic Security

   Despite the guidance in Section 2.4, opportunistic security [RFC7435]
   SHOULD also be considered, especially at the time a protocol
   implementation is deployed and configured.  Using algorithms that are
   weak against advanced attackers but sufficient against others is a
   way to make pervasive surveillance significantly more difficult.  As
   a result, algorithms that would not be acceptable in many negotiated
   situations are acceptable for opportunistic security when legacy
systems are in use for unauthenticated encrypted sessions [RFC7435]
Section 3.  Similarly,
   weaker algorithms and shorter key sizes are also acceptable for
   opportunistic security with the same constraints.  That said, the
use of strong algorithms is
   always preferable.


I think it is important to include the design constraints in this
paragraph, but am okay with wording changes that make the constraints
clear so that we don't wind up generalizing the OS design principles
and have them mean more than what was intended.  I'd like to see this
constrained to legacy systems as it's not always possible to have them
upgraded.   I also don't want to see OS become a way to bless the use
of deprecated crypto, but would rather see it as in use for legacy
systems understanding that it has been deprecated.  Without that, I am
afraid it will become increasingly more difficult to phase out
deprecated crypto.  I'd like to see that we are at least consistent in
drafts/RFCs going forward so we don't inadvertently demonstrate
consensus for more than what was agreed (IMO).

Does the proposed text sound good (or something with the same intent)?

Thanks very much for the useful discussions on this topic!

-- 

Best regards,
Kathleen


From nobody Tue Sep  1 09:56:13 2015
Return-Path: <ietf-dane@dukhovni.org>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 69F921B451E for <saag@ietfa.amsl.com>; Tue,  1 Sep 2015 09:56:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level: 
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id enYvPnN2ESpZ for <saag@ietfa.amsl.com>; Tue,  1 Sep 2015 09:56:09 -0700 (PDT)
Received: from mournblade.imrryr.org (mournblade.imrryr.org [38.117.134.19]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BB43F1B5529 for <saag@ietf.org>; Tue,  1 Sep 2015 09:55:27 -0700 (PDT)
Received: by mournblade.imrryr.org (Postfix, from userid 1034) id B3227284B6C; Tue,  1 Sep 2015 16:55:26 +0000 (UTC)
Date: Tue, 1 Sep 2015 16:55:26 +0000
From: Viktor Dukhovni <ietf-dane@dukhovni.org>
To: saag@ietf.org
Message-ID: <20150901165526.GU9021@mournblade.imrryr.org>
References: <CAHbuEH6w+O-TSA9SRP-9TrM+Hdh+vn7Me+tdJrFTNY_-Nbenug@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <CAHbuEH6w+O-TSA9SRP-9TrM+Hdh+vn7Me+tdJrFTNY_-Nbenug@mail.gmail.com>
User-Agent: Mutt/1.5.23 (2014-03-12)
Archived-At: <http://mailarchive.ietf.org/arch/msg/saag/VFrOQmF0Y8CvsGEzDzJgkoXZAEU>
Subject: Re: [saag] Section 2.9: was Re: AD review of draft-iab-crypto-alg-agility-06
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: saag@ietf.org
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 01 Sep 2015 16:56:11 -0000

On Tue, Sep 01, 2015 at 12:10:40PM -0400, Kathleen Moriarty wrote:

> Considering that the use of less than ideal crypto is somewhat
> restricted to the unauthenticated session encryption and is acceptable
> only with legacy systems (and the messages on this thread about
> reaching consensus), I propose the following text changes to 2.9 of
> the crypto agility draft:
> 
> 2.9.  Opportunistic Security
> 
>    Despite the guidance in Section 2.4, opportunistic security [RFC7435]
>    SHOULD also be considered, especially at the time a protocol
>    implementation is deployed and configured.  Using algorithms that are
>    weak against advanced attackers but sufficient against others is a way
>    to make pervasive surveillance significantly more difficult.  As a
>    result, algorithms that would not be acceptable in many negotiated
>    situations are acceptable for opportunistic security when legacy systems
>    are in use for unauthenticated encrypted sessions [RFC7435] Section 3.
>    Similarly, weaker algorithms and shorter key sizes are also acceptable
>    for opportunistic security with the same constraints.  That said, the
>    use of strong algorithms is always preferable.
>
> Does the proposed text sound good (or something with the same intent)?

A step in the right direction, but I think we can do better.  The
document under discussion is a crypto agility document.  Agility
plays two roles in cryptographic protocols:

    * Makes it possible to introduce new stronger algorithms.
    * Makes it possible to phase out old deprecated algorithms.

>From an OS perspective, when no particular security level is
demanded, and we're merely trying to get the best possible protection
against passive attacks, the main benefit of agility is the first
one: over time, we end up using stronger crypto.

Rapid deprecation of weaker crypto is net loss for OS when the
result is loss of interoperability and/or fallback to cleartext.

So I think that the focus in the original and proposed text is not
optimal, we ought to first point out that OS benefits from agility
when better crypto is deployed side by side with legacy crypto
(deprecated or not) and is supported by the peers in a given
"conversation".

With that noted, we should observe (with reference to [7435]) that
with OS one should not rush into removal of legacy weak crypto that
is still required for inteoperability with enough systems, and
*does not* facilitate downgrade attacks.  Rather one introduces
better alternatives, encourages users to upgrade their systems,
and waits for the old to become largely unnecessary before removing
support.

That said, when new OS protocols or applications are developed,
that have no legacy interoperability requirements, they SHOULD NOT
grandfather support for algorithms that are already deprecated.

[ I know I did not put this together into a specific suggestion
  for a replacement, I hope this is useful nevertheless. ]

-- 
	Viktor.


From nobody Tue Sep  1 10:02:12 2015
Return-Path: <lear@cisco.com>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8FDC31B43B6 for <saag@ietfa.amsl.com>; Tue,  1 Sep 2015 10:02:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.511
X-Spam-Level: 
X-Spam-Status: No, score=-14.511 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CVarhPIkovXC for <saag@ietfa.amsl.com>; Tue,  1 Sep 2015 10:02:09 -0700 (PDT)
Received: from bgl-iport-4.cisco.com (bgl-iport-4.cisco.com [72.163.197.28]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4A7311B3E8F for <saag@ietf.org>; Tue,  1 Sep 2015 10:02:07 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=1501; q=dns/txt; s=iport; t=1441126928; x=1442336528; h=subject:to:references:from:message-id:date:mime-version: in-reply-to; bh=+mxwrSprfDEk7X48/P5VDagD1eRnI/qCDFfffTAJXWA=; b=Z0S/07HRWVB64NyzUtDV6C7BNjl35q2i5c4HsM2lyluspWxQUNM3dLBG x1vISDk6laDirQh01R1dD+iLtIoQXaa3mj8OWkXqQXQLh+gEJo1kUp6UJ J5eIYY5k5Z07BHDTBQJ8veHgook2xDRkQIgdM/3L6B5y2zZrk07TLHfoN I=;
X-Files: signature.asc : 481
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0B4BQDe2OVV/xjFo0hdh3u7FYdyAoF8EwEBAQEBAQGBCoQkAQEDASNVBgsLIRYLAgIJAwIBAgFFEwgBAYgiCLUPlQcBAQEHAQEBAR6LcIUSF4JSgUMBBJVBgkGBXIhYiHiRdCaEATyDAAEBAQ
X-IronPort-AV: E=Sophos;i="5.17,450,1437436800";  d="asc'?scan'208";a="24269880"
Received: from vla196-nat.cisco.com (HELO bgl-core-3.cisco.com) ([72.163.197.24]) by bgl-iport-4.cisco.com with ESMTP; 01 Sep 2015 17:02:03 +0000
Received: from [10.65.43.131] ([10.65.43.131]) by bgl-core-3.cisco.com (8.14.5/8.14.5) with ESMTP id t81H23vQ010660 for <saag@ietf.org>; Tue, 1 Sep 2015 17:02:03 GMT
To: saag@ietf.org
References: <CAHbuEH6w+O-TSA9SRP-9TrM+Hdh+vn7Me+tdJrFTNY_-Nbenug@mail.gmail.com> <20150901165526.GU9021@mournblade.imrryr.org>
From: Eliot Lear <lear@cisco.com>
Message-ID: <55E5DA09.7060104@cisco.com>
Date: Tue, 1 Sep 2015 19:02:01 +0200
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:38.0) Gecko/20100101 Thunderbird/38.2.0
MIME-Version: 1.0
In-Reply-To: <20150901165526.GU9021@mournblade.imrryr.org>
Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="xq1QXMIHbNI82V3DlgHIgvqck3gFk4mLc"
Archived-At: <http://mailarchive.ietf.org/arch/msg/saag/qDIP5qPJTI-OO5GsZskxpxACuVE>
Subject: Re: [saag] Section 2.9: was Re: AD review of draft-iab-crypto-alg-agility-06
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 01 Sep 2015 17:02:10 -0000

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--xq1QXMIHbNI82V3DlgHIgvqck3gFk4mLc
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable

Hi Victor,

On 9/1/15 6:55 PM, Viktor Dukhovni wrote:

> Rapid deprecation of weaker crypto is net loss for OS when the
> result is loss of interoperability and/or fallback to cleartext.

Of course, this holds true when there are no alternatives from which to
select.  And it ties back to the second advantage you cited:
> Makes it possible to phase out old deprecated algorithms.

But what is it one has to do?  Why is the answer simply to specify MTI
two actively used suites and then vary which two over some (hopefully
long) period over time?

Eliot


--xq1QXMIHbNI82V3DlgHIgvqck3gFk4mLc
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2

iQEcBAEBCAAGBQJV5doKAAoJEIe2a0bZ0nozdmcH/j3PqZBfYM7Cn6Q6ghU6aybk
loFkTDBgXeyKTU3Yv8jq61uRUKHT5neyF/Jwzv5GmUAEpNHW6tkkOO18TCrZERBV
ovtnhk1GG4R6DLMtF/YWISJA7zZk2zVgvCt5svRADJa0D8AoLhASv2pSGi+0NbpA
bahCFSB/USUMCLeyvkhtbHpz+OkmJQ/AWHvmFn9Ewg9X7kZZ37OPKj41vJMBY8FV
PENpBWa1/c/dKSug+xRBr2MGbJeEE4RhpZozE/qvU5/s5LLBhZJUBSIbTgdYjrnk
RbyzYzR7uxJpgfvjSx9aoB5c0f6wRjLUzx7o54fkFLJnwwguAwWh6cgHZ805m6c=
=CoR8
-----END PGP SIGNATURE-----

--xq1QXMIHbNI82V3DlgHIgvqck3gFk4mLc--


From nobody Tue Sep  1 10:17:23 2015
Return-Path: <ietf-dane@dukhovni.org>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1321D1B5792 for <saag@ietfa.amsl.com>; Tue,  1 Sep 2015 10:17:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.701
X-Spam-Level: 
X-Spam-Status: No, score=-0.701 tagged_above=-999 required=5 tests=[BAYES_20=-0.001, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Z4Fb278O25ck for <saag@ietfa.amsl.com>; Tue,  1 Sep 2015 10:17:10 -0700 (PDT)
Received: from mournblade.imrryr.org (mournblade.imrryr.org [38.117.134.19]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2A34C1B4216 for <saag@ietf.org>; Tue,  1 Sep 2015 10:16:53 -0700 (PDT)
Received: by mournblade.imrryr.org (Postfix, from userid 1034) id 7DF72284B6C; Tue,  1 Sep 2015 17:16:52 +0000 (UTC)
Date: Tue, 1 Sep 2015 17:16:52 +0000
From: Viktor Dukhovni <ietf-dane@dukhovni.org>
To: saag@ietf.org
Message-ID: <20150901171652.GV9021@mournblade.imrryr.org>
References: <CAHbuEH6w+O-TSA9SRP-9TrM+Hdh+vn7Me+tdJrFTNY_-Nbenug@mail.gmail.com> <20150901165526.GU9021@mournblade.imrryr.org> <55E5DA09.7060104@cisco.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <55E5DA09.7060104@cisco.com>
User-Agent: Mutt/1.5.23 (2014-03-12)
Archived-At: <http://mailarchive.ietf.org/arch/msg/saag/vv_mgJmodC-5ZRsCY_VaR1Ymsqo>
Subject: Re: [saag] Section 2.9: was Re: AD review of draft-iab-crypto-alg-agility-06
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: saag@ietf.org
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 01 Sep 2015 17:17:15 -0000

On Tue, Sep 01, 2015 at 07:02:01PM +0200, Eliot Lear wrote:

> > Rapid deprecation of weaker crypto is net loss for OS when the
> > result is loss of interoperability and/or fallback to cleartext.
> 
> Of course, this holds true when there are no alternatives from which to
> select.  And it ties back to the second advantage you cited:
>
> > Makes it possible to phase out old deprecated algorithms.

Eventually, when "essentially everyone" supports better options,
the old can be dropped even by OS clients and servers.  So the
second benefit is "delayed" for OS, we quickly lift the "ceiling"
and as time goes by and this becomes practical lift the "floor".

> But what is it one has to do?  Why is the answer simply to specify MTI
> two actively used suites and then vary which two over some (hopefully
> long) period over time?

Two might not in practice be enough for OS, if deployed software
lasts 10+ years without upgrades.  Sure, only two suites might be
MTI at a given time, but implementations will often need to continue
to support "past" MTI suites, if those are the best available for
a sufficient number of peers.

Thus a suite that used to be "MTI", but no longer is, becomes
de-facto required for OS.  Actually this applies not just OS, in
practice even mandatory security protocols need to worry about
interoperability.  

The difference is mostly in how quickly deprecated crypto is
abandoned, because cleartext is rarely better than weak crypto
(modulo facilitation of downgrades against even non-OS peers ala
logjam and EXPORT ciphers).

While browsers and webservers are moving quick to abandon RC4 in
2015, SMTP servers and clients are going to continue to support it
for at least another year or two.  Some SMTP serevrs already don't
tolerate RC4 and create pressure on the legacy systems to upgrade.
For most, it makes more sense to continue to receive mail than to
enforce crypto-correctness.  The overall process takes longer.

--
	Viktor.


From nobody Tue Sep  1 10:28:20 2015
Return-Path: <steve@shinkuro.com>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 056071A8F35 for <saag@ietfa.amsl.com>; Tue,  1 Sep 2015 10:28:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.782
X-Spam-Level: 
X-Spam-Status: No, score=-0.782 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HELO_EQ_DSL=1.129, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, UNPARSEABLE_RELAY=0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VasPwWJE9eaf for <saag@ietfa.amsl.com>; Tue,  1 Sep 2015 10:28:18 -0700 (PDT)
Received: from execdsl.com (remote.shinkuro.com [50.56.68.178]) by ietfa.amsl.com (Postfix) with ESMTP id BF7DD1A1A32 for <saag@ietf.org>; Tue,  1 Sep 2015 10:28:18 -0700 (PDT)
Received: from dummy.name; Tue, 01 Sep 2015 17:28:18 +0000
Content-Type: text/plain; charset=us-ascii
Mime-Version: 1.0 (1.0)
From: Steve Crocker <steve@shinkuro.com>
X-Mailer: iPhone Mail (12H143)
In-Reply-To: <20150901171652.GV9021@mournblade.imrryr.org>
Date: Tue, 1 Sep 2015 13:28:17 -0400
Content-Transfer-Encoding: quoted-printable
Message-Id: <7F9D2B85-3A53-4EE4-85FC-C9752F97E71E@shinkuro.com>
References: <CAHbuEH6w+O-TSA9SRP-9TrM+Hdh+vn7Me+tdJrFTNY_-Nbenug@mail.gmail.com> <20150901165526.GU9021@mournblade.imrryr.org> <55E5DA09.7060104@cisco.com> <20150901171652.GV9021@mournblade.imrryr.org>
To: "saag@ietf.org" <saag@ietf.org>
Archived-At: <http://mailarchive.ietf.org/arch/msg/saag/yialQkfdzOPPrA_X5tsHMp2zKwI>
Subject: Re: [saag] Section 2.9: was Re: AD review of draft-iab-crypto-alg-agility-06
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 01 Sep 2015 17:28:20 -0000

The challenge is knowing when old algorithms can be dropped safely.  There h=
as to be widespread adoption of newer algorithms and there has to be evidenc=
e of that widespread adoption.  Removal from the OS is the last step.  Prior=
 to that the usage of the old algorithm has to drop to near zero, and that w=
ill happen only when it's evident to the party that chooses which algorithm t=
o use is confident the other party is capable of using the newer algorithm.

Each of these steps takes a long time.  The process moves along more quickly=
 if there is some sort of measurement or reporting of which algorithms the r=
esponding party is capable of using.

See RFC 6975 for our attempt to deal with this for DNSSEC.

Thanks,

Steve

Sent from my iPhone

> On Sep 1, 2015, at 1:16 PM, Viktor Dukhovni <ietf-dane@dukhovni.org> wrote=
:
>=20
> On Tue, Sep 01, 2015 at 07:02:01PM +0200, Eliot Lear wrote:
>=20
>>> Rapid deprecation of weaker crypto is net loss for OS when the
>>> result is loss of interoperability and/or fallback to cleartext.
>>=20
>> Of course, this holds true when there are no alternatives from which to
>> select.  And it ties back to the second advantage you cited:
>>=20
>>> Makes it possible to phase out old deprecated algorithms.
>=20
> Eventually, when "essentially everyone" supports better options,
> the old can be dropped even by OS clients and servers.  So the
> second benefit is "delayed" for OS, we quickly lift the "ceiling"
> and as time goes by and this becomes practical lift the "floor".
>=20
>> But what is it one has to do?  Why is the answer simply to specify MTI
>> two actively used suites and then vary which two over some (hopefully
>> long) period over time?
>=20
> Two might not in practice be enough for OS, if deployed software
> lasts 10+ years without upgrades.  Sure, only two suites might be
> MTI at a given time, but implementations will often need to continue
> to support "past" MTI suites, if those are the best available for
> a sufficient number of peers.
>=20
> Thus a suite that used to be "MTI", but no longer is, becomes
> de-facto required for OS.  Actually this applies not just OS, in
> practice even mandatory security protocols need to worry about
> interoperability. =20
>=20
> The difference is mostly in how quickly deprecated crypto is
> abandoned, because cleartext is rarely better than weak crypto
> (modulo facilitation of downgrades against even non-OS peers ala
> logjam and EXPORT ciphers).
>=20
> While browsers and webservers are moving quick to abandon RC4 in
> 2015, SMTP servers and clients are going to continue to support it
> for at least another year or two.  Some SMTP serevrs already don't
> tolerate RC4 and create pressure on the legacy systems to upgrade.
> For most, it makes more sense to continue to receive mail than to
> enforce crypto-correctness.  The overall process takes longer.
>=20
> --
>    Viktor.
>=20
> _______________________________________________
> saag mailing list
> saag@ietf.org
> https://www.ietf.org/mailman/listinfo/saag


From nobody Tue Sep  1 11:01:53 2015
Return-Path: <rsalz@akamai.com>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5046C1B2DAB for <saag@ietfa.amsl.com>; Tue,  1 Sep 2015 11:01:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.111
X-Spam-Level: 
X-Spam-Status: No, score=-2.111 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, J_CHICKENPOX_61=0.6, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NReU6Ch4PHus for <saag@ietfa.amsl.com>; Tue,  1 Sep 2015 11:01:50 -0700 (PDT)
Received: from prod-mail-xrelay06.akamai.com (prod-mail-xrelay06.akamai.com [96.6.114.98]) by ietfa.amsl.com (Postfix) with ESMTP id 04B911B2C18 for <saag@ietf.org>; Tue,  1 Sep 2015 11:01:49 -0700 (PDT)
Received: from prod-mail-xrelay06.akamai.com (localhost.localdomain [127.0.0.1]) by postfix.imss70 (Postfix) with ESMTP id B9245496C69; Tue,  1 Sep 2015 18:01:48 +0000 (GMT)
Received: from prod-mail-relay08.akamai.com (prod-mail-relay08.akamai.com [172.27.22.71]) by prod-mail-xrelay06.akamai.com (Postfix) with ESMTP id A3136496C66; Tue,  1 Sep 2015 18:01:48 +0000 (GMT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=akamai.com; s=a1; t=1441130508; bh=YAFB2z87xvVYUeTaYUVdHW5nv8ZwPUhoSuqKbzcMelM=; l=1038; h=From:To:Date:References:In-Reply-To:From; b=lhj/e5t9VzCT5pRO32LwrAuCDFhjkHS65bQoImc1iprc7Zjdq60LEYnjspYNuhePz 5MuH0ltcU8kOe6FM4MU4UONS+PsUGIxpGcXqmngxAo9/ztwh7GLLEBX6kXL17j7Lyy 0k312p3/YCWuAjBGGVrvImz9GZ2qUglCmwKnwbn8=
Received: from email.msg.corp.akamai.com (ustx2ex-cas4.msg.corp.akamai.com [172.27.25.33]) by prod-mail-relay08.akamai.com (Postfix) with ESMTP id 9ED5098085; Tue,  1 Sep 2015 18:01:48 +0000 (GMT)
Received: from USTX2EX-DAG1MB2.msg.corp.akamai.com (172.27.27.102) by ustx2ex-dag1mb2.msg.corp.akamai.com (172.27.27.102) with Microsoft SMTP Server (TLS) id 15.0.1076.9; Tue, 1 Sep 2015 13:01:48 -0500
Received: from USTX2EX-DAG1MB2.msg.corp.akamai.com ([172.27.6.132]) by ustx2ex-dag1mb2.msg.corp.akamai.com ([172.27.6.132]) with mapi id 15.00.1076.000; Tue, 1 Sep 2015 13:01:48 -0500
From: "Salz, Rich" <rsalz@akamai.com>
To: Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com>, "saag@ietf.org" <saag@ietf.org>
Thread-Topic: [saag] Section 2.9: was Re: AD review of draft-iab-crypto-alg-agility-06
Thread-Index: AQHQ5NDIIV9ZIH97QEOYn2JhhyIZhJ4n9olA
Date: Tue, 1 Sep 2015 18:01:47 +0000
Message-ID: <d83c4d9d4fe54b7ab1a58507a3167b0c@ustx2ex-dag1mb2.msg.corp.akamai.com>
References: <CAHbuEH6w+O-TSA9SRP-9TrM+Hdh+vn7Me+tdJrFTNY_-Nbenug@mail.gmail.com>
In-Reply-To: <CAHbuEH6w+O-TSA9SRP-9TrM+Hdh+vn7Me+tdJrFTNY_-Nbenug@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [172.19.43.27]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: <http://mailarchive.ietf.org/arch/msg/saag/ynq2u11_QcjDCuFH4gempwiXWiU>
Subject: Re: [saag] Section 2.9: was Re: AD review of draft-iab-crypto-alg-agility-06
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 01 Sep 2015 18:01:52 -0000

> I think it is important to include the design constraints in this paragra=
ph, but
> am okay with wording changes that make the constraints clear so that we
> don't wind up generalizing the OS design principles and have them mean
> more than what was intended.  I'd like to see this constrained to legacy
> systems as it's not always possible to have them
> upgraded.   I also don't want to see OS become a way to bless the use
> of deprecated crypto, but would rather see it as in use for legacy system=
s
> understanding that it has been deprecated.  Without that, I am afraid it =
will
> become increasingly more difficult to phase out deprecated crypto.  I'd l=
ike to
> see that we are at least consistent in drafts/RFCs going forward so we do=
n't
> inadvertently demonstrate consensus for more than what was agreed
> (IMO).

This is a great summation; I agree.

Now it's a simple matter of coding^W wordsmithing :)

-- =20
Senior Architect, Akamai Technologies
IM: richsalz@jabber.at Twitter: RichSalz


From nobody Tue Sep  1 13:59:16 2015
Return-Path: <housley@vigilsec.com>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C99951B4094 for <saag@ietfa.amsl.com>; Tue,  1 Sep 2015 13:59:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -101.9
X-Spam-Level: 
X-Spam-Status: No, score=-101.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, USER_IN_WHITELIST=-100] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QAfn7C-qAJVC for <saag@ietfa.amsl.com>; Tue,  1 Sep 2015 13:59:14 -0700 (PDT)
Received: from odin.smetech.net (x-bolt-wan.smeinc.net [209.135.219.146]) by ietfa.amsl.com (Postfix) with ESMTP id 73EF21B3AB9 for <saag@ietf.org>; Tue,  1 Sep 2015 13:59:14 -0700 (PDT)
Received: from localhost (unknown [209.135.209.5]) by odin.smetech.net (Postfix) with ESMTP id 08632F24132 for <saag@ietf.org>; Tue,  1 Sep 2015 16:59:04 -0400 (EDT)
X-Virus-Scanned: amavisd-new at smetech.net
Received: from odin.smetech.net ([209.135.209.4]) by localhost (ronin.smeinc.net [209.135.209.5]) (amavisd-new, port 10024) with ESMTP id R9iYna-kQByJ for <saag@ietf.org>; Tue,  1 Sep 2015 16:57:46 -0400 (EDT)
Received: from [192.168.2.100] (pool-108-51-128-219.washdc.fios.verizon.net [108.51.128.219]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by odin.smetech.net (Postfix) with ESMTP id 0D89BF24145 for <saag@ietf.org>; Tue,  1 Sep 2015 16:58:42 -0400 (EDT)
Content-Type: text/plain; charset=us-ascii
Mime-Version: 1.0 (Apple Message framework v1085)
From: Russ Housley <housley@vigilsec.com>
In-Reply-To: <20150901165526.GU9021@mournblade.imrryr.org>
Date: Tue, 1 Sep 2015 16:58:31 -0400
Content-Transfer-Encoding: quoted-printable
Message-Id: <4F6E430F-61E7-46BA-9B4A-8E12156B62FA@vigilsec.com>
References: <CAHbuEH6w+O-TSA9SRP-9TrM+Hdh+vn7Me+tdJrFTNY_-Nbenug@mail.gmail.com> <20150901165526.GU9021@mournblade.imrryr.org>
To: saag@ietf.org
X-Mailer: Apple Mail (2.1085)
Archived-At: <http://mailarchive.ietf.org/arch/msg/saag/126Is19mhYYuWKnEvRSYSYg6Woo>
Subject: Re: [saag] Section 2.9: was Re: AD review of draft-iab-crypto-alg-agility-06
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 01 Sep 2015 20:59:15 -0000

I'm trying to pull together the things that I have heard on this thread =
over the last week regarding Section 2.9.  I think I have captured them. =
 Please let me know if I missed something?

2.9.  Opportunistic Security

   Despite the guidance in Section 2.4, opportunistic security [RFC7435]
   also deserves consideration, especially at the time a protocol
   implementation is deployed and configured.  Using algorithms that are
   weak against advanced attackers but sufficient against others is one
   way to make pervasive surveillance significantly more difficult.  As
   a result, algorithms that would not be acceptable in many negotiated
   situations are acceptable for opportunistic security when legacy
   systems are in use for unauthenticated encrypted sessions as
   discussed in Section 3 of [RFC7435] as long as their use does not
   facilitate downgrade attacks.  Similarly, weaker algorithms and
   shorter key sizes are also acceptable for opportunistic security with
   the same constraints.  That said, the use of strong algorithms is
   always preferable.

Russ




From nobody Tue Sep  1 14:19:11 2015
Return-Path: <ietf-dane@dukhovni.org>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EAE851B2FBC for <saag@ietfa.amsl.com>; Tue,  1 Sep 2015 14:19:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level: 
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YlcCiSFWT00S for <saag@ietfa.amsl.com>; Tue,  1 Sep 2015 14:19:08 -0700 (PDT)
Received: from mournblade.imrryr.org (mournblade.imrryr.org [38.117.134.19]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3FDD01B2F37 for <saag@ietf.org>; Tue,  1 Sep 2015 14:19:08 -0700 (PDT)
Received: by mournblade.imrryr.org (Postfix, from userid 1034) id 919BD284B6C; Tue,  1 Sep 2015 21:19:06 +0000 (UTC)
Date: Tue, 1 Sep 2015 21:19:06 +0000
From: Viktor Dukhovni <ietf-dane@dukhovni.org>
To: saag@ietf.org
Message-ID: <20150901211906.GA9021@mournblade.imrryr.org>
References: <CAHbuEH6w+O-TSA9SRP-9TrM+Hdh+vn7Me+tdJrFTNY_-Nbenug@mail.gmail.com> <20150901165526.GU9021@mournblade.imrryr.org> <4F6E430F-61E7-46BA-9B4A-8E12156B62FA@vigilsec.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <4F6E430F-61E7-46BA-9B4A-8E12156B62FA@vigilsec.com>
User-Agent: Mutt/1.5.23 (2014-03-12)
Archived-At: <http://mailarchive.ietf.org/arch/msg/saag/63EMURtm6j0Vj740fSLv4PBBxL4>
Subject: Re: [saag] Section 2.9: was Re: AD review of draft-iab-crypto-alg-agility-06
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: saag@ietf.org
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 01 Sep 2015 21:19:10 -0000

On Tue, Sep 01, 2015 at 04:58:31PM -0400, Russ Housley wrote:

> I'm trying to pull together the things that I have heard on this thread
> over the last week regarding Section 2.9.  I think I have captured them.
> Please let me know if I missed something?
> 
> 2.9.  Opportunistic Security
> 
>    Despite the guidance in Section 2.4, opportunistic security [RFC7435]
>    also deserves consideration, especially at the time a protocol
>    implementation is deployed and configured.  Using algorithms that are
>    weak against advanced attackers but sufficient against others is one
>    way to make pervasive surveillance significantly more difficult.  As
>    a result, algorithms that would not be acceptable in many negotiated
>    situations are acceptable for opportunistic security when legacy
>    systems are in use for unauthenticated encrypted sessions as
>    discussed in Section 3 of [RFC7435] as long as their use does not
>    facilitate downgrade attacks.  Similarly, weaker algorithms and
>    shorter key sizes are also acceptable for opportunistic security with
>    the same constraints.  That said, the use of strong algorithms is
>    always preferable.

I still think that the focus on just the weak(er) algorithms in OS
is unfortunate.  Rather agility and OS work hand-in-hand to improve
communications to the extent possible.  As new algorithms are
deployed, opportunistic peers will autmatically start to use stronger
cryptography.  

Once new algorithms have largely displaced legacy algorithms, one
can begin considering retirement of algorithms that used to be
required for interoperability.  This process is likely to take
longer for OS protocols/applications because interoperability
carries greater weight when security is not a hard requirement and
the alternative is cleartext.

So I'd like to see text that first emphasises the good news (over
time agility improves the security of OS protocols).  Then the bad
news (retirement of legacy crypto takes longer).  And finally notes
that OS is not carte-blanche for weak crypto, new OS applications
need to start with non-deprecated crypto, and legacy crypto needs
to still be retired once no longer needed.

-- 
	Viktor.


From nobody Tue Sep  1 14:24:13 2015
Return-Path: <kathleen.moriarty.ietf@gmail.com>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9CE211B34FF for <saag@ietfa.amsl.com>; Tue,  1 Sep 2015 14:24:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level: 
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9,  DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dgQDl5ha7GeO for <saag@ietfa.amsl.com>; Tue,  1 Sep 2015 14:24:10 -0700 (PDT)
Received: from mail-wi0-x235.google.com (mail-wi0-x235.google.com [IPv6:2a00:1450:400c:c05::235]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E5F711A92E9 for <saag@ietf.org>; Tue,  1 Sep 2015 14:24:09 -0700 (PDT)
Received: by wicfx3 with SMTP id fx3so25959465wic.0 for <saag@ietf.org>; Tue, 01 Sep 2015 14:24:08 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;  h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=HgfwKjvRkM8AMyWEq9eqWGKZr2dOERDI/EJMisE0xCw=; b=k+QPgDmym/AZK9kTEjFqh9Py3fomicA/z8CIlrJtGeTrtdnY3gCnGjv4oKvuEEXUyk aTWKgnD9sBPULbuhtFs0yLv0Ut3ic1opO73V6G5gPFo8clz/uGINPNX5iipD2SWhXWzi t1viS5uZ1dg/e4dJwugX8ce743Jc468WngclBHlt1JsZEVKss1zeB68HU2vcUMo0FJzZ NvTFHdf5WIicfoWnDWdvUzgbJoqAB8okGMEwsbGo1HNg/oaeVeNCQXSXMHpY+DvaTbvM 80gz/SNyPk1AtnLVEPJwKssGbsFoKftBGl0xrRcGLQdF7Nu+qepl5zjpfIYAlgbo93KJ u3gw==
MIME-Version: 1.0
X-Received: by 10.194.205.37 with SMTP id ld5mr39137386wjc.14.1441142648528; Tue, 01 Sep 2015 14:24:08 -0700 (PDT)
Received: by 10.28.157.84 with HTTP; Tue, 1 Sep 2015 14:24:08 -0700 (PDT)
In-Reply-To: <4F6E430F-61E7-46BA-9B4A-8E12156B62FA@vigilsec.com>
References: <CAHbuEH6w+O-TSA9SRP-9TrM+Hdh+vn7Me+tdJrFTNY_-Nbenug@mail.gmail.com> <20150901165526.GU9021@mournblade.imrryr.org> <4F6E430F-61E7-46BA-9B4A-8E12156B62FA@vigilsec.com>
Date: Tue, 1 Sep 2015 17:24:08 -0400
Message-ID: <CAHbuEH7ePaY4T5mwB9avTwo0=-JTSuu_6jrvj0jq5Ag6Es1cww@mail.gmail.com>
From: Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com>
To: Russ Housley <housley@vigilsec.com>
Content-Type: text/plain; charset=UTF-8
Archived-At: <http://mailarchive.ietf.org/arch/msg/saag/OQKUsHyvVrRdXM5xsmEPwGHEZAY>
Cc: "saag@ietf.org" <saag@ietf.org>
Subject: Re: [saag] Section 2.9: was Re: AD review of draft-iab-crypto-alg-agility-06
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 01 Sep 2015 21:24:11 -0000

On Tue, Sep 1, 2015 at 4:58 PM, Russ Housley <housley@vigilsec.com> wrote:
> I'm trying to pull together the things that I have heard on this thread over the last week regarding Section 2.9.  I think I have captured them.  Please let me know if I missed something?
>
> 2.9.  Opportunistic Security
>
>    Despite the guidance in Section 2.4, opportunistic security [RFC7435]
>    also deserves consideration, especially at the time a protocol
>    implementation is deployed and configured.  Using algorithms that are
>    weak against advanced attackers but sufficient against others is one
>    way to make pervasive surveillance significantly more difficult.  As
>    a result, algorithms that would not be acceptable in many negotiated
>    situations are acceptable for opportunistic security when legacy
>    systems are in use for unauthenticated encrypted sessions as
>    discussed in Section 3 of [RFC7435] as long as their use does not
>    facilitate downgrade attacks.  Similarly, weaker algorithms and
>    shorter key sizes are also acceptable for opportunistic security with
>    the same constraints.  That said, the use of strong algorithms is
>    always preferable.

Your additional edits look good to me, thank you!
Kathleen

>
> Russ
>
>
>
> _______________________________________________
> saag mailing list
> saag@ietf.org
> https://www.ietf.org/mailman/listinfo/saag



-- 

Best regards,
Kathleen


From nobody Tue Sep  1 16:56:40 2015
Return-Path: <housley@vigilsec.com>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B944B1B5129 for <saag@ietfa.amsl.com>; Tue,  1 Sep 2015 16:56:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -101.9
X-Spam-Level: 
X-Spam-Status: No, score=-101.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, USER_IN_WHITELIST=-100] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0UWfHY_WnPpF for <saag@ietfa.amsl.com>; Tue,  1 Sep 2015 16:56:38 -0700 (PDT)
Received: from odin.smetech.net (x-bolt-wan.smeinc.net [209.135.219.146]) by ietfa.amsl.com (Postfix) with ESMTP id 419091B510F for <saag@ietf.org>; Tue,  1 Sep 2015 16:56:38 -0700 (PDT)
Received: from localhost (unknown [209.135.209.5]) by odin.smetech.net (Postfix) with ESMTP id E3C63F2412D for <saag@ietf.org>; Tue,  1 Sep 2015 19:56:27 -0400 (EDT)
X-Virus-Scanned: amavisd-new at smetech.net
Received: from odin.smetech.net ([209.135.209.4]) by localhost (ronin.smeinc.net [209.135.209.5]) (amavisd-new, port 10024) with ESMTP id 4OaQKaDoGQly for <saag@ietf.org>; Tue,  1 Sep 2015 19:55:30 -0400 (EDT)
Received: from [192.168.2.100] (pool-108-51-128-219.washdc.fios.verizon.net [108.51.128.219]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by odin.smetech.net (Postfix) with ESMTP id 64BA2F2412B for <saag@ietf.org>; Tue,  1 Sep 2015 19:56:27 -0400 (EDT)
Content-Type: text/plain; charset=us-ascii
Mime-Version: 1.0 (Apple Message framework v1085)
From: Russ Housley <housley@vigilsec.com>
In-Reply-To: <20150901211906.GA9021@mournblade.imrryr.org>
Date: Tue, 1 Sep 2015 19:56:16 -0400
Content-Transfer-Encoding: quoted-printable
Message-Id: <E44EE5B3-1469-49D7-9C15-299230E13779@vigilsec.com>
References: <CAHbuEH6w+O-TSA9SRP-9TrM+Hdh+vn7Me+tdJrFTNY_-Nbenug@mail.gmail.com> <20150901165526.GU9021@mournblade.imrryr.org> <4F6E430F-61E7-46BA-9B4A-8E12156B62FA@vigilsec.com> <20150901211906.GA9021@mournblade.imrryr.org>
To: saag@ietf.org
X-Mailer: Apple Mail (2.1085)
Archived-At: <http://mailarchive.ietf.org/arch/msg/saag/pr4c98yHEiO-EnraSW-WxTeAQMs>
Subject: Re: [saag] Section 2.9: was Re: AD review of draft-iab-crypto-alg-agility-06
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 01 Sep 2015 23:56:39 -0000

On Sep 1, 2015, at 5:19 PM, Viktor Dukhovni wrote:

> On Tue, Sep 01, 2015 at 04:58:31PM -0400, Russ Housley wrote:
>=20
>> I'm trying to pull together the things that I have heard on this =
thread
>> over the last week regarding Section 2.9.  I think I have captured =
them.
>> Please let me know if I missed something?
>>=20
>> 2.9.  Opportunistic Security
>>=20
>>   Despite the guidance in Section 2.4, opportunistic security =
[RFC7435]
>>   also deserves consideration, especially at the time a protocol
>>   implementation is deployed and configured.  Using algorithms that =
are
>>   weak against advanced attackers but sufficient against others is =
one
>>   way to make pervasive surveillance significantly more difficult.  =
As
>>   a result, algorithms that would not be acceptable in many =
negotiated
>>   situations are acceptable for opportunistic security when legacy
>>   systems are in use for unauthenticated encrypted sessions as
>>   discussed in Section 3 of [RFC7435] as long as their use does not
>>   facilitate downgrade attacks.  Similarly, weaker algorithms and
>>   shorter key sizes are also acceptable for opportunistic security =
with
>>   the same constraints.  That said, the use of strong algorithms is
>>   always preferable.
>=20
> I still think that the focus on just the weak(er) algorithms in OS
> is unfortunate.  Rather agility and OS work hand-in-hand to improve
> communications to the extent possible.  As new algorithms are
> deployed, opportunistic peers will autmatically start to use stronger
> cryptography. =20
>=20
> Once new algorithms have largely displaced legacy algorithms, one
> can begin considering retirement of algorithms that used to be
> required for interoperability.  This process is likely to take
> longer for OS protocols/applications because interoperability
> carries greater weight when security is not a hard requirement and
> the alternative is cleartext.
>=20
> So I'd like to see text that first emphasises the good news (over
> time agility improves the security of OS protocols).  Then the bad
> news (retirement of legacy crypto takes longer).  And finally notes
> that OS is not carte-blanche for weak crypto, new OS applications
> need to start with non-deprecated crypto, and legacy crypto needs
> to still be retired once no longer needed.

The whole point of the document is to make it easy to migrate from one =
algorithm suite to another more desirable one.  However, sometimes we =
want to keep an algorithm around that would otherwise have been =
discarded to achieve opportunistic security.  You seem to be trying to =
pull the points from the rest of the document into this paragraph.

Russ


From nobody Tue Sep  1 17:26:33 2015
Return-Path: <hartmans@mit.edu>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2C76C1ACDEA for <saag@ietfa.amsl.com>; Tue,  1 Sep 2015 17:26:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.235
X-Spam-Level: 
X-Spam-Status: No, score=-1.235 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_SOFTFAIL=0.665] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9zIxe1rJzEDU for <saag@ietfa.amsl.com>; Tue,  1 Sep 2015 17:26:29 -0700 (PDT)
Received: from mail.painless-security.com (mail.painless-security.com [23.30.188.241]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 883AC1ACDF0 for <saag@ietf.org>; Tue,  1 Sep 2015 17:26:28 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mail.painless-security.com (Postfix) with ESMTP id 2FCE7207C3; Tue,  1 Sep 2015 20:24:19 -0400 (EDT)
Received: from mail.painless-security.com ([127.0.0.1]) by localhost (mail.suchdamage.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dyB0-0IEV4vu; Tue,  1 Sep 2015 20:24:18 -0400 (EDT)
Received: from carter-zimmerman.suchdamage.org (c-50-136-30-120.hsd1.ma.comcast.net [50.136.30.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "laptop", Issuer "laptop" (not verified)) by mail.painless-security.com (Postfix) with ESMTPS; Tue,  1 Sep 2015 20:24:18 -0400 (EDT)
Received: by carter-zimmerman.suchdamage.org (Postfix, from userid 8042) id 56053808FA; Tue,  1 Sep 2015 20:26:25 -0400 (EDT)
From: Sam Hartman <hartmans-ietf@mit.edu>
To: Russ Housley <housley@vigilsec.com>
References: <CAHbuEH6w+O-TSA9SRP-9TrM+Hdh+vn7Me+tdJrFTNY_-Nbenug@mail.gmail.com> <20150901165526.GU9021@mournblade.imrryr.org> <4F6E430F-61E7-46BA-9B4A-8E12156B62FA@vigilsec.com> <20150901211906.GA9021@mournblade.imrryr.org> <E44EE5B3-1469-49D7-9C15-299230E13779@vigilsec.com>
Date: Tue, 01 Sep 2015 20:26:25 -0400
In-Reply-To: <E44EE5B3-1469-49D7-9C15-299230E13779@vigilsec.com> (Russ Housley's message of "Tue, 1 Sep 2015 19:56:16 -0400")
Message-ID: <tsl8u8pmzta.fsf@mit.edu>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.3 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain
Archived-At: <http://mailarchive.ietf.org/arch/msg/saag/IZgqfACsOA6FbFVFCT7qubgXIQA>
Cc: saag@ietf.org
Subject: Re: [saag] Section 2.9: was Re: AD review of draft-iab-crypto-alg-agility-06
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 02 Sep 2015 00:26:31 -0000

>>>>> "Russ" == Russ Housley <housley@vigilsec.com> writes:

    >> I still think that the focus on just the weak(er) algorithms in
    >> OS is unfortunate.  Rather agility and OS work hand-in-hand to
    >> improve communications to the extent possible.  As new algorithms
    >> are deployed, opportunistic peers will autmatically start to use
    >> stronger cryptography.
    >> 
    >> Once new algorithms have largely displaced legacy algorithms, one
    >> can begin considering retirement of algorithms that used to be
    >> required for interoperability.  This process is likely to take
    >> longer for OS protocols/applications because interoperability
    >> carries greater weight when security is not a hard requirement
    >> and the alternative is cleartext.
    >> 
    >> So I'd like to see text that first emphasises the good news (over
    >> time agility improves the security of OS protocols).  Then the
    >> bad news (retirement of legacy crypto takes longer).  And finally
    >> notes that OS is not carte-blanche for weak crypto, new OS
    >> applications need to start with non-deprecated crypto, and legacy
    >> crypto needs to still be retired once no longer needed.

    Russ> The whole point of the document is to make it easy to migrate
    Russ> from one algorithm suite to another more desirable one.
    Russ> However, sometimes we want to keep an algorithm around that
    Russ> would otherwise have been discarded to achieve opportunistic
    Russ> security.  You seem to be trying to pull the points from the
    Russ> rest of the document into this paragraph.

Russ, like Viktor, when I read the proposed text for section 2.9 I hear
emphasis on supporting weak crypto for OS.  The text doesn't quite come
out and say any of the following, but I find myself trying to come up
with justifications for why I'd prefer weak crypto for OS.  Is it
faster?  Is it more exportable?  By the time I get to the sentence that
says stronger is still preferable, I'm so lost that it hardly registers.

I find the quoted paragraph sounds like it's trying to be more divergent
with the rest of the document rather than complimentary.
So, while perhaps literally doing what Viktor proposes and including all
those points in 2.9 would be redundant, perhaps we can strive for
something more consistent with his approach.

What the proposed text says is all consistent, it just reads wrong and
at least to me and apparently Viktor implies things that I don't think
we really mean.

I'm sorry I can't be more helpful.  I'm not trying to raise anything
blocking, just hoping to help you better understand the explanation.


From nobody Tue Sep  1 20:09:32 2015
Return-Path: <kathleen.moriarty.ietf@gmail.com>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3A6741B41C8 for <saag@ietfa.amsl.com>; Tue,  1 Sep 2015 20:09:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level: 
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9,  DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4TXXbn9vbxOB for <saag@ietfa.amsl.com>; Tue,  1 Sep 2015 20:09:28 -0700 (PDT)
Received: from mail-qk0-x233.google.com (mail-qk0-x233.google.com [IPv6:2607:f8b0:400d:c09::233]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 66BFB1B3D7B for <saag@ietf.org>; Tue,  1 Sep 2015 20:09:27 -0700 (PDT)
Received: by qkdv1 with SMTP id v1so62522039qkd.0 for <saag@ietf.org>; Tue, 01 Sep 2015 20:09:26 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;  h=from:content-type:mime-version:subject:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=+j8s4cbSu3AMwJf2UGfOdPgF1uV3GF10H0Kpmn/WGKw=; b=LowVNgVhX3g9V8bp9XNFxQgU37GbNNUxQksBWDdO8qCf8cfaKxAEhX43gFsqVEaZru zLYuy1PENA87+eEv6F3BKixe2QnIeK8usPwbO+djxiLpgYT+dup4cZwdD5tsAMDcHd1y RMdFC/HfeMLQdE4hG1M1Bn4y10xA/NWNAfhGcAE3TTN4hbJmU3FuAvXGpNXlup4GwP51 iXof96gsa8zDCTbfYNC9zEPRypL/NQj+1wfK2r6CcgbfpeJbBCyd8fw0CmTLSXkfRQf/ +yoAgsSg/UKXF0iZq8YnpJQWmE50jIpvwMN7jtmIYAQvb8seRljChibTdcmJHvGGklXj NcRg==
X-Received: by 10.55.24.193 with SMTP id 62mr25386737qky.63.1441163366665; Tue, 01 Sep 2015 20:09:26 -0700 (PDT)
Received: from [192.168.1.3] (209-6-114-252.c3-0.arl-ubr1.sbo-arl.ma.cable.rcn.com. [209.6.114.252]) by smtp.gmail.com with ESMTPSA id 70sm11982968qhd.40.2015.09.01.20.09.24 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Tue, 01 Sep 2015 20:09:24 -0700 (PDT)
From: Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com>
X-Google-Original-From: Kathleen Moriarty <Kathleen.Moriarty.ietf@gmail.com>
Content-Type: text/plain; charset=us-ascii
Mime-Version: 1.0 (1.0)
X-Mailer: iPhone Mail (12H143)
In-Reply-To: <tsl8u8pmzta.fsf@mit.edu>
Date: Tue, 1 Sep 2015 23:09:23 -0400
Content-Transfer-Encoding: quoted-printable
Message-Id: <92D9378E-4724-4721-A5F4-26614D96831E@gmail.com>
References: <CAHbuEH6w+O-TSA9SRP-9TrM+Hdh+vn7Me+tdJrFTNY_-Nbenug@mail.gmail.com> <20150901165526.GU9021@mournblade.imrryr.org> <4F6E430F-61E7-46BA-9B4A-8E12156B62FA@vigilsec.com> <20150901211906.GA9021@mournblade.imrryr.org> <E44EE5B3-1469-49D7-9C15-299230E13779@vigilsec.com> <tsl8u8pmzta.fsf@mit.edu>
To: Sam Hartman <hartmans-ietf@mit.edu>
Archived-At: <http://mailarchive.ietf.org/arch/msg/saag/zWgyjeOMobps71EpnTVxGioO6Gg>
Cc: "saag@ietf.org" <saag@ietf.org>
Subject: Re: [saag] Section 2.9: was Re: AD review of draft-iab-crypto-alg-agility-06
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 02 Sep 2015 03:09:30 -0000

Sent from my iPhone

On Sep 1, 2015, at 8:26 PM, Sam Hartman <hartmans-ietf@mit.edu> wrote:

>>>>>> "Russ" =3D=3D Russ Housley <housley@vigilsec.com> writes:
>=20
>>> I still think that the focus on just the weak(er) algorithms in
>>> OS is unfortunate.  Rather agility and OS work hand-in-hand to
>>> improve communications to the extent possible.  As new algorithms
>>> are deployed, opportunistic peers will autmatically start to use
>>> stronger cryptography.
>>>=20
>>> Once new algorithms have largely displaced legacy algorithms, one
>>> can begin considering retirement of algorithms that used to be
>>> required for interoperability.  This process is likely to take
>>> longer for OS protocols/applications because interoperability
>>> carries greater weight when security is not a hard requirement
>>> and the alternative is cleartext.
>>>=20
>>> So I'd like to see text that first emphasises the good news (over
>>> time agility improves the security of OS protocols).  Then the
>>> bad news (retirement of legacy crypto takes longer).  And finally
>>> notes that OS is not carte-blanche for weak crypto, new OS
>>> applications need to start with non-deprecated crypto, and legacy
>>> crypto needs to still be retired once no longer needed.
>=20
>    Russ> The whole point of the document is to make it easy to migrate
>    Russ> from one algorithm suite to another more desirable one.
>    Russ> However, sometimes we want to keep an algorithm around that
>    Russ> would otherwise have been discarded to achieve opportunistic
>    Russ> security.  You seem to be trying to pull the points from the
>    Russ> rest of the document into this paragraph.
>=20
> Russ, like Viktor, when I read the proposed text for section 2.9 I hear
> emphasis on supporting weak crypto for OS.  The text doesn't quite come
> out and say any of the following, but I find myself trying to come up
> with justifications for why I'd prefer weak crypto for OS.  Is it
> faster?  Is it more exportable?  By the time I get to the sentence that
> says stronger is still preferable, I'm so lost that it hardly registers.
>=20
> I find the quoted paragraph sounds like it's trying to be more divergent
> with the rest of the document rather than complimentary.
> So, while perhaps literally doing what Viktor proposes and including all
> those points in 2.9 would be redundant, perhaps we can strive for
> something more consistent with his approach.
>=20
> What the proposed text says is all consistent, it just reads wrong and
> at least to me and apparently Viktor implies things that I don't think
> we really mean.

I think the proposed text is a lot better than what was there and I think th=
ere is consensus around it.  Once you get more specific, then you are moving=
 away from what was agreed upon in the OS draft.  Doing that would require q=
uite a bit more discussion.

The proposed text reads well to me and keeps us more consistent - use of wea=
ker crypto for OS is limited to legacy deployments and is not okay for authe=
nticated and encrypted sessions for OS, just unauthenticated.  If you have a=
 proposal for text that keeps within the space where I think we have consens=
us, then I'm okay with change otherwise I'm not.  It might take reading thro=
ugh this draft and the OS RFC, once that has been done, this text makes sens=
e... Reading big through the discussion on this over the past week or so may=
 help as well.

Thanks,
Kathleen=20

>=20
> I'm sorry I can't be more helpful.  I'm not trying to raise anything
> blocking, just hoping to help you better understand the explanation.
>=20
> _______________________________________________
> saag mailing list
> saag@ietf.org
> https://www.ietf.org/mailman/listinfo/saag


From nobody Tue Sep  1 21:01:50 2015
Return-Path: <ietf-dane@dukhovni.org>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2D5CE1B3F2E for <saag@ietfa.amsl.com>; Tue,  1 Sep 2015 21:01:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level: 
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 53xPig28FHob for <saag@ietfa.amsl.com>; Tue,  1 Sep 2015 21:01:47 -0700 (PDT)
Received: from mournblade.imrryr.org (mournblade.imrryr.org [38.117.134.19]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9E0C41B33B6 for <saag@ietf.org>; Tue,  1 Sep 2015 21:01:46 -0700 (PDT)
Received: by mournblade.imrryr.org (Postfix, from userid 1034) id 89D45284D23; Wed,  2 Sep 2015 04:01:45 +0000 (UTC)
Date: Wed, 2 Sep 2015 04:01:45 +0000
From: Viktor Dukhovni <ietf-dane@dukhovni.org>
To: saag@ietf.org
Message-ID: <20150902040145.GD9021@mournblade.imrryr.org>
References: <CAHbuEH6w+O-TSA9SRP-9TrM+Hdh+vn7Me+tdJrFTNY_-Nbenug@mail.gmail.com> <20150901165526.GU9021@mournblade.imrryr.org> <4F6E430F-61E7-46BA-9B4A-8E12156B62FA@vigilsec.com> <20150901211906.GA9021@mournblade.imrryr.org> <E44EE5B3-1469-49D7-9C15-299230E13779@vigilsec.com> <tsl8u8pmzta.fsf@mit.edu> <92D9378E-4724-4721-A5F4-26614D96831E@gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <92D9378E-4724-4721-A5F4-26614D96831E@gmail.com>
User-Agent: Mutt/1.5.23 (2014-03-12)
Archived-At: <http://mailarchive.ietf.org/arch/msg/saag/2LmFR5ao1A_2_jjP7lFAI4o1q3A>
Subject: Re: [saag] Section 2.9: was Re: AD review of draft-iab-crypto-alg-agility-06
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: saag@ietf.org
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 02 Sep 2015 04:01:49 -0000

On Tue, Sep 01, 2015 at 11:09:23PM -0400, Kathleen Moriarty wrote:

> I think the proposed text is a lot better than what was there and I think
> there is consensus around it.  Once you get more specific, then you are
> moving away from what was agreed upon in the OS draft.  Doing that would
> require quite a bit more discussion.
> 
> The proposed text reads well to me and keeps us more consistent - use of
> weaker crypto for OS is limited to legacy deployments and is not okay for
> authenticated and encrypted sessions for OS, just unauthenticated.  If
> you have a proposal for text that keeps within the space where I think we
> have consensus, then I'm okay with change otherwise I'm not.  It might
> take reading through this draft and the OS RFC, once that has been done,
> this text makes sense... Reading big through the discussion on this over
> the past week or so may help as well.

I am not saying the proposed text is wrong on its substance, rather
I am a somewhat concerned about what seems to be misplaced emphasis.
I think Sam agrees along essentially the same lines.

I've not suggested a specific remedy, just throwing ideas out there
and hoping they might be useful.

In part I don't think I should be the only one doing all the
explaining of OS, it is best if others can make additional
contributions to the formulation of a refined consensus in this
area.

It would I think be better to note that OS (when unauthenticated
and provies only passive protection) is not fundamentally about
use of weaker crypto.  Rather it is about doing as much better than
cleartext as one can, and agility is helpful, but more quickly on
the uptake of new algos than deprecation of legacy algos, because
interop considerations and avoiding cleartext trump the urgency of
deprecating weak crypto.

That said, that's just how I see it, and I don't want force my
formulation on everyone else, so if there are other ways to improve
the text (change of emphasis) that's fine.

-- 
	Viktor.


From nobody Wed Sep  2 13:49:27 2015
Return-Path: <housley@vigilsec.com>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 242451B3CB8 for <saag@ietfa.amsl.com>; Wed,  2 Sep 2015 13:49:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -100.001
X-Spam-Level: 
X-Spam-Status: No, score=-100.001 tagged_above=-999 required=5 tests=[BAYES_20=-0.001, USER_IN_WHITELIST=-100] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ckoU8omZIvSs for <saag@ietfa.amsl.com>; Wed,  2 Sep 2015 13:49:21 -0700 (PDT)
Received: from odin.smetech.net (x-bolt-wan.smeinc.net [209.135.219.146]) by ietfa.amsl.com (Postfix) with ESMTP id 246AA1B45F7 for <saag@ietf.org>; Wed,  2 Sep 2015 13:49:21 -0700 (PDT)
Received: from localhost (unknown [209.135.209.5]) by odin.smetech.net (Postfix) with ESMTP id 934C3F24144 for <saag@ietf.org>; Wed,  2 Sep 2015 16:49:10 -0400 (EDT)
X-Virus-Scanned: amavisd-new at smetech.net
Received: from odin.smetech.net ([209.135.209.4]) by localhost (ronin.smeinc.net [209.135.209.5]) (amavisd-new, port 10024) with ESMTP id pzKj+-Q30IW1 for <saag@ietf.org>; Wed,  2 Sep 2015 16:47:52 -0400 (EDT)
Received: from [192.168.2.100] (pool-108-51-128-219.washdc.fios.verizon.net [108.51.128.219]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by odin.smetech.net (Postfix) with ESMTP id 1D77AF24162 for <saag@ietf.org>; Wed,  2 Sep 2015 16:48:49 -0400 (EDT)
Content-Type: text/plain; charset=us-ascii
Mime-Version: 1.0 (Apple Message framework v1085)
From: Russ Housley <housley@vigilsec.com>
In-Reply-To: <20150720044849.GY28047@mournblade.imrryr.org>
Date: Wed, 2 Sep 2015 16:48:38 -0400
Content-Transfer-Encoding: quoted-printable
Message-Id: <B866063D-C1A8-4286-83E1-9EBAE7994297@vigilsec.com>
References: <55A938F1.9090404@cs.tcd.ie> <20150720044849.GY28047@mournblade.imrryr.org>
To: saag@ietf.org
X-Mailer: Apple Mail (2.1085)
Archived-At: <http://mailarchive.ietf.org/arch/msg/saag/i-t_D0oD4P7Yx2HL-spMI534FJU>
Subject: Re: [saag] AD review of draft-iab-crypto-alg-agility-06
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 02 Sep 2015 20:49:24 -0000

Viktor:

Apologies.  I seem to have missed this message when I did the updates =
for -07.  Thankfully, Stephen noticed.  The document will be improved by =
tackling these comments.

> Intro paragraph 2:
>=20
>       Advances in computing power available to the attacker will =
eventually
>       make any algorithm obsolete.
>=20
>    I think this overstates the plausible advances in computing power.
>    Many of the symmetric algorithms in use today are far outside the
>    realm of any physically realizable brute force attack, unless also
>    weakened through analytic techniques.

Pulling some thoughts from the things Kenny said earlier this week, I =
suggest:

   Cryptographic algorithms age; they become weaker with time.  As new
   cryptanalysis techniques are developed and computing capabilities
   improve, the work required to break a particular cryptographic
   algorithm will reduce, making an attack on the algorithm more
   feasible for more attackers.  While it is unknown how cryptoanalytic
   attacks will evolve, it is certain that they will get better.  It is
   unknown how much better they will become, or when the advances will
   happen.  Protocol designers need to assume that advances in computing
   power or advances cryptoanalytic techniques will eventually make any
   algorithm obsolete.  For this reason, protocols need mechanisms to
   migrate from one algorithm suite to another over time.

> Section 2.1 second para top of page 4:
>=20
>       Regardless of the approach used, protocols historically =
negotiate the
>       symmetric cipher and cipher mode together to ensure that they =
are
>       completely compatible.
>=20
>   I would drop the word "completely".  And ditto in the next =
paragraph.

Done.

> Section 2.2 first para:
>=20
>       For this reason, the protocol MUST specify one or more strong
>       mandatory-to-implement algorithm or suite.
>=20
>   One or more is I believe more typically plural, so that would
>   be "algorithms or suites".

Done.

> Section 2.2.1:
>=20
>       This approach allows other protocols can make use of CMS
>       and make different mandatory-to-implement algorithm choices.
>=20
>   s/can/to/

Done.

> Section 2.4:
>=20
>       Without integrity protection of algorithm or suite selection,
>       the attempt to transition to a new algorithm or suite may
>       introduce new opportunities for downgrade attack.
>=20
>   Perhaps "for a downgrade attack" or "for downgrade attacks".

Done.

> I find section 2.5 too vague, not sure what point it is really
> trying to make.

I'm not sure how to handle this comment.  I guess the point that I am =
trying to make is that there can be too many levels of indirection and =
still preserve the integrity of the first part of the negotiation.

> Section 2.6:
>=20
>       The impacts of legacy software an long support tails on security
>       can be reduced by making it easy to rollover from old algorithms
>       and suites to new ones.
>=20
>    s/impacts/impact/
>    s/an long/and long/
>    s/rollover/transition/

Done.

>       Without clear mechanisms for algorithm and suite rollover,
>       preserving interoperability becomes a difficult social
>       problem.  For example, consider web browsers.  Dropping
>       support for an algorithm suite can break connectivity to
>       some web sites, and the browser vendor will lose users by
>       doing so.  This situation creates incentives to support
>       algorithm suites that would otherwise be deprecated, but
>       preserving interoperability.
>=20
>    s/rollover/transitions/
>    s/but preserving/in order to preserve/

Merging with comments from others, the current text is:

   Without clear mechanisms for algorithm and suite transition,
   preserving interoperability becomes a difficult social problem.  For
   example, consider web browsers.  Dropping support for an algorithm
   suite can break connectivity to some web sites, and the browser
   vendor will lose users by doing so.  This situation creates
   incentives to support algorithm suites that would otherwise be
   deprecated in order to preserve interoperability.

> 	The digital signature on a trust anchor certificate [RFC5280]
> 	is often expected to last decades, which hinders the
> 	transition away from a weak signature algorithm or short
> 	key length.
>=20
>    This example is somewhat flawed, browsers and CAs are well
>    along the process of deprecating SHA-1, while ignoring its
>    presence in trust-anchor certificates, because their =
self-signatures
>    are typically not checked (check not needed).

I have updated the example:

   Transition in Internet infrastructure is particularly difficult.  The
   digital signature on the certificate for an intermediate
   certification authority (CA) [RFC5280] is often expected to last
   decades, which hinders the transition away from a weak signature
   algorithm or short key length.  Once a long-lived certificate is
   issued with a particular signature algorithm, that algorithm will be
   used by many relying parties, and none of them can stop supporting it
   without invalidating all of the subordinate certificates.  In a
   hierarchical system, many subordinate certificates could be impacted
   by the decision to drop support for a weak signature algorithm or an
   associated hash function.

> 	   Institutions, being large or dominate users within a large
> 	   user base, can assist by coordinating the demise of an
> 	   algorithm suite, making the rollover easier for their own
> 	   users as well as others.
>=20
>    Somehow the meaning of the above eludes me.  It needs a rewrite.

The point is that big customers can help with the social part of the =
transition by putting pressure on their suppliers.  I'm not sure what =
part to change to make that more clear for you.

> Section 2,7:
>=20
>       When selecting or negotiating a suite of cryptographic =
algorithms,
>       the strength of each algorithm SHOULD be considered.  The =
algorithms
>       in a suite SHOULD be roughly equal;
>=20
>    s/roughly equal/comparably strong/ or (to really spell it out):
>                   /have comparable best known attack work-factors/
>=20
>    However if a particular element of a suite is believed stronger
>    than the rest, we don't need to get too pedantic about that.
>    Slightly lop-sided choices are OK if the stronger outlier is
>    adequately fast, and weaker variants are not widely used.

That was the point of "roughly".  Also, the second paragraph bring in =
the point about performance being a factor.

How about this:

   When selecting or negotiating a suite of cryptographic algorithms,
   the strength of each algorithm SHOULD be considered.  The algorithms
   in a suite SHOULD be roughly equal; however, the security service
   provided by each algorithm in a particular context needs to be
   considered when making the selection.  Algorithm strength needs to be
   considered at the time a protocol is designed.  It also needs to be
   considered at the time a protocol implementation is deployed and
   configured.  Advice from from experts is useful, but in reality, such
   advice is often unavailable to system administrators that are
   deploying a protocol implementation.  For this reason, protocol
   designers SHOULD provide clear guidance to implementors, leading to
   balanced options being available at the time of deployment.

>       For example, cipher suites include Diffie-Hellman or RSA without
>       specifying a particular public key length.  If the algorithm
>       identifier or suite identifier named a particular public key
>       length, migration to longer ones would be more difficult.  On
>       the other hand, inclusion of a public key length would make it
>       easier to migrate away from short ones when computational
>       resources available to attacker dictate the need to do so.
>       Therefore, flexibility on asymmetric key length is both =
desirable
>       and undesirable at the same time.
>=20
>       s/cipher suites include/TLS cipher suites include/

Done.

>   Overall I think this text is wrong to weasel out.  Failure to
>   negotiate the DH parameter size has proved rather problematic
>   in TLS, with servers needing to guess at universally inteoperable
>   prime bit length.  This is being addressed, with the DH groups
>   extension now supporting standard prime groups as well as standard
>   EC curves.  Underspecified algorithms MUST NOT be used.  Either
>   fix the parameters, or negotiate them.

You raise an important point.  I suggest:

   Performance is always a factor is selecting cryptographic algorithms.
   Performance and security need to be balanced.  Some algorithms offer
   flexibility in their strength by adjusting the key size, number of
   rounds, authentication tag size, prime group size, and so on.  For
   example, TLS cipher suites include Diffie-Hellman or RSA without
   specifying a particular public key length.  If the algorithm
   identifier or suite identifier named a particular public key length,
   migration to longer ones would be more difficult.  On the other hand,
   inclusion of a public key length would make it easier to migrate away
   from short ones when computational resources available to attacker
   dictate the need to do so.  The flexibility on asymmetric key length
   has lead to interoperability problems, and to avoid these problems in
   the future any aspect of the algorithm not specified by the algorithm
   identifier MUST be negotiated, including key size and parameters.

> Section 2.8:
>=20
>       Protocol designers MUST be prepared for the supported =
cryptographic
>       algorithm set to change over time.  There is a spectrum of ways
>       to enable the transition, and Section 3 discusses dome of the
>       related issues.
>=20
>    s/is a spectrum/are a number/
>    "spectrum" implies some sort of continuum, which does not apply =
here.

Done.

> Section 2.9:
>=20
>    Opportunistic security is no excuse for designing in weaker
>    algorithms into new protocols.  The text in RFC7435 relating
>    to tolerating weaker algorithms in the name of interoperability
>    is intended only for legacy systems.  When we're grafting crypto
>    onto existing systems that run over cleartext, even weak crypto
>    is better than none, but only if is already in use and required
>    for interop.  For de-novo designs, the crypto should be just as
>    strong.  Let's not lose from the get-go.
>=20
>    Opportunistic security emphases adapting to peer capabilities,
>    and incrementatl deployment, and should be considered where it
>    would lead to greater use of security than all-or-nothing
>    approaches.  The agility angle here, is that when deprecating
>    algorithms that are still in wide use, opportunistic protocols
>    might take longer to phase them out, because interoperability
>    is a higher priority than in protocols with mandatory security.

Kathleen proposed a major rewrite of this section earlier this week, and =
you have already provided comments on that.

Russ


From nobody Wed Sep  2 14:18:55 2015
Return-Path: <housley@vigilsec.com>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 29B2C1B4BA6 for <saag@ietfa.amsl.com>; Wed,  2 Sep 2015 14:18:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -101.9
X-Spam-Level: 
X-Spam-Status: No, score=-101.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, USER_IN_WHITELIST=-100] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7Ra8ag8DURcT for <saag@ietfa.amsl.com>; Wed,  2 Sep 2015 14:18:52 -0700 (PDT)
Received: from odin.smetech.net (x-bolt-wan.smeinc.net [209.135.219.146]) by ietfa.amsl.com (Postfix) with ESMTP id 50EEB1B4EEF for <saag@ietf.org>; Wed,  2 Sep 2015 14:18:52 -0700 (PDT)
Received: from localhost (unknown [209.135.209.5]) by odin.smetech.net (Postfix) with ESMTP id CE595F2413C for <saag@ietf.org>; Wed,  2 Sep 2015 17:18:41 -0400 (EDT)
X-Virus-Scanned: amavisd-new at smetech.net
Received: from odin.smetech.net ([209.135.209.4]) by localhost (ronin.smeinc.net [209.135.209.5]) (amavisd-new, port 10024) with ESMTP id x1J5ckC3Gm6n for <saag@ietf.org>; Wed,  2 Sep 2015 17:17:24 -0400 (EDT)
Received: from [192.168.2.100] (pool-108-51-128-219.washdc.fios.verizon.net [108.51.128.219]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by odin.smetech.net (Postfix) with ESMTP id B9913F24157 for <saag@ietf.org>; Wed,  2 Sep 2015 17:18:20 -0400 (EDT)
Content-Type: text/plain; charset=us-ascii
Mime-Version: 1.0 (Apple Message framework v1085)
From: Russ Housley <housley@vigilsec.com>
In-Reply-To: <20150726233935.GE4347@mournblade.imrryr.org>
Date: Wed, 2 Sep 2015 17:18:10 -0400
Content-Transfer-Encoding: quoted-printable
Message-Id: <078FB0AB-23F6-4A1E-85DF-0E56EC93554B@vigilsec.com>
References: <55A938F1.9090404@cs.tcd.ie> <20150720044849.GY28047@mournblade.imrryr.org> <20150726233935.GE4347@mournblade.imrryr.org>
To: saag@ietf.org
X-Mailer: Apple Mail (2.1085)
Archived-At: <http://mailarchive.ietf.org/arch/msg/saag/A7Hbl8qZYiFEdELkoArFlVvNFIs>
Subject: Re: [saag] AD review of draft-iab-crypto-alg-agility-06
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 02 Sep 2015 21:18:54 -0000

Viktor:

You comments were provided in two message, so I am responding to them =
separately as well.

> Section 3.1 first paragraph:
>=20
>    The sentence:
>=20
>       It seems like the ability to use an algorithm of one's own
>       choosing is very desirable; however, the selection is often
>       better left to experts.
>=20
>    is rather imprecise.  I would suggest something more concrete:
>=20
> 	Explicit selection of concrete cryptographic algorithms
> 	should generally not be left to end-users.  Rather, end-users
> 	might select between configuration profiles defined by
> 	experts.

Your proposed rewording misses a point I am trying to make.  At first =
blush, people may think that their ability to pick any algorithm is a =
good thing.  This is rarely the case.

How aboutL

   It may seem as if the ability to use an algorithm of one's own
   choosing is very desirable; however, the selection is often better
   left to experts.  When there are choices, end-users might select
   between configuration profiles that have been defined by experts.

>    The next sentence is too confusing to suggest improvements:
>=20
> 	  Further, any and all cryptographic algorithm choices
> 	  ought not be available in every implementation.

I have tried to make the point more clearly:

   Further, experts need not specify each and every cryptographic
   algorithm alternative.  Specifying all possible choices will not lead
   to them being available in every implementation.

>    The rest of the first paragraph:
>=20
> 	s/that it has/that has/
> 	s/has alway had/has always had/

Done.

>    The last sentence of the same paragraph:
>=20
> 	In addition, inclusion of too many alternatives may add
> 	complexity to algorithm selection or negotiation.
>=20
>    might be better as:
>=20
> 	Finally, standardization of too many alternatives will
> 	likely hamper security and interoperability.  When
> 	standardizing new algorithms it is prudent to consider what
> 	existing algorithms need to deprecated to make room for
> 	the new.
>=20
>    [ For example, I'd like to see deprecation of many legacy DNSSEC
>      algorithm code points, once new code points appear based on
>      CRFG's new curves. (Of the existing algorithms, I'd keep only
>      RSASHA256(8) and ECDSAP256SHA256(13)). ]

I like what you are saying, but I do not want to loose the point about =
added complexity.

I suggest:

   In addition, inclusion of too many alternatives may
   add complexity to algorithm selection or negotiation.  Specification
   of  too many alternatives will likely hamper interoperability and may
   hamper security as well.  When specifying new algorithms or suites,
   protocol designers would be prudent to consider whether existing
   ones can be deprecated.

> Last paragraph of 3.1:
>=20
> 	s/Sometime/Sometimes/
> 	s/depending of/depending on/

Done.

> Last paragraph of 3.4:
> =09
> 	s/roll out/roll-out/  (the first is the verb, the second the =
noun).

This is in section 3.3.  Corrected.

> Section 3.4:
>=20
>    Amen for disabled by default "national" algorithms.  It would
>    be nice to explicitly see this recommendation for GOST in DNSSEC,
>    SEED in TLS, ...

That belongs in other documents.  Of course, the people that write those =
document want to see their national algorithm added to every =
implementation.

> Section 4:
>=20
>       Sometimes application layer protocols can make use of transport =
layer
>       security protocols, such as TLS [RFC5246] or DTLS [RFC6347].  =
This
>       insulates the application layer protocol from the details of
>       cryptography, but it is likely to still be necessary to handle =
the
>       transition from unprotected traffic to protected traffic in the
>       application layer protocol.  In addition, the application layer
>       protocol may need to handle the downgrade from encrypted
>       communication to plaintext communication.
>=20
>    What's the relevance of a possible transition from cleartext
>    to encryption (and perhaps back again???).

It is the security considerations, and this seems like a possible attack =
vector.

> Overall:
>=20
>    I found the document to be too "hand-wavy".  I think that it
>    could be shorter by leaving out more text where no specific
>    recommendations are or can be made.
>=20
>    The wording could use a lot more polish, my list of nits is
>    far from comprehensive.

Again, thanks for you thoughtful review.  You have made the document =
better.

Russ


From nobody Wed Sep  2 14:29:06 2015
Return-Path: <ietf-dane@dukhovni.org>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 911A01B40DE for <saag@ietfa.amsl.com>; Wed,  2 Sep 2015 14:29:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level: 
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LOIH_6HoJXLD for <saag@ietfa.amsl.com>; Wed,  2 Sep 2015 14:29:00 -0700 (PDT)
Received: from mournblade.imrryr.org (mournblade.imrryr.org [38.117.134.19]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E7C341B447E for <saag@ietf.org>; Wed,  2 Sep 2015 14:28:59 -0700 (PDT)
Received: by mournblade.imrryr.org (Postfix, from userid 1034) id E0252284D23; Wed,  2 Sep 2015 21:28:58 +0000 (UTC)
Date: Wed, 2 Sep 2015 21:28:58 +0000
From: Viktor Dukhovni <ietf-dane@dukhovni.org>
To: saag@ietf.org
Message-ID: <20150902212858.GM9021@mournblade.imrryr.org>
References: <55A938F1.9090404@cs.tcd.ie> <20150720044849.GY28047@mournblade.imrryr.org> <B866063D-C1A8-4286-83E1-9EBAE7994297@vigilsec.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <B866063D-C1A8-4286-83E1-9EBAE7994297@vigilsec.com>
User-Agent: Mutt/1.5.23 (2014-03-12)
Archived-At: <http://mailarchive.ietf.org/arch/msg/saag/Up0a6hpHn8qMXLncgBw2DteZGbI>
Subject: Re: [saag] AD review of draft-iab-crypto-alg-agility-06
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: saag@ietf.org
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 02 Sep 2015 21:29:02 -0000

On Wed, Sep 02, 2015 at 04:48:38PM -0400, Russ Housley wrote:

> Pulling some thoughts from the things Kenny said earlier this week, I suggest:
> 
>    Cryptographic algorithms age; they become weaker with time.  As new
>    cryptanalysis techniques are developed and computing capabilities
>    improve, the work required to break a particular cryptographic
>    algorithm will reduce, making an attack on the algorithm more
>    feasible for more attackers.  While it is unknown how cryptoanalytic
>    attacks will evolve, it is certain that they will get better.  It is
>    unknown how much better they will become, or when the advances will
>    happen.  Protocol designers need to assume that advances in computing
>    power or advances cryptoanalytic techniques will eventually make any
>    algorithm obsolete.  For this reason, protocols need mechanisms to
>    migrate from one algorithm suite to another over time.

Works for me.

> > I find section 2.5 too vague, not sure what point it is really
> > trying to make.
> 
> I'm not sure how to handle this comment.  I guess the point that I am
> trying to make is that there can be too many levels of indirection and
> still preserve the integrity of the first part of the negotiation.

    2.5.  Cryptographic Key Management

       Traditionally, protocol designers have avoided more than one approach
       to key management because it makes the security analysis of the
       overall protocol more difficult.  When frameworks such as EAP and
       GSSAPI are employed, the key management is very flexible, often
       hiding many of the details from the application.  This results in
       protocols that support multiple key management approaches.  In fact,
       the key management approach itself may be negotiable, which creates a
       design challenge to protect the negotiation of the key management
       approach before it is used to produce cryptographic keys.

       Protocols can negotiate a key management approach, derive an initial
       cryptographic key, and then authenticate the negotiation.  However,
       if the authentication fails, the only recourse is to start the
       negotiation over from the beginning.

       Some environments will restrict the key management approaches by
       policy.  Such policies tend to improve interoperability within a
       particular environment, but they cause problems for individuals that
       need to work in multiple incompatible environments.

Reading section 2.5 again, and being well versed in both TLS and
GSSAPI (I commit code to both OpenSSL and Heimdal), I still have
no idea what it is saying.  In what sense is "key management" (which
for me means how keys are deployed and rotated) "negotiated" in
the protocol.

Is this talking about "Key Exchange" rather than "Key Management"?
Is the problem you have in mind that when, for example, negotiating
"GSSAPI" in SASL one might not know what that entails before deciding
to use GSSAPI over some other SASL mechanism?

Whatever this section is trying to say, I'm just not smart enough
to figure it out, even with the hint in this response.

> 
> Merging with comments from others, the current text is:
> 
>    Without clear mechanisms for algorithm and suite transition,
>    preserving interoperability becomes a difficult social problem.  For
>    example, consider web browsers.  Dropping support for an algorithm
>    suite can break connectivity to some web sites, and the browser
>    vendor will lose users by doing so.  This situation creates
>    incentives to support algorithm suites that would otherwise be
>    deprecated in order to preserve interoperability.

Works for me.

> > 	   Institutions, being large or dominate users within a large
> > 	   user base, can assist by coordinating the demise of an
> > 	   algorithm suite, making the rollover easier for their own
> > 	   users as well as others.
> > 
> >    Somehow the meaning of the above eludes me.  It needs a rewrite.
> 
> The point is that big customers can help with the social part of the
> transition by putting pressure on their suppliers.  I'm not sure what part
> to change to make that more clear for you.

    s/rollover/transition/ and change the introductory clause:

    Dominant, or otherwise sufficiently large, market players can ...

> > Section 2,7:
> > 
> >       When selecting or negotiating a suite of cryptographic algorithms,
> >       the strength of each algorithm SHOULD be considered.  The algorithms
> >       in a suite SHOULD be roughly equal;
> > 
> >    s/roughly equal/comparably strong/ or (to really spell it out):
> >                   /have comparable best known attack work-factors/
> > 
> >    However if a particular element of a suite is believed stronger
> >    than the rest, we don't need to get too pedantic about that.
> >    Slightly lop-sided choices are OK if the stronger outlier is
> >    adequately fast, and weaker variants are not widely used.
> 
> That was the point of "roughly".  Also, the second paragraph bring in the point about performance being a factor.
> 
> How about this:
> 
>    When selecting or negotiating a suite of cryptographic algorithms,
>    the strength of each algorithm SHOULD be considered.  The algorithms
>    in a suite SHOULD be roughly equal; however, the security service
>    provided by each algorithm in a particular context needs to be
>    considered when making the selection.  Algorithm strength needs to be
>    considered at the time a protocol is designed.  It also needs to be
>    considered at the time a protocol implementation is deployed and
>    configured.  Advice from from experts is useful, but in reality, such
>    advice is often unavailable to system administrators that are
>    deploying a protocol implementation.  For this reason, protocol
>    designers SHOULD provide clear guidance to implementors, leading to
>    balanced options being available at the time of deployment.

I do not think the greater length makes it clearer, perhaps the
original shorter version will do.

> >   Overall I think this text is wrong to weasel out.  Failure to
> >   negotiate the DH parameter size has proved rather problematic
> >   in TLS, with servers needing to guess at universally inteoperable
> >   prime bit length.  This is being addressed, with the DH groups
> >   extension now supporting standard prime groups as well as standard
> >   EC curves.  Underspecified algorithms MUST NOT be used.  Either
> >   fix the parameters, or negotiate them.
> 
> You raise an important point.  I suggest:
> 
>    Performance is always a factor is selecting cryptographic algorithms.
>    Performance and security need to be balanced.  Some algorithms offer
>    flexibility in their strength by adjusting the key size, number of
>    rounds, authentication tag size, prime group size, and so on.  For
>    example, TLS cipher suites include Diffie-Hellman or RSA without
>    specifying a particular public key length.  If the algorithm
>    identifier or suite identifier named a particular public key length,
>    migration to longer ones would be more difficult.  On the other hand,
>    inclusion of a public key length would make it easier to migrate away
>    from short ones when computational resources available to attacker
>    dictate the need to do so.  The flexibility on asymmetric key length
>    has lead to interoperability problems, and to avoid these problems in
>    the future any aspect of the algorithm not specified by the algorithm
>    identifier MUST be negotiated, including key size and parameters.

Better, but of course negotiating the strength of long-term public
keys is generally not possible, the server can't choose these on
the fly.  So the MUST is perhaps too strong.  Rather, protocol
designs SHOULD try to avoid unilateral choices of cryptographic
parameters to the extent possible.  Thus we should encourage
specification of a small set of explicit sizes or set of explicit
groups, ... and then negotiate their use.

-- 
	Viktor.


From nobody Wed Sep  2 14:34:54 2015
Return-Path: <ietf-dane@dukhovni.org>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5C79F1B546A for <saag@ietfa.amsl.com>; Wed,  2 Sep 2015 14:34:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level: 
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id S952vTbZo6gj for <saag@ietfa.amsl.com>; Wed,  2 Sep 2015 14:34:52 -0700 (PDT)
Received: from mournblade.imrryr.org (mournblade.imrryr.org [38.117.134.19]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 430911B5466 for <saag@ietf.org>; Wed,  2 Sep 2015 14:34:52 -0700 (PDT)
Received: by mournblade.imrryr.org (Postfix, from userid 1034) id A8A08284D23; Wed,  2 Sep 2015 21:34:51 +0000 (UTC)
Date: Wed, 2 Sep 2015 21:34:51 +0000
From: Viktor Dukhovni <ietf-dane@dukhovni.org>
To: saag@ietf.org
Message-ID: <20150902213451.GN9021@mournblade.imrryr.org>
References: <55A938F1.9090404@cs.tcd.ie> <20150720044849.GY28047@mournblade.imrryr.org> <20150726233935.GE4347@mournblade.imrryr.org> <078FB0AB-23F6-4A1E-85DF-0E56EC93554B@vigilsec.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <078FB0AB-23F6-4A1E-85DF-0E56EC93554B@vigilsec.com>
User-Agent: Mutt/1.5.23 (2014-03-12)
Archived-At: <http://mailarchive.ietf.org/arch/msg/saag/oT0SywnJ0BvQE645lm9viLVhpLM>
Subject: Re: [saag] AD review of draft-iab-crypto-alg-agility-06
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: saag@ietf.org
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 02 Sep 2015 21:34:53 -0000

On Wed, Sep 02, 2015 at 05:18:10PM -0400, Russ Housley wrote:

> How about:
> 
>    It may seem as if the ability to use an algorithm of one's own
>    choosing is very desirable; however, the selection is often better
>    left to experts.  When there are choices, end-users might select
>    between configuration profiles that have been defined by experts.

Super.

>    Further, experts need not specify each and every cryptographic
>    algorithm alternative.  Specifying all possible choices will not lead
>    to them being available in every implementation.

That's fine.

> I suggest:
> 
>    In addition, inclusion of too many alternatives may
>    add complexity to algorithm selection or negotiation.  Specification
>    of  too many alternatives will likely hamper interoperability and may
>    hamper security as well.  When specifying new algorithms or suites,
>    protocol designers would be prudent to consider whether existing
>    ones can be deprecated.

Fine.

-- 
	Viktor.


From nobody Wed Sep  2 15:06:48 2015
Return-Path: <barryleiba.mailing.lists@gmail.com>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A63B11A1BED for <saag@ietfa.amsl.com>; Wed,  2 Sep 2015 15:06:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.278
X-Spam-Level: 
X-Spam-Status: No, score=-1.278 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FM_FORGED_GMAIL=0.622, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GBv2mj0PIb6C for <saag@ietfa.amsl.com>; Wed,  2 Sep 2015 15:06:46 -0700 (PDT)
Received: from mail-ig0-x22c.google.com (mail-ig0-x22c.google.com [IPv6:2607:f8b0:4001:c05::22c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2F45E1A8737 for <saag@ietf.org>; Wed,  2 Sep 2015 15:06:46 -0700 (PDT)
Received: by igbut12 with SMTP id ut12so25655726igb.1 for <saag@ietf.org>; Wed, 02 Sep 2015 15:06:45 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;  h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:content-type; bh=oGl7PXR6sl5ci0LtSB4UiBYkLmkwKgJVH07GrE4ohLg=; b=Fus8qdWQ7hu+p1ziTlhk4Z7EXxwxsDMvZq5GLT0GHG8pshKiBGlAB+mvVi9kAVSQZN 6xXy5uhI2lPVqg4L0MiYe0kEb+JsFg9EBJobBPP79hpTyoVqffj9zW+HDqvQWzi/zADF L20qoMRvEUNhOHIQMKkSIcw0CRvNg9m8BnjG0sgY5e5ApfNEYxJvUZo/XyE1YMEBgiMA ZXUXC7dAaipqVP3cDn+FOw1U/xdww6V04i2HH7br22gclHg2E/m0QP39QOlKdzwc3E5g 4SAWAP3kQiUbQqR2UHS7HSsdHTNMsehPzQyD9b4pI4iXW+26y7nTgJcA7+C4owM1kqLm lrUw==
MIME-Version: 1.0
X-Received: by 10.50.83.104 with SMTP id p8mr7281596igy.90.1441231605444; Wed, 02 Sep 2015 15:06:45 -0700 (PDT)
Sender: barryleiba.mailing.lists@gmail.com
Received: by 10.107.17.24 with HTTP; Wed, 2 Sep 2015 15:06:45 -0700 (PDT)
In-Reply-To: <20150902040145.GD9021@mournblade.imrryr.org>
References: <CAHbuEH6w+O-TSA9SRP-9TrM+Hdh+vn7Me+tdJrFTNY_-Nbenug@mail.gmail.com> <20150901165526.GU9021@mournblade.imrryr.org> <4F6E430F-61E7-46BA-9B4A-8E12156B62FA@vigilsec.com> <20150901211906.GA9021@mournblade.imrryr.org> <E44EE5B3-1469-49D7-9C15-299230E13779@vigilsec.com> <tsl8u8pmzta.fsf@mit.edu> <92D9378E-4724-4721-A5F4-26614D96831E@gmail.com> <20150902040145.GD9021@mournblade.imrryr.org>
Date: Wed, 2 Sep 2015 18:06:45 -0400
X-Google-Sender-Auth: dM6XO2355QZqrDL1TPn9u1-R3u8
Message-ID: <CAC4RtVBJQX+B3XvnGnUpHbHdyw08Yn+CEGXML7K+c3q2pLNa7w@mail.gmail.com>
From: Barry Leiba <barryleiba@computer.org>
To: saag <saag@ietf.org>
Content-Type: text/plain; charset=UTF-8
Archived-At: <http://mailarchive.ietf.org/arch/msg/saag/DLfdHraPB4wR-26CK0jvNNir9Bg>
Subject: Re: [saag] Section 2.9: was Re: AD review of draft-iab-crypto-alg-agility-06
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 02 Sep 2015 22:06:47 -0000

(Responding to the thread in general, not to VIktor's note in particular.)

I honestly don't see why this issue is relevant to agility at all, and
I would just strike the mention altogether, as I don't think it
affects the point that we need to have the ability to change
algorithms baked into the protocol and designed into the software.

The point of OS is to negotiate the best security we can, and be
willing to accept a certain minimal security level, where the
definition of what's minimally acceptable will change from one
situation to another.

Algorithm agility can help us achieve that, and that might be worth
saying.  But whether in a particular OS situation we care willing to
negotiate something that we'd otherwise consider deprecated is a
question unto itself, not one that guidance on algorithm agility needs
to discuss.

Barry

On Wed, Sep 2, 2015 at 12:01 AM, Viktor Dukhovni <ietf-dane@dukhovni.org> wrote:
> On Tue, Sep 01, 2015 at 11:09:23PM -0400, Kathleen Moriarty wrote:
>
>> I think the proposed text is a lot better than what was there and I think
>> there is consensus around it.  Once you get more specific, then you are
>> moving away from what was agreed upon in the OS draft.  Doing that would
>> require quite a bit more discussion.
>>
>> The proposed text reads well to me and keeps us more consistent - use of
>> weaker crypto for OS is limited to legacy deployments and is not okay for
>> authenticated and encrypted sessions for OS, just unauthenticated.  If
>> you have a proposal for text that keeps within the space where I think we
>> have consensus, then I'm okay with change otherwise I'm not.  It might
>> take reading through this draft and the OS RFC, once that has been done,
>> this text makes sense... Reading big through the discussion on this over
>> the past week or so may help as well.
>
> I am not saying the proposed text is wrong on its substance, rather
> I am a somewhat concerned about what seems to be misplaced emphasis.
> I think Sam agrees along essentially the same lines.
>
> I've not suggested a specific remedy, just throwing ideas out there
> and hoping they might be useful.
>
> In part I don't think I should be the only one doing all the
> explaining of OS, it is best if others can make additional
> contributions to the formulation of a refined consensus in this
> area.
>
> It would I think be better to note that OS (when unauthenticated
> and provies only passive protection) is not fundamentally about
> use of weaker crypto.  Rather it is about doing as much better than
> cleartext as one can, and agility is helpful, but more quickly on
> the uptake of new algos than deprecation of legacy algos, because
> interop considerations and avoiding cleartext trump the urgency of
> deprecating weak crypto.
>
> That said, that's just how I see it, and I don't want force my
> formulation on everyone else, so if there are other ways to improve
> the text (change of emphasis) that's fine.
>
> --
>         Viktor.
>
> _______________________________________________
> saag mailing list
> saag@ietf.org
> https://www.ietf.org/mailman/listinfo/saag


From nobody Wed Sep  2 15:15:02 2015
Return-Path: <housley@vigilsec.com>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EC8EB1B2D91 for <saag@ietfa.amsl.com>; Wed,  2 Sep 2015 15:14:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -101.9
X-Spam-Level: 
X-Spam-Status: No, score=-101.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, USER_IN_WHITELIST=-100] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id STezTWJpMZls for <saag@ietfa.amsl.com>; Wed,  2 Sep 2015 15:14:52 -0700 (PDT)
Received: from odin.smetech.net (x-bolt-wan.smeinc.net [209.135.219.146]) by ietfa.amsl.com (Postfix) with ESMTP id 5EADF1B2BB7 for <saag@ietf.org>; Wed,  2 Sep 2015 15:14:52 -0700 (PDT)
Received: from localhost (unknown [209.135.209.5]) by odin.smetech.net (Postfix) with ESMTP id D47D0F24157; Wed,  2 Sep 2015 18:14:41 -0400 (EDT)
X-Virus-Scanned: amavisd-new at smetech.net
Received: from odin.smetech.net ([209.135.209.4]) by localhost (ronin.smeinc.net [209.135.209.5]) (amavisd-new, port 10024) with ESMTP id 0GRJG6QIzt+I; Wed,  2 Sep 2015 18:13:15 -0400 (EDT)
Received: from [192.168.2.100] (pool-108-51-128-219.washdc.fios.verizon.net [108.51.128.219]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by odin.smetech.net (Postfix) with ESMTP id D5E8AF2413C; Wed,  2 Sep 2015 18:14:11 -0400 (EDT)
Mime-Version: 1.0 (Apple Message framework v1085)
Content-Type: text/plain; charset=us-ascii
From: Russ Housley <housley@vigilsec.com>
In-Reply-To: <CAC4RtVBJQX+B3XvnGnUpHbHdyw08Yn+CEGXML7K+c3q2pLNa7w@mail.gmail.com>
Date: Wed, 2 Sep 2015 18:14:01 -0400
Content-Transfer-Encoding: quoted-printable
Message-Id: <A8177403-DD2A-4C18-879E-0DEA21C3DE04@vigilsec.com>
References: <CAHbuEH6w+O-TSA9SRP-9TrM+Hdh+vn7Me+tdJrFTNY_-Nbenug@mail.gmail.com> <20150901165526.GU9021@mournblade.imrryr.org> <4F6E430F-61E7-46BA-9B4A-8E12156B62FA@vigilsec.com> <20150901211906.GA9021@mournblade.imrryr.org> <E44EE5B3-1469-49D7-9C15-299230E13779@vigilsec.com> <tsl8u8pmzta.fsf@mit.edu> <92D9378E-4724-4721-A5F4-26614D96831E@gmail.com> <20150902040145.GD9021@mournblade.imrryr.org> <CAC4RtVBJQX+B3XvnGnUpHbHdyw08Yn+CEGXML7K+c3q2pLNa7w@mail.gmail.com>
To: Barry Leiba <barryleiba@computer.org>
X-Mailer: Apple Mail (2.1085)
Archived-At: <http://mailarchive.ietf.org/arch/msg/saag/m4GLExqikBLb09MgeaUlfklK5Fc>
Cc: saag <saag@ietf.org>
Subject: Re: [saag] Section 2.9: was Re: AD review of draft-iab-crypto-alg-agility-06
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 02 Sep 2015 22:14:55 -0000

Barry:

I think the only point is that someone might want to use an algorithm =
for OS that would otherwise be deprecated.

Maybe the IESG can discuss this point on the call tomorrow and offer =
some advice.

Russ


On Sep 2, 2015, at 6:06 PM, Barry Leiba wrote:

> (Responding to the thread in general, not to VIktor's note in =
particular.)
>=20
> I honestly don't see why this issue is relevant to agility at all, and
> I would just strike the mention altogether, as I don't think it
> affects the point that we need to have the ability to change
> algorithms baked into the protocol and designed into the software.
>=20
> The point of OS is to negotiate the best security we can, and be
> willing to accept a certain minimal security level, where the
> definition of what's minimally acceptable will change from one
> situation to another.
>=20
> Algorithm agility can help us achieve that, and that might be worth
> saying.  But whether in a particular OS situation we care willing to
> negotiate something that we'd otherwise consider deprecated is a
> question unto itself, not one that guidance on algorithm agility needs
> to discuss.
>=20
> Barry
>=20
> On Wed, Sep 2, 2015 at 12:01 AM, Viktor Dukhovni =
<ietf-dane@dukhovni.org> wrote:
>> On Tue, Sep 01, 2015 at 11:09:23PM -0400, Kathleen Moriarty wrote:
>>=20
>>> I think the proposed text is a lot better than what was there and I =
think
>>> there is consensus around it.  Once you get more specific, then you =
are
>>> moving away from what was agreed upon in the OS draft.  Doing that =
would
>>> require quite a bit more discussion.
>>>=20
>>> The proposed text reads well to me and keeps us more consistent - =
use of
>>> weaker crypto for OS is limited to legacy deployments and is not =
okay for
>>> authenticated and encrypted sessions for OS, just unauthenticated.  =
If
>>> you have a proposal for text that keeps within the space where I =
think we
>>> have consensus, then I'm okay with change otherwise I'm not.  It =
might
>>> take reading through this draft and the OS RFC, once that has been =
done,
>>> this text makes sense... Reading big through the discussion on this =
over
>>> the past week or so may help as well.
>>=20
>> I am not saying the proposed text is wrong on its substance, rather
>> I am a somewhat concerned about what seems to be misplaced emphasis.
>> I think Sam agrees along essentially the same lines.
>>=20
>> I've not suggested a specific remedy, just throwing ideas out there
>> and hoping they might be useful.
>>=20
>> In part I don't think I should be the only one doing all the
>> explaining of OS, it is best if others can make additional
>> contributions to the formulation of a refined consensus in this
>> area.
>>=20
>> It would I think be better to note that OS (when unauthenticated
>> and provies only passive protection) is not fundamentally about
>> use of weaker crypto.  Rather it is about doing as much better than
>> cleartext as one can, and agility is helpful, but more quickly on
>> the uptake of new algos than deprecation of legacy algos, because
>> interop considerations and avoiding cleartext trump the urgency of
>> deprecating weak crypto.
>>=20
>> That said, that's just how I see it, and I don't want force my
>> formulation on everyone else, so if there are other ways to improve
>> the text (change of emphasis) that's fine.
>>=20
>> --
>>        Viktor.
>>=20
>> _______________________________________________
>> saag mailing list
>> saag@ietf.org
>> https://www.ietf.org/mailman/listinfo/saag
>=20
> _______________________________________________
> saag mailing list
> saag@ietf.org
> https://www.ietf.org/mailman/listinfo/saag


From nobody Wed Sep  2 15:17:11 2015
Return-Path: <kathleen.moriarty.ietf@gmail.com>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9479C1B37C7 for <saag@ietfa.amsl.com>; Wed,  2 Sep 2015 15:17:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level: 
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9,  DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zAurCQRl35i7 for <saag@ietfa.amsl.com>; Wed,  2 Sep 2015 15:17:07 -0700 (PDT)
Received: from mail-wi0-x22e.google.com (mail-wi0-x22e.google.com [IPv6:2a00:1450:400c:c05::22e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 664631B3485 for <saag@ietf.org>; Wed,  2 Sep 2015 15:17:07 -0700 (PDT)
Received: by wiclp12 with SMTP id lp12so33337382wic.1 for <saag@ietf.org>; Wed, 02 Sep 2015 15:17:06 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;  h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=DFgXJfibdOTq+q5KeUkB6TmzUMcX20bgZiANjs0PKi4=; b=rNsjtXD/LrnwcH+wVc4BsjIF2fs1ed4k9B25iGmkINWAo/wurUJI8pcUOgJk6kMR5t FjtMKzo/cnUs+8IgmXiC5/giHvFKHEUz9nGf6y9uCvdVBAis3FAmPDzvXbEQB5pqbQsH si6szBfOMp2Xnl/Kg2aZcpj3xaSnRZzqSN9p1vByisciNI8DJtlKbu7GMFWffKtqEM7Y SIfJEHo8pKAyVdsgSCW+4TkoCBJcRV7SePfI84hREnGJssdJ7qqF6LW4a7xzXuNL8jcM K3hLOdojxFDgDBRqMfXCh1qbAghx/HlBwbVSeCg12Qnk3YxSUhxIP/KCGN8UxvAkhj8s SwZg==
MIME-Version: 1.0
X-Received: by 10.180.86.231 with SMTP id s7mr7569054wiz.90.1441232225940; Wed, 02 Sep 2015 15:17:05 -0700 (PDT)
Received: by 10.28.157.84 with HTTP; Wed, 2 Sep 2015 15:17:05 -0700 (PDT)
In-Reply-To: <CAC4RtVBJQX+B3XvnGnUpHbHdyw08Yn+CEGXML7K+c3q2pLNa7w@mail.gmail.com>
References: <CAHbuEH6w+O-TSA9SRP-9TrM+Hdh+vn7Me+tdJrFTNY_-Nbenug@mail.gmail.com> <20150901165526.GU9021@mournblade.imrryr.org> <4F6E430F-61E7-46BA-9B4A-8E12156B62FA@vigilsec.com> <20150901211906.GA9021@mournblade.imrryr.org> <E44EE5B3-1469-49D7-9C15-299230E13779@vigilsec.com> <tsl8u8pmzta.fsf@mit.edu> <92D9378E-4724-4721-A5F4-26614D96831E@gmail.com> <20150902040145.GD9021@mournblade.imrryr.org> <CAC4RtVBJQX+B3XvnGnUpHbHdyw08Yn+CEGXML7K+c3q2pLNa7w@mail.gmail.com>
Date: Wed, 2 Sep 2015 18:17:05 -0400
Message-ID: <CAHbuEH4SFdp1Mu51+Cn7oAuAfM6qp3PdCgykzgtvoBdAKXstZQ@mail.gmail.com>
From: Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com>
To: Barry Leiba <barryleiba@computer.org>
Content-Type: text/plain; charset=UTF-8
Archived-At: <http://mailarchive.ietf.org/arch/msg/saag/_mT_JeLBRNZrL8-5KD0_AiTLeGo>
Cc: saag <saag@ietf.org>
Subject: Re: [saag] Section 2.9: was Re: AD review of draft-iab-crypto-alg-agility-06
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 02 Sep 2015 22:17:09 -0000

On Wed, Sep 2, 2015 at 6:06 PM, Barry Leiba <barryleiba@computer.org> wrote:
> (Responding to the thread in general, not to VIktor's note in particular.)
>
> I honestly don't see why this issue is relevant to agility at all, and
> I would just strike the mention altogether, as I don't think it
> affects the point that we need to have the ability to change
> algorithms baked into the protocol and designed into the software.
>
> The point of OS is to negotiate the best security we can, and be
> willing to accept a certain minimal security level, where the
> definition of what's minimally acceptable will change from one
> situation to another.
>
> Algorithm agility can help us achieve that, and that might be worth
> saying.  But whether in a particular OS situation we care willing to
> negotiate something that we'd otherwise consider deprecated is a
> question unto itself, not one that guidance on algorithm agility needs
> to discuss.

In general, I would agree, but after doing much reading and following
this thread, I think this is important text.  There are specific
caveats to using deprecated crypto with OS and they are important to
understand so that we don't wind up with an overly general explanation
that says "it's okay to use deprecated crypto with OS".  It is, but
only in certain situations.  I don't think this has been clear enough,
so the updated text is helpful.

Thanks,
Kathleen

>
> Barry
>
> On Wed, Sep 2, 2015 at 12:01 AM, Viktor Dukhovni <ietf-dane@dukhovni.org> wrote:
>> On Tue, Sep 01, 2015 at 11:09:23PM -0400, Kathleen Moriarty wrote:
>>
>>> I think the proposed text is a lot better than what was there and I think
>>> there is consensus around it.  Once you get more specific, then you are
>>> moving away from what was agreed upon in the OS draft.  Doing that would
>>> require quite a bit more discussion.
>>>
>>> The proposed text reads well to me and keeps us more consistent - use of
>>> weaker crypto for OS is limited to legacy deployments and is not okay for
>>> authenticated and encrypted sessions for OS, just unauthenticated.  If
>>> you have a proposal for text that keeps within the space where I think we
>>> have consensus, then I'm okay with change otherwise I'm not.  It might
>>> take reading through this draft and the OS RFC, once that has been done,
>>> this text makes sense... Reading big through the discussion on this over
>>> the past week or so may help as well.
>>
>> I am not saying the proposed text is wrong on its substance, rather
>> I am a somewhat concerned about what seems to be misplaced emphasis.
>> I think Sam agrees along essentially the same lines.
>>
>> I've not suggested a specific remedy, just throwing ideas out there
>> and hoping they might be useful.
>>
>> In part I don't think I should be the only one doing all the
>> explaining of OS, it is best if others can make additional
>> contributions to the formulation of a refined consensus in this
>> area.
>>
>> It would I think be better to note that OS (when unauthenticated
>> and provies only passive protection) is not fundamentally about
>> use of weaker crypto.  Rather it is about doing as much better than
>> cleartext as one can, and agility is helpful, but more quickly on
>> the uptake of new algos than deprecation of legacy algos, because
>> interop considerations and avoiding cleartext trump the urgency of
>> deprecating weak crypto.
>>
>> That said, that's just how I see it, and I don't want force my
>> formulation on everyone else, so if there are other ways to improve
>> the text (change of emphasis) that's fine.
>>
>> --
>>         Viktor.
>>
>> _______________________________________________
>> saag mailing list
>> saag@ietf.org
>> https://www.ietf.org/mailman/listinfo/saag
>
> _______________________________________________
> saag mailing list
> saag@ietf.org
> https://www.ietf.org/mailman/listinfo/saag



-- 

Best regards,
Kathleen


From nobody Wed Sep  2 15:24:20 2015
Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D2D6F1B3278 for <saag@ietfa.amsl.com>; Wed,  2 Sep 2015 15:24:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.311
X-Spam-Level: 
X-Spam-Status: No, score=-4.311 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id b87hYu16VMk2 for <saag@ietfa.amsl.com>; Wed,  2 Sep 2015 15:24:17 -0700 (PDT)
Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 080311B2E78 for <saag@ietf.org>; Wed,  2 Sep 2015 15:24:17 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id 2374BBDD0; Wed,  2 Sep 2015 23:24:15 +0100 (IST)
X-Virus-Scanned: Debian amavisd-new at scss.tcd.ie
Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Y1mWNtuy3t9H; Wed,  2 Sep 2015 23:24:14 +0100 (IST)
Received: from [10.87.48.73] (unknown [86.42.21.56]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id 3DEFCBDCC; Wed,  2 Sep 2015 23:24:13 +0100 (IST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cs.tcd.ie; s=mail; t=1441232654; bh=2ZZ7/A3gUhIQnpRkt1IDBEqMogyDuX8lADsWuZLwqG0=; h=Subject:To:References:Cc:From:Date:In-Reply-To:From; b=0KQl9ebHqFLoKpL5XjsemK4rsSbfy2ZPoRLEY6obiJWwQRJ7tdbqBVU6WFZPsxD9N JPvxajrk0gpys86910ZU+q0y/ACXAn6Zyv7by1yMAQXpMaQQP7j2lcgIy0TdihXb3l fwkEsuRbmrvs++ivTyUr9y0vA+5uqqrNWNDbWucY=
To: Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com>, Barry Leiba <barryleiba@computer.org>
References: <CAHbuEH6w+O-TSA9SRP-9TrM+Hdh+vn7Me+tdJrFTNY_-Nbenug@mail.gmail.com> <20150901165526.GU9021@mournblade.imrryr.org> <4F6E430F-61E7-46BA-9B4A-8E12156B62FA@vigilsec.com> <20150901211906.GA9021@mournblade.imrryr.org> <E44EE5B3-1469-49D7-9C15-299230E13779@vigilsec.com> <tsl8u8pmzta.fsf@mit.edu> <92D9378E-4724-4721-A5F4-26614D96831E@gmail.com> <20150902040145.GD9021@mournblade.imrryr.org> <CAC4RtVBJQX+B3XvnGnUpHbHdyw08Yn+CEGXML7K+c3q2pLNa7w@mail.gmail.com> <CAHbuEH4SFdp1Mu51+Cn7oAuAfM6qp3PdCgykzgtvoBdAKXstZQ@mail.gmail.com>
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Openpgp: id=D66EA7906F0B897FB2E97D582F3C8736805F8DA2; url=
Message-ID: <55E7770C.2010202@cs.tcd.ie>
Date: Wed, 2 Sep 2015 23:24:12 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.2.0
MIME-Version: 1.0
In-Reply-To: <CAHbuEH4SFdp1Mu51+Cn7oAuAfM6qp3PdCgykzgtvoBdAKXstZQ@mail.gmail.com>
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/saag/HmVhoh3gPUSpagN1YdfL68pQgIY>
Cc: saag <saag@ietf.org>
Subject: Re: [saag] Section 2.9: was Re: AD review of draft-iab-crypto-alg-agility-06
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 02 Sep 2015 22:24:19 -0000

On 02/09/15 23:17, Kathleen Moriarty wrote:
> In general, I would agree, but after doing much reading and following
> this thread, I think this is important text.  There are specific
> caveats to using deprecated crypto with OS and they are important to
> understand so that we don't wind up with an overly general explanation
> that says "it's okay to use deprecated crypto with OS".  It is, but
> only in certain situations.  I don't think this has been clear enough,
> so the updated text is helpful.

FWIW, I agree with the above.

S.


From nobody Wed Sep  2 15:34:22 2015
Return-Path: <ietf-dane@dukhovni.org>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B59BD1B5517 for <saag@ietfa.amsl.com>; Wed,  2 Sep 2015 15:34:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level: 
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rTxUlAAPA_jg for <saag@ietfa.amsl.com>; Wed,  2 Sep 2015 15:34:19 -0700 (PDT)
Received: from mournblade.imrryr.org (mournblade.imrryr.org [38.117.134.19]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 25A5A1B553F for <saag@ietf.org>; Wed,  2 Sep 2015 15:34:19 -0700 (PDT)
Received: by mournblade.imrryr.org (Postfix, from userid 1034) id 4FF1D284D23; Wed,  2 Sep 2015 22:34:18 +0000 (UTC)
Date: Wed, 2 Sep 2015 22:34:18 +0000
From: Viktor Dukhovni <ietf-dane@dukhovni.org>
To: saag@ietf.org
Message-ID: <20150902223418.GS9021@mournblade.imrryr.org>
References: <CAHbuEH6w+O-TSA9SRP-9TrM+Hdh+vn7Me+tdJrFTNY_-Nbenug@mail.gmail.com> <20150901165526.GU9021@mournblade.imrryr.org> <4F6E430F-61E7-46BA-9B4A-8E12156B62FA@vigilsec.com> <20150901211906.GA9021@mournblade.imrryr.org> <E44EE5B3-1469-49D7-9C15-299230E13779@vigilsec.com> <tsl8u8pmzta.fsf@mit.edu> <92D9378E-4724-4721-A5F4-26614D96831E@gmail.com> <20150902040145.GD9021@mournblade.imrryr.org> <CAC4RtVBJQX+B3XvnGnUpHbHdyw08Yn+CEGXML7K+c3q2pLNa7w@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <CAC4RtVBJQX+B3XvnGnUpHbHdyw08Yn+CEGXML7K+c3q2pLNa7w@mail.gmail.com>
User-Agent: Mutt/1.5.23 (2014-03-12)
Archived-At: <http://mailarchive.ietf.org/arch/msg/saag/Ur_MjmewCF2j6zIY13Hn6TrpKLQ>
Subject: Re: [saag] Section 2.9: was Re: AD review of draft-iab-crypto-alg-agility-06
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: saag@ietf.org
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 02 Sep 2015 22:34:20 -0000

On Wed, Sep 02, 2015 at 06:06:45PM -0400, Barry Leiba wrote:

> (Responding to the thread in general, not to Viktor's note in particular.)
> 
> I honestly don't see why this issue is relevant to agility at all, and
> I would just strike the mention altogether, as I don't think it
> affects the point that we need to have the ability to change
> algorithms baked into the protocol and designed into the software.
> 
> The point of OS is to negotiate the best security we can, and be
> willing to accept a certain minimal security level, where the
> definition of what's minimally acceptable will change from one
> situation to another.
> 
> Algorithm agility can help us achieve that, and that might be worth
> saying.  But whether in a particular OS situation we care willing to
> negotiate something that we'd otherwise consider deprecated is a
> question unto itself, not one that guidance on algorithm agility needs
> to discuss.

Barry's suggestion works for me.  Perhaps this document need not
be the one to clarify cipher deprecation for OS.

But if it does, some text to make it clear that OS is about using
the *strongest available* crypto, not weak crypto.  But crypto
weaker than would otherwise be acceptable, may be acceptable with
OS for some time to facilitate interoperability with legacy systems.

It can be a sentence or two, just enough to not give the impression
that weak crypto is preferred with OS.

-- 
	Viktor.


From nobody Thu Sep  3 04:56:11 2015
Return-Path: <lear@cisco.com>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6716D1B3633 for <saag@ietfa.amsl.com>; Thu,  3 Sep 2015 04:56:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.511
X-Spam-Level: 
X-Spam-Status: No, score=-14.511 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZPR-kU-_cMs0 for <saag@ietfa.amsl.com>; Thu,  3 Sep 2015 04:56:09 -0700 (PDT)
Received: from aer-iport-2.cisco.com (aer-iport-2.cisco.com [173.38.203.52]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B6CF61B32C9 for <saag@ietf.org>; Thu,  3 Sep 2015 04:56:08 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=2043; q=dns/txt; s=iport; t=1441281368; x=1442490968; h=subject:to:references:from:message-id:date:mime-version: in-reply-to; bh=DQnmxNeUiY8a+pKkt8SQchIvBYdge1gKnPWlt2xNlOI=; b=Is8HOPM8aiilASstEa79vTW9TezHCEWhpLw8RVgDXFTueGZv0CWeREdj R0E1+DdUGGYDB+vX8sXjp7sO5RxPxHjadJZd3bMwZPz1dSh+m63f3IIXA Ix4z2LzBIz6rFCGhWehEPmVa7V+Ln6L8Tj6UDG3Zsa9LBH+HehtDQFawQ s=;
X-Files: signature.asc : 481
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0ANAwAdNOhV/xbLJq1dh3y6LwqHcgKBbBQBAQEBAQEBgQqEJAEBBCNVEQsYCRYLAgIJAwIBAgFFBgEMCAEBiCq1XZRPAQEBAQEBAQMBAQEBAQEBG4tuhRKCaYFDAQSVToJBgVyDV4UDiHiRdyaEAjyJfwEBAQ
X-IronPort-AV: E=Sophos;i="5.17,461,1437436800";  d="asc'?scan'208";a="611363638"
Received: from aer-iport-nat.cisco.com (HELO aer-core-2.cisco.com) ([173.38.203.22]) by aer-iport-2.cisco.com with ESMTP; 03 Sep 2015 11:56:05 +0000
Received: from [10.61.99.144] (dhcp-10-61-99-144.cisco.com [10.61.99.144]) by aer-core-2.cisco.com (8.14.5/8.14.5) with ESMTP id t83Bu5hH019889; Thu, 3 Sep 2015 11:56:05 GMT
To: Russ Housley <housley@vigilsec.com>, saag@ietf.org
References: <55A938F1.9090404@cs.tcd.ie> <20150720044849.GY28047@mournblade.imrryr.org> <B866063D-C1A8-4286-83E1-9EBAE7994297@vigilsec.com>
From: Eliot Lear <lear@cisco.com>
X-Enigmail-Draft-Status: N1110
Message-ID: <55E83554.6010808@cisco.com>
Date: Thu, 3 Sep 2015 13:56:04 +0200
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:38.0) Gecko/20100101 Thunderbird/38.2.0
MIME-Version: 1.0
In-Reply-To: <B866063D-C1A8-4286-83E1-9EBAE7994297@vigilsec.com>
Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="H7xnUmKbndAJUs6Pu4W5luGIDK6a6xE7B"
Archived-At: <http://mailarchive.ietf.org/arch/msg/saag/Ohj3L7dRFC8Wl9xLfXk9EXITWZg>
Subject: Re: [saag] AD review of draft-iab-crypto-alg-agility-06
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 03 Sep 2015 11:56:10 -0000

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--H7xnUmKbndAJUs6Pu4W5luGIDK6a6xE7B
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable

Hi Russ,

Just one comment:

On 9/2/15 10:48 PM, Russ Housley wrote:
> Merging with comments from others, the current text is:
>
>    Without clear mechanisms for algorithm and suite transition,
>    preserving interoperability becomes a difficult social problem.  For=

>    example, consider web browsers.  Dropping support for an algorithm
>    suite can break connectivity to some web sites, and the browser
>    vendor will lose users by doing so.  This situation creates
>    incentives to support algorithm suites that would otherwise be
>    deprecated in order to preserve interoperability.

Honestly this paragraph is confusing.  It's opaque because it's not
clear whether you're aiming at a strawman of where TLS doesn't support
agility or the case of long lived root or intermediate certificates.  If
it's the former, can you find a more current example?  And the last
sentence is just flat out ambiguous, although in an amusing sort of way
(who deprecates in order to preserve interoperability?).

I can't propose replacement text here because of the ambiguities...

Eliot


--H7xnUmKbndAJUs6Pu4W5luGIDK6a6xE7B
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2

iQEcBAEBCAAGBQJV6DVVAAoJEIe2a0bZ0noz3P4H/0akjssiPutRHeVC2rsSIyWa
C5cR1rNkB/xnfWyzL5hDxE/YluSG/y3kDu4avvGhe+YSUJh1UDWz1WiJmxP6+WM1
hiUOosaV60Q+zQpf07MLmz9J9VuZ2le7Kd+GYh+Uui45n+BKWcrDdqRY/H2B9sOZ
z8CPrKLMVHCPIRaE8Cql4Fn0TnmOL84KIdyHVQmPOh3xMsBws9Ajm/crNArK0hP/
yog4XR02MWWhDTJdGFRpR+ubMzbszFFyeStEcZB2Og1rcrT50cxXkrMGvGCCkUmJ
UbgqLktn/Vk14f3cT/6kijqZOJJOincdEAyyfhAKQ5t1z/azgR66cMwaP+oEV9s=
=uDtK
-----END PGP SIGNATURE-----

--H7xnUmKbndAJUs6Pu4W5luGIDK6a6xE7B--


From nobody Thu Sep  3 07:57:10 2015
Return-Path: <lear@cisco.com>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 96BCB1B4966 for <saag@ietfa.amsl.com>; Thu,  3 Sep 2015 07:57:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.511
X-Spam-Level: 
X-Spam-Status: No, score=-14.511 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pT81pXsuli23 for <saag@ietfa.amsl.com>; Thu,  3 Sep 2015 07:57:06 -0700 (PDT)
Received: from aer-iport-1.cisco.com (aer-iport-1.cisco.com [173.38.203.51]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7B4EC1B4957 for <saag@ietf.org>; Thu,  3 Sep 2015 07:57:05 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=1371; q=dns/txt; s=iport; t=1441292225; x=1442501825; h=subject:to:references:from:message-id:date:mime-version: in-reply-to; bh=Obe+iVSeW4edTm54f9Szh3YZ1F1YUqQPmP/8qw1QPxI=; b=G2HZS+CIiYMt/Y2M6J8k06YVTomMoZ4c+sKL7X5+SYw4cbmtQOfHKUrP iW2kBbST1WvWSFcSPeq0ByTdELIRBDZcIF/xarCeTw16nq4NdZQ7zwA9Y osb61vS2u/qEaMqgWuk48SbdHCG7Foi/HjBaWuAOs3zvmhD/TXkdUfRUG M=;
X-Files: signature.asc : 481
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0CqBACoXuhV/xbLJq1dh3y6OodyAoFyEwEBAQEBAQGBCoQkAQEEI1URCxgJFgsCAgkDAgECAUUTCAEBiCq2eZRSAQEBBwIgi26FEheCUoFDAQSSMoMfgkGBXIhaiHiRdyaCEByBVjyJfwEBAQ
X-IronPort-AV: E=Sophos;i="5.17,462,1437436800";  d="asc'?scan'208";a="629492945"
Received: from aer-iport-nat.cisco.com (HELO aer-core-1.cisco.com) ([173.38.203.22]) by aer-iport-1.cisco.com with ESMTP; 03 Sep 2015 14:57:03 +0000
Received: from [10.61.222.22] ([10.61.222.22]) by aer-core-1.cisco.com (8.14.5/8.14.5) with ESMTP id t83Ev3aS018976 for <saag@ietf.org>; Thu, 3 Sep 2015 14:57:03 GMT
To: saag@ietf.org
References: <20150824212907.GN9021@mournblade.imrryr.org> <619ffebb05ba4e2a9af03a6dcc768d6e@ustx2ex-dag1mb2.msg.corp.akamai.com> <20150824215037.GO9021@mournblade.imrryr.org> <9A043F3CF02CD34C8E74AC1594475C73F4AE62A1@uxcn10-5.UoA.auckland.ac.nz> <20150825134333.GX9021@mournblade.imrryr.org> <6b5167f3d0684a8a91caa6d37dec65e3@ustx2ex-dag1mb2.msg.corp.akamai.com> <20150825160627.GH9021@mournblade.imrryr.org> <55DC961A.903@cs.tcd.ie> <20150825165539.GL9021@mournblade.imrryr.org> <55DDA7E4.1090807@cisco.com> <20150826135043.GU9021@mournblade.imrryr.org>
From: Eliot Lear <lear@cisco.com>
Message-ID: <55E85FBE.7030609@cisco.com>
Date: Thu, 3 Sep 2015 16:57:02 +0200
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:38.0) Gecko/20100101 Thunderbird/38.2.0
MIME-Version: 1.0
In-Reply-To: <20150826135043.GU9021@mournblade.imrryr.org>
Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="cqMhxF5l5h1xFUh8G4XXvbfPcOkv3GB4E"
Archived-At: <http://mailarchive.ietf.org/arch/msg/saag/N8Quyv3YfnVF2LEVQeBsj7JGAMA>
Subject: Re: [saag] AD review of draft-iab-crypto-alg-agility-06
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 03 Sep 2015 14:57:07 -0000

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--cqMhxF5l5h1xFUh8G4XXvbfPcOkv3GB4E
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable

Hi Victor,

Sorry for the delay.

On 8/26/15 3:50 PM, Viktor Dukhovni wrote:
> Are there many servers out there with 512-bit DH keys not only for
> export ciphers but across the board?

It's clearly not present on most servers, but it is out there.  I expect
a cleanup has been going on because I'm seeing less bounces this week
than I did in previous weeks.  And it's old code.  The new stuff seems
to do just fine.

Eliot



--cqMhxF5l5h1xFUh8G4XXvbfPcOkv3GB4E
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2

iQEcBAEBCAAGBQJV6F+/AAoJEIe2a0bZ0noz4xYH/ix5oiYv8M+RFrMhkIHzYHsS
12dFqIgyVKjrDwiJ8mG9ekyavg5Cf6fjjZ7qGG6gTl/eakmlAG947Mokfw8R+llE
7f4d+1Vk1L/8TQPyuKdFSXbXoJJ3/0bgORq99vy8R4vnf1LBVh1vAiiYCwCmPv6t
PaRAVgHfVPD+LdmSPE/qNNy+Pl35hOKrduKvY/rP4NSGeBKkUbOozdUfHaZqt/GF
Opgv4sY9463zkqGixsQV7dmpMo7frG8roEoffxAKnTzcTc/qOuoYhAcUC5HL39GC
0McrYRAfseSEq0Adh23yXzw+ijEwhlpHvBgECJKMptftwN+7oneQB2IeLjk/0uE=
=y1dp
-----END PGP SIGNATURE-----

--cqMhxF5l5h1xFUh8G4XXvbfPcOkv3GB4E--


From nobody Thu Sep  3 13:09:59 2015
Return-Path: <housley@vigilsec.com>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A5FA61B47BA for <saag@ietfa.amsl.com>; Thu,  3 Sep 2015 13:09:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -101.9
X-Spam-Level: 
X-Spam-Status: No, score=-101.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, USER_IN_WHITELIST=-100] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id x0MyedfoInFG for <saag@ietfa.amsl.com>; Thu,  3 Sep 2015 13:09:52 -0700 (PDT)
Received: from odin.smetech.net (x-bolt-wan.smeinc.net [209.135.219.146]) by ietfa.amsl.com (Postfix) with ESMTP id 0F6D21B48CB for <saag@ietf.org>; Thu,  3 Sep 2015 13:09:52 -0700 (PDT)
Received: from localhost (unknown [209.135.209.5]) by odin.smetech.net (Postfix) with ESMTP id 77B37F24136; Thu,  3 Sep 2015 16:09:41 -0400 (EDT)
X-Virus-Scanned: amavisd-new at smetech.net
Received: from odin.smetech.net ([209.135.209.4]) by localhost (ronin.smeinc.net [209.135.209.5]) (amavisd-new, port 10024) with ESMTP id ZqYnFMRIi7VP; Thu,  3 Sep 2015 16:08:13 -0400 (EDT)
Received: from [192.168.2.100] (pool-108-51-128-219.washdc.fios.verizon.net [108.51.128.219]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by odin.smetech.net (Postfix) with ESMTP id 9710AF24126; Thu,  3 Sep 2015 16:09:10 -0400 (EDT)
Mime-Version: 1.0 (Apple Message framework v1085)
Content-Type: text/plain; charset=us-ascii
From: Russ Housley <housley@vigilsec.com>
In-Reply-To: <20150902223418.GS9021@mournblade.imrryr.org>
Date: Thu, 3 Sep 2015 16:08:59 -0400
Content-Transfer-Encoding: quoted-printable
Message-Id: <C1143EE0-499A-4DD5-B412-53F03A8C28BE@vigilsec.com>
References: <CAHbuEH6w+O-TSA9SRP-9TrM+Hdh+vn7Me+tdJrFTNY_-Nbenug@mail.gmail.com> <20150901165526.GU9021@mournblade.imrryr.org> <4F6E430F-61E7-46BA-9B4A-8E12156B62FA@vigilsec.com> <20150901211906.GA9021@mournblade.imrryr.org> <E44EE5B3-1469-49D7-9C15-299230E13779@vigilsec.com> <tsl8u8pmzta.fsf@mit.edu> <92D9378E-4724-4721-A5F4-26614D96831E@gmail.com> <20150902040145.GD9021@mournblade.imrryr.org> <CAC4RtVBJQX+B3XvnGnUpHbHdyw08Yn+CEGXML7K+c3q2pLNa7w@mail.gmail.com> <20150902223418.GS9021@mournblade.imrryr.org>
To: Sam Hartman <hartmans@painless-security.com>, Viktor Dukhovni <ietf-dane@dukhovni.org>
X-Mailer: Apple Mail (2.1085)
Archived-At: <http://mailarchive.ietf.org/arch/msg/saag/ECxwvN3Svw6QEp2LPlWkEL_EWko>
Cc: IETF SAAG <saag@ietf.org>
Subject: Re: [saag] Section 2.9: was Re: AD review of draft-iab-crypto-alg-agility-06
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 03 Sep 2015 20:09:57 -0000

On Sep 2, 2015, at 6:34 PM, Viktor Dukhovni wrote:

> On Wed, Sep 02, 2015 at 06:06:45PM -0400, Barry Leiba wrote:
>=20
>> (Responding to the thread in general, not to Viktor's note in =
particular.)
>>=20
>> I honestly don't see why this issue is relevant to agility at all, =
and
>> I would just strike the mention altogether, as I don't think it
>> affects the point that we need to have the ability to change
>> algorithms baked into the protocol and designed into the software.
>>=20
>> The point of OS is to negotiate the best security we can, and be
>> willing to accept a certain minimal security level, where the
>> definition of what's minimally acceptable will change from one
>> situation to another.
>>=20
>> Algorithm agility can help us achieve that, and that might be worth
>> saying.  But whether in a particular OS situation we care willing to
>> negotiate something that we'd otherwise consider deprecated is a
>> question unto itself, not one that guidance on algorithm agility =
needs
>> to discuss.
>=20
> Barry's suggestion works for me.  Perhaps this document need not
> be the one to clarify cipher deprecation for OS.
>=20
> But if it does, some text to make it clear that OS is about using
> the *strongest available* crypto, not weak crypto.  But crypto
> weaker than would otherwise be acceptable, may be acceptable with
> OS for some time to facilitate interoperability with legacy systems.
>=20
> It can be a sentence or two, just enough to not give the impression
> that weak crypto is preferred with OS.

The words in my current edit buffer are:

   Despite the guidance in Section 2.4, opportunistic security [RFC7435]
   also deserves consideration, especially at the time a protocol
   implementation is deployed and configured.  Using algorithms that are
   weak against advanced attackers but sufficient against others is one
   way to make pervasive surveillance significantly more difficult.  As
   a result, algorithms that would not be acceptable in many negotiated
   situations are acceptable for opportunistic security when legacy
   systems are in use for unauthenticated encrypted sessions as
   discussed in Section 3 of [RFC7435] as long as their use does not
   facilitate downgrade attacks.  Similarly, weaker algorithms and
   shorter key sizes are also acceptable for opportunistic security with
   the same constraints.  That said, the use of strong algorithms is
   always preferable.

Would it help to change "As a result" to "As a result, when =
communicating parties do not have strong algorithms in common"?

Russ



From nobody Thu Sep  3 13:31:34 2015
Return-Path: <housley@vigilsec.com>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 15C821B377B for <saag@ietfa.amsl.com>; Thu,  3 Sep 2015 13:31:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -101.9
X-Spam-Level: 
X-Spam-Status: No, score=-101.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, USER_IN_WHITELIST=-100] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nW4thuw8OaWZ for <saag@ietfa.amsl.com>; Thu,  3 Sep 2015 13:31:31 -0700 (PDT)
Received: from odin.smetech.net (x-bolt-wan.smeinc.net [209.135.219.146]) by ietfa.amsl.com (Postfix) with ESMTP id 6B8051A8A60 for <saag@ietf.org>; Thu,  3 Sep 2015 13:31:28 -0700 (PDT)
Received: from localhost (unknown [209.135.209.5]) by odin.smetech.net (Postfix) with ESMTP id F23E7F2412B; Thu,  3 Sep 2015 16:31:17 -0400 (EDT)
X-Virus-Scanned: amavisd-new at smetech.net
Received: from odin.smetech.net ([209.135.209.4]) by localhost (ronin.smeinc.net [209.135.209.5]) (amavisd-new, port 10024) with ESMTP id hFeCvr9kC+Y3; Thu,  3 Sep 2015 16:30:00 -0400 (EDT)
Received: from [192.168.2.100] (pool-108-51-128-219.washdc.fios.verizon.net [108.51.128.219]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by odin.smetech.net (Postfix) with ESMTP id 12644F24126; Thu,  3 Sep 2015 16:30:57 -0400 (EDT)
Mime-Version: 1.0 (Apple Message framework v1085)
Content-Type: text/plain; charset=us-ascii
From: Russ Housley <housley@vigilsec.com>
In-Reply-To: <55E83554.6010808@cisco.com>
Date: Thu, 3 Sep 2015 16:30:44 -0400
Content-Transfer-Encoding: 7bit
Message-Id: <62CBD9E2-2DB4-4D3D-93E5-ADEB0F3D3C12@vigilsec.com>
References: <55A938F1.9090404@cs.tcd.ie> <20150720044849.GY28047@mournblade.imrryr.org> <B866063D-C1A8-4286-83E1-9EBAE7994297@vigilsec.com> <55E83554.6010808@cisco.com>
To: Eliot Lear <lear@cisco.com>
X-Mailer: Apple Mail (2.1085)
Archived-At: <http://mailarchive.ietf.org/arch/msg/saag/AHruj7I3fgGKMhcBlH5hXXH6O5w>
Cc: saag@ietf.org
Subject: Re: [saag] AD review of draft-iab-crypto-alg-agility-06
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 03 Sep 2015 20:31:33 -0000

Eliot:

We are talking about section 2.6...

>>   Without clear mechanisms for algorithm and suite transition,
>>   preserving interoperability becomes a difficult social problem.  For
>>   example, consider web browsers.  Dropping support for an algorithm
>>   suite can break connectivity to some web sites, and the browser
>>   vendor will lose users by doing so.  This situation creates
>>   incentives to support algorithm suites that would otherwise be
>>   deprecated in order to preserve interoperability.
> 
> Honestly this paragraph is confusing.  It's opaque because it's not
> clear whether you're aiming at a strawman of where TLS doesn't support
> agility or the case of long lived root or intermediate certificates.  If
> it's the former, can you find a more current example?  And the last
> sentence is just flat out ambiguous, although in an amusing sort of way
> (who deprecates in order to preserve interoperability?).

Kathleen also had a comment on this part of the document in her IESG ballot.

I'm trying to address both comments with this proposal:

2.6.  Preserving Interoperability

   Cryptographic algorithm deprecation is very difficult.  People do not
   like to introduce interoperability problems, even to preserve
   security.  As a result, flawed algorithms are supported for far too
   long.  The impact of legacy software and long support tails on
   security can be reduced by making it easy to transition from old
   algorithms and suites to new ones.  Social pressure is often needed
   to cause the transition to happen.

   Implementers have been reluctant to remove deprecated algorithms or
   suites from server software, and server administrators have been
   reluctant to diable them over concerns that some party will no longer
   have the ability to connect to their server.  Implementers and
   administrators want to improve security by using the best supported
   algorithms, but their actions are tempered by the desire to preserve
   connectivity.  Recently, some browser vendors have started to provide
   visual warnings when a deprecated algorithm or suite is used.  These
   visual warnings provide a new incentive to transition away from
   deprecated algorithms and suites.

   Transition in Internet infrastructure is particularly difficult.  The
   digital signature on the certificate for an intermediate
   certification authority (CA) [RFC5280] is often expected to last
   decades, which hinders the transition away from a weak signature
   algorithm or short key length.  Once a long-lived certificate is
   issued with a particular signature algorithm, that algorithm will be
   used by many relying parties, and none of them can stop supporting it
   without invalidating all of the subordinate certificates.  In a
   hierarchical system, many subordinate certificates could be impacted
   by the decision to drop support for a weak signature algorithm or an
   associated hash function.

   Institutions, being large or dominant users within a large user base,
   can assist by coordinating the demise of an algorithm suite, making
   the transition easier for their own users as well as others.

Russ


From nobody Thu Sep  3 13:34:25 2015
Return-Path: <ietf-dane@dukhovni.org>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DE1711B3B6F for <saag@ietfa.amsl.com>; Thu,  3 Sep 2015 13:34:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level: 
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Z3FmsP9ll4vp for <saag@ietfa.amsl.com>; Thu,  3 Sep 2015 13:34:23 -0700 (PDT)
Received: from mournblade.imrryr.org (mournblade.imrryr.org [38.117.134.19]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6B27B1B2CDA for <saag@ietf.org>; Thu,  3 Sep 2015 13:34:23 -0700 (PDT)
Received: by mournblade.imrryr.org (Postfix, from userid 1034) id 96CF2284B6C; Thu,  3 Sep 2015 20:34:22 +0000 (UTC)
Date: Thu, 3 Sep 2015 20:34:22 +0000
From: Viktor Dukhovni <ietf-dane@dukhovni.org>
To: IETF SAAG <saag@ietf.org>
Message-ID: <20150903203422.GS9021@mournblade.imrryr.org>
References: <20150901165526.GU9021@mournblade.imrryr.org> <4F6E430F-61E7-46BA-9B4A-8E12156B62FA@vigilsec.com> <20150901211906.GA9021@mournblade.imrryr.org> <E44EE5B3-1469-49D7-9C15-299230E13779@vigilsec.com> <tsl8u8pmzta.fsf@mit.edu> <92D9378E-4724-4721-A5F4-26614D96831E@gmail.com> <20150902040145.GD9021@mournblade.imrryr.org> <CAC4RtVBJQX+B3XvnGnUpHbHdyw08Yn+CEGXML7K+c3q2pLNa7w@mail.gmail.com> <20150902223418.GS9021@mournblade.imrryr.org> <C1143EE0-499A-4DD5-B412-53F03A8C28BE@vigilsec.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <C1143EE0-499A-4DD5-B412-53F03A8C28BE@vigilsec.com>
User-Agent: Mutt/1.5.23 (2014-03-12)
Archived-At: <http://mailarchive.ietf.org/arch/msg/saag/CxLT3JtWX28Jx3nU8hafaDo_hCM>
Subject: Re: [saag] Section 2.9: was Re: AD review of draft-iab-crypto-alg-agility-06
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: saag@ietf.org
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 03 Sep 2015 20:34:25 -0000

On Thu, Sep 03, 2015 at 04:08:59PM -0400, Russ Housley wrote:

> > It can be a sentence or two, just enough to not give the impression
> > that weak crypto is preferred with OS.
> 
> The words in my current edit buffer are:
> 
>    Despite the guidance in Section 2.4, opportunistic security [RFC7435]
>    also deserves consideration, especially at the time a protocol
>    implementation is deployed and configured.  Using algorithms that are
>    weak against advanced attackers but sufficient against others is one
>    way to make pervasive surveillance significantly more difficult.  As
>    a result, algorithms that would not be acceptable in many negotiated
>    situations are acceptable for opportunistic security when legacy
>    systems are in use for unauthenticated encrypted sessions as
>    discussed in Section 3 of [RFC7435] as long as their use does not
>    facilitate downgrade attacks.  Similarly, weaker algorithms and
>    shorter key sizes are also acceptable for opportunistic security with
>    the same constraints.  That said, the use of strong algorithms is
>    always preferable.
> 
> Would it help to change "As a result" to "As a result, when communicating
> parties do not have strong algorithms in common"?

You're heading in the right direction, but I think this is a sentence
or so too late.  The sentence that starts with "Using algorithms
that are weak ..." is troublesome.  How about:

    Using the strongest available encryption (even if not strong
    enough for mandatory security) is one way ...

And then perhaps still make the additional change you're proposing.

-- 
	Viktor.


From nobody Thu Sep  3 13:51:25 2015
Return-Path: <housley@vigilsec.com>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C84711B3F67 for <saag@ietfa.amsl.com>; Thu,  3 Sep 2015 13:51:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -101.9
X-Spam-Level: 
X-Spam-Status: No, score=-101.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, USER_IN_WHITELIST=-100] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ywwHLqoKOlW4 for <saag@ietfa.amsl.com>; Thu,  3 Sep 2015 13:51:22 -0700 (PDT)
Received: from odin.smetech.net (x-bolt-wan.smeinc.net [209.135.219.146]) by ietfa.amsl.com (Postfix) with ESMTP id 6B2C61B3F62 for <saag@ietf.org>; Thu,  3 Sep 2015 13:51:22 -0700 (PDT)
Received: from localhost (unknown [209.135.209.5]) by odin.smetech.net (Postfix) with ESMTP id E0729F2414D; Thu,  3 Sep 2015 16:51:11 -0400 (EDT)
X-Virus-Scanned: amavisd-new at smetech.net
Received: from odin.smetech.net ([209.135.209.4]) by localhost (ronin.smeinc.net [209.135.209.5]) (amavisd-new, port 10024) with ESMTP id Wz7FCEOF-y4c; Thu,  3 Sep 2015 16:49:54 -0400 (EDT)
Received: from [192.168.2.100] (pool-108-51-128-219.washdc.fios.verizon.net [108.51.128.219]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by odin.smetech.net (Postfix) with ESMTP id 14153F24153; Thu,  3 Sep 2015 16:50:51 -0400 (EDT)
Mime-Version: 1.0 (Apple Message framework v1085)
Content-Type: text/plain; charset=us-ascii
From: Russ Housley <housley@vigilsec.com>
In-Reply-To: <20150903203422.GS9021@mournblade.imrryr.org>
Date: Thu, 3 Sep 2015 16:50:40 -0400
Content-Transfer-Encoding: 7bit
Message-Id: <59B012CE-06B4-46E6-A909-F4DECD92B32C@vigilsec.com>
References: <20150901165526.GU9021@mournblade.imrryr.org> <4F6E430F-61E7-46BA-9B4A-8E12156B62FA@vigilsec.com> <20150901211906.GA9021@mournblade.imrryr.org> <E44EE5B3-1469-49D7-9C15-299230E13779@vigilsec.com> <tsl8u8pmzta.fsf@mit.edu> <92D9378E-4724-4721-A5F4-26614D96831E@gmail.com> <20150902040145.GD9021@mournblade.imrryr.org> <CAC4RtVBJQX+B3XvnGnUpHbHdyw08Yn+CEGXML7K+c3q2pLNa7w@mail.gmail.com> <20150902223418.GS9021@mournblade.imrryr.org> <C1143EE0-499A-4DD5-B412-53F03A8C28BE@vigilsec.com> <20150903203422.GS9021@mournblade.imrryr.org>
To: Viktor Dukhovni <ietf-dane@dukhovni.org>
X-Mailer: Apple Mail (2.1085)
Archived-At: <http://mailarchive.ietf.org/arch/msg/saag/rOuXMrR9OqcYXgbuk0U6SGKmMHg>
Cc: IETF SAAG <saag@ietf.org>
Subject: Re: [saag] Section 2.9: was Re: AD review of draft-iab-crypto-alg-agility-06
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 03 Sep 2015 20:51:23 -0000

Viktor:

> On Thu, Sep 03, 2015 at 04:08:59PM -0400, Russ Housley wrote:
> 
>>> It can be a sentence or two, just enough to not give the impression
>>> that weak crypto is preferred with OS.
>> 
>> The words in my current edit buffer are:
>> 
>>   Despite the guidance in Section 2.4, opportunistic security [RFC7435]
>>   also deserves consideration, especially at the time a protocol
>>   implementation is deployed and configured.  Using algorithms that are
>>   weak against advanced attackers but sufficient against others is one
>>   way to make pervasive surveillance significantly more difficult.  As
>>   a result, algorithms that would not be acceptable in many negotiated
>>   situations are acceptable for opportunistic security when legacy
>>   systems are in use for unauthenticated encrypted sessions as
>>   discussed in Section 3 of [RFC7435] as long as their use does not
>>   facilitate downgrade attacks.  Similarly, weaker algorithms and
>>   shorter key sizes are also acceptable for opportunistic security with
>>   the same constraints.  That said, the use of strong algorithms is
>>   always preferable.
>> 
>> Would it help to change "As a result" to "As a result, when communicating
>> parties do not have strong algorithms in common"?
> 
> You're heading in the right direction, but I think this is a sentence
> or so too late.  The sentence that starts with "Using algorithms
> that are weak ..." is troublesome.  How about:
> 
>    Using the strongest available encryption (even if not strong
>    enough for mandatory security) is one way ...
> 
> And then perhaps still make the additional change you're proposing.

Trying to pull the idea into the earlier part of the paragraph...

Current Text:

   Using algorithms that are weak against advanced attackers but
   sufficient against others is one way to make pervasive
   surveillance significantly more difficult.

Possible Alternative:

   Opportunistic security, like other reasons for encrypting traffic,
   needs to make use of the strongest encryption algorithms that are
   implemented and allowed by policy.  When communicating parties do
   not have strong algorithms in common, using algorithms that are
   weak against advanced attackers but sufficient against others is
   one way to make pervasive surveillance significantly more difficult.

Russ


From nobody Thu Sep  3 13:58:12 2015
Return-Path: <ietf-dane@dukhovni.org>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2A24D1B2FE8 for <saag@ietfa.amsl.com>; Thu,  3 Sep 2015 13:58:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level: 
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZiQ97OxTVFSE for <saag@ietfa.amsl.com>; Thu,  3 Sep 2015 13:58:09 -0700 (PDT)
Received: from mournblade.imrryr.org (mournblade.imrryr.org [38.117.134.19]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9C29A1A90EE for <saag@ietf.org>; Thu,  3 Sep 2015 13:58:09 -0700 (PDT)
Received: by mournblade.imrryr.org (Postfix, from userid 1034) id 569D2284B6C; Thu,  3 Sep 2015 20:58:08 +0000 (UTC)
Date: Thu, 3 Sep 2015 20:58:08 +0000
From: Viktor Dukhovni <ietf-dane@dukhovni.org>
To: IETF SAAG <saag@ietf.org>
Message-ID: <20150903205808.GU9021@mournblade.imrryr.org>
References: <20150901211906.GA9021@mournblade.imrryr.org> <E44EE5B3-1469-49D7-9C15-299230E13779@vigilsec.com> <tsl8u8pmzta.fsf@mit.edu> <92D9378E-4724-4721-A5F4-26614D96831E@gmail.com> <20150902040145.GD9021@mournblade.imrryr.org> <CAC4RtVBJQX+B3XvnGnUpHbHdyw08Yn+CEGXML7K+c3q2pLNa7w@mail.gmail.com> <20150902223418.GS9021@mournblade.imrryr.org> <C1143EE0-499A-4DD5-B412-53F03A8C28BE@vigilsec.com> <20150903203422.GS9021@mournblade.imrryr.org> <59B012CE-06B4-46E6-A909-F4DECD92B32C@vigilsec.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <59B012CE-06B4-46E6-A909-F4DECD92B32C@vigilsec.com>
User-Agent: Mutt/1.5.23 (2014-03-12)
Archived-At: <http://mailarchive.ietf.org/arch/msg/saag/6brcCYXqujBJUZdM7tycOIAdnNI>
Subject: Re: [saag] Section 2.9: was Re: AD review of draft-iab-crypto-alg-agility-06
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: saag@ietf.org
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 03 Sep 2015 20:58:11 -0000

On Thu, Sep 03, 2015 at 04:50:40PM -0400, Russ Housley wrote:

> Possible Alternative:
> 
>    Opportunistic security, like other reasons for encrypting traffic,
>    needs to make use of the strongest encryption algorithms that are
>    implemented and allowed by policy.  When communicating parties do
>    not have strong algorithms in common, using algorithms that are
>    weak against advanced attackers but sufficient against others is
>    one way to make pervasive surveillance significantly more difficult.

I can probably live with that.

-- 
	Viktor.


From nobody Thu Sep  3 14:01:53 2015
Return-Path: <hartmans@painless-security.com>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3079E1B4173 for <saag@ietfa.amsl.com>; Thu,  3 Sep 2015 14:01:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.91
X-Spam-Level: 
X-Spam-Status: No, score=-1.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PTDam1V7zXxI for <saag@ietfa.amsl.com>; Thu,  3 Sep 2015 14:01:50 -0700 (PDT)
Received: from mail.painless-security.com (mail.painless-security.com [23.30.188.241]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2DFB91B40DF for <saag@ietf.org>; Thu,  3 Sep 2015 14:01:50 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mail.painless-security.com (Postfix) with ESMTP id 9D85E207CC; Thu,  3 Sep 2015 16:59:37 -0400 (EDT)
Received: from mail.painless-security.com ([127.0.0.1]) by localhost (mail.suchdamage.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7jFCdNuPA2B7; Thu,  3 Sep 2015 16:59:37 -0400 (EDT)
Received: from carter-zimmerman.suchdamage.org (c-50-136-30-120.hsd1.ma.comcast.net [50.136.30.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "laptop", Issuer "laptop" (not verified)) by mail.painless-security.com (Postfix) with ESMTPS; Thu,  3 Sep 2015 16:59:37 -0400 (EDT)
Received: by carter-zimmerman.suchdamage.org (Postfix, from userid 8042) id 9B1BD88963; Thu,  3 Sep 2015 17:01:48 -0400 (EDT)
From: Sam Hartman <hartmans-ietf@mit.edu>
To: Russ Housley <housley@vigilsec.com>
References: <CAHbuEH6w+O-TSA9SRP-9TrM+Hdh+vn7Me+tdJrFTNY_-Nbenug@mail.gmail.com> <20150901165526.GU9021@mournblade.imrryr.org> <4F6E430F-61E7-46BA-9B4A-8E12156B62FA@vigilsec.com> <20150901211906.GA9021@mournblade.imrryr.org> <E44EE5B3-1469-49D7-9C15-299230E13779@vigilsec.com> <tsl8u8pmzta.fsf@mit.edu> <92D9378E-4724-4721-A5F4-26614D96831E@gmail.com> <20150902040145.GD9021@mournblade.imrryr.org> <CAC4RtVBJQX+B3XvnGnUpHbHdyw08Yn+CEGXML7K+c3q2pLNa7w@mail.gmail.com> <20150902223418.GS9021@mournblade.imrryr.org> <C1143EE0-499A-4DD5-B412-53F03A8C28BE@vigilsec.com>
Date: Thu, 03 Sep 2015 17:01:48 -0400
In-Reply-To: <C1143EE0-499A-4DD5-B412-53F03A8C28BE@vigilsec.com> (Russ Housley's message of "Thu, 3 Sep 2015 16:08:59 -0400")
Message-ID: <tsld1xzjjyb.fsf@mit.edu>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.3 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain
Archived-At: <http://mailarchive.ietf.org/arch/msg/saag/gOtKUc-45vBx7pCFWpzt2DYRUcI>
Cc: saag@ietf.org
Subject: Re: [saag] Section 2.9: was Re: AD review of draft-iab-crypto-alg-agility-06
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 03 Sep 2015 21:01:52 -0000

>>>>> "Russ" == Russ Housley <housley@vigilsec.com> writes:
    Russ> Would it help to change "As a result" to "As a result, when
    Russ> communicating parties do not have strong algorithms in
    Russ> common"?

Yes!
that sounds great.


From nobody Thu Sep  3 14:02:03 2015
Return-Path: <lear@cisco.com>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 859E71B47F0 for <saag@ietfa.amsl.com>; Thu,  3 Sep 2015 14:02:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.511
X-Spam-Level: 
X-Spam-Status: No, score=-14.511 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mMbHgfJbeOJJ for <saag@ietfa.amsl.com>; Thu,  3 Sep 2015 14:02:01 -0700 (PDT)
Received: from aer-iport-3.cisco.com (aer-iport-3.cisco.com [173.38.203.53]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B14981A1BD7 for <saag@ietf.org>; Thu,  3 Sep 2015 14:02:00 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=4376; q=dns/txt; s=iport; t=1441314120; x=1442523720; h=subject:to:references:cc:from:message-id:date: mime-version:in-reply-to; bh=0yrPXH2ebWfxtZdCz2JWsg+K+dtQQ1jBBJ27ugUj3/A=; b=jLBkeAaD5A/GSI5lC+9jEZABi2LZ4ZKHZCdqYcBDNR8GttTS58VEyrh9 KY1fwqRFjgnMpHC3Hnbl1wY5Pj6tRGo8UZ/7li4hpTBhFdu1o3FxckvKF 2Rme/Hxispl4PqXGHMD0jhCDapCJ2zErtzH1p6AV0Bv6iu0z4bbjFzyr4 s=;
X-Files: signature.asc : 481
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0AOBwCetOhV/xbLJq1dh3y+a4M4AoIIAQEBAQEBgQuEJAEBBCNVARALGAkWCwICCQMCAQIBRQYNCAEBiCq3H5RVAQEBAQEBAQMBAQEBAQEBG4ppgQWEQEsHgmmBQwEEkjKDH4JBgVyDV4UDiHiRdyaCCwQdgVY8iX8BAQE
X-IronPort-AV: E=Sophos;i="5.17,464,1437436800";  d="asc'?scan'208";a="604889874"
Received: from aer-iport-nat.cisco.com (HELO aer-core-4.cisco.com) ([173.38.203.22]) by aer-iport-3.cisco.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 03 Sep 2015 21:01:58 +0000
Received: from [10.61.222.22] ([10.61.222.22]) by aer-core-4.cisco.com (8.14.5/8.14.5) with ESMTP id t83L1wpV023927; Thu, 3 Sep 2015 21:01:58 GMT
To: Russ Housley <housley@vigilsec.com>
References: <55A938F1.9090404@cs.tcd.ie> <20150720044849.GY28047@mournblade.imrryr.org> <B866063D-C1A8-4286-83E1-9EBAE7994297@vigilsec.com> <55E83554.6010808@cisco.com> <62CBD9E2-2DB4-4D3D-93E5-ADEB0F3D3C12@vigilsec.com>
From: Eliot Lear <lear@cisco.com>
Message-ID: <55E8B547.4040707@cisco.com>
Date: Thu, 3 Sep 2015 23:01:59 +0200
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:38.0) Gecko/20100101 Thunderbird/38.2.0
MIME-Version: 1.0
In-Reply-To: <62CBD9E2-2DB4-4D3D-93E5-ADEB0F3D3C12@vigilsec.com>
Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="oIHH72nfJFCbeSCFOSHCj84j6GU2m3Dh8"
Archived-At: <http://mailarchive.ietf.org/arch/msg/saag/sw9BkHd0eeDgZdA41YC24ihKTGo>
Cc: saag@ietf.org
Subject: Re: [saag] AD review of draft-iab-crypto-alg-agility-06
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 03 Sep 2015 21:02:02 -0000

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--oIHH72nfJFCbeSCFOSHCj84j6GU2m3Dh8
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable

Much better.

Eliot


On 9/3/15 10:30 PM, Russ Housley wrote:
> Eliot:
>
> We are talking about section 2.6...
>
>>>   Without clear mechanisms for algorithm and suite transition,
>>>   preserving interoperability becomes a difficult social problem.  Fo=
r
>>>   example, consider web browsers.  Dropping support for an algorithm
>>>   suite can break connectivity to some web sites, and the browser
>>>   vendor will lose users by doing so.  This situation creates
>>>   incentives to support algorithm suites that would otherwise be
>>>   deprecated in order to preserve interoperability.
>> Honestly this paragraph is confusing.  It's opaque because it's not
>> clear whether you're aiming at a strawman of where TLS doesn't support=

>> agility or the case of long lived root or intermediate certificates.  =
If
>> it's the former, can you find a more current example?  And the last
>> sentence is just flat out ambiguous, although in an amusing sort of wa=
y
>> (who deprecates in order to preserve interoperability?).
> Kathleen also had a comment on this part of the document in her IESG ba=
llot.
>
> I'm trying to address both comments with this proposal:
>
> 2.6.  Preserving Interoperability
>
>    Cryptographic algorithm deprecation is very difficult.  People do no=
t
>    like to introduce interoperability problems, even to preserve
>    security.  As a result, flawed algorithms are supported for far too
>    long.  The impact of legacy software and long support tails on
>    security can be reduced by making it easy to transition from old
>    algorithms and suites to new ones.  Social pressure is often needed
>    to cause the transition to happen.
>
>    Implementers have been reluctant to remove deprecated algorithms or
>    suites from server software, and server administrators have been
>    reluctant to diable them over concerns that some party will no longe=
r
>    have the ability to connect to their server.  Implementers and
>    administrators want to improve security by using the best supported
>    algorithms, but their actions are tempered by the desire to preserve=

>    connectivity.  Recently, some browser vendors have started to provid=
e
>    visual warnings when a deprecated algorithm or suite is used.  These=

>    visual warnings provide a new incentive to transition away from
>    deprecated algorithms and suites.
>
>    Transition in Internet infrastructure is particularly difficult.  Th=
e
>    digital signature on the certificate for an intermediate
>    certification authority (CA) [RFC5280] is often expected to last
>    decades, which hinders the transition away from a weak signature
>    algorithm or short key length.  Once a long-lived certificate is
>    issued with a particular signature algorithm, that algorithm will be=

>    used by many relying parties, and none of them can stop supporting i=
t
>    without invalidating all of the subordinate certificates.  In a
>    hierarchical system, many subordinate certificates could be impacted=

>    by the decision to drop support for a weak signature algorithm or an=

>    associated hash function.
>
>    Institutions, being large or dominant users within a large user base=
,
>    can assist by coordinating the demise of an algorithm suite, making
>    the transition easier for their own users as well as others.
>
> Russ
>
>



--oIHH72nfJFCbeSCFOSHCj84j6GU2m3Dh8
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2

iQEcBAEBCAAGBQJV6LVHAAoJEIe2a0bZ0nozshsIAIZkrdGhhOmlyVVq/yrgek7c
fQRlFGEKamZ29u1eUpp/LHU4V+MfsKmIIp3EdfH31u1ttqolt4OVXFt394SEF+VZ
qFpCs8POYU/PWnlFbUBu69aq4QFGksWGOfb+6QUqclKQ/UMNTtWk7Z+mqxkOzRPX
z2KQ7jC/Xruw6lcJiX8rIWgFaEddpA8OlcfphFoR/XXWtUERj/ZdL4cWSaNoKIa0
M0HUtfKYaqL7b94fR/zpkkfs5nrGelKq0aGedrgGwzj3YeJaOt1rRqcClusFfOqM
9fb/n8S3iN/tCzTWozHvWcx6+8wdFd/Ipc6OSxlW+xM479okSkg7Hlm2vIIEAXY=
=OGlt
-----END PGP SIGNATURE-----

--oIHH72nfJFCbeSCFOSHCj84j6GU2m3Dh8--


From nobody Thu Sep  3 14:12:40 2015
Return-Path: <ietf-dane@dukhovni.org>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 583D91ACE8D for <saag@ietfa.amsl.com>; Thu,  3 Sep 2015 14:12:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level: 
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SMLflInNNesi for <saag@ietfa.amsl.com>; Thu,  3 Sep 2015 14:12:37 -0700 (PDT)
Received: from mournblade.imrryr.org (mournblade.imrryr.org [38.117.134.19]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5DE7F1A8987 for <saag@ietf.org>; Thu,  3 Sep 2015 14:12:37 -0700 (PDT)
Received: by mournblade.imrryr.org (Postfix, from userid 1034) id B448A284B6C; Thu,  3 Sep 2015 21:12:36 +0000 (UTC)
Date: Thu, 3 Sep 2015 21:12:36 +0000
From: Viktor Dukhovni <ietf-dane@dukhovni.org>
To: saag@ietf.org
Message-ID: <20150903211236.GV9021@mournblade.imrryr.org>
References: <55A938F1.9090404@cs.tcd.ie> <20150720044849.GY28047@mournblade.imrryr.org> <B866063D-C1A8-4286-83E1-9EBAE7994297@vigilsec.com> <55E83554.6010808@cisco.com> <62CBD9E2-2DB4-4D3D-93E5-ADEB0F3D3C12@vigilsec.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <62CBD9E2-2DB4-4D3D-93E5-ADEB0F3D3C12@vigilsec.com>
User-Agent: Mutt/1.5.23 (2014-03-12)
Archived-At: <http://mailarchive.ietf.org/arch/msg/saag/4iWBD9QYf4EqK_aKLiy7gwi5BK4>
Subject: Re: [saag] AD review of draft-iab-crypto-alg-agility-06
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: saag@ietf.org
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 03 Sep 2015 21:12:38 -0000

On Thu, Sep 03, 2015 at 04:30:44PM -0400, Russ Housley wrote:

>    Institutions, being large or dominant users within a large user base,
>    can assist by coordinating the demise of an algorithm suite, making
>    the transition easier for their own users as well as others.

Nit: I still find the "Institutions, being large ..." phrasing a
bit clumsy.  How about:

    Organizations that are dominant in the market or support a
    large fraction of the user base, can help to overcome inertia
    and hasten the deprecation of a weakened algorithm suite,
    thereby making the transition easier for their own users as
    well as others.

-- 
	Viktor.


From nobody Thu Sep  3 14:17:00 2015
Return-Path: <housley@vigilsec.com>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6E7AD1B2D74 for <saag@ietfa.amsl.com>; Thu,  3 Sep 2015 14:16:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -101.9
X-Spam-Level: 
X-Spam-Status: No, score=-101.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, USER_IN_WHITELIST=-100] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uWDoU5so3NUB for <saag@ietfa.amsl.com>; Thu,  3 Sep 2015 14:16:57 -0700 (PDT)
Received: from odin.smetech.net (x-bolt-wan.smeinc.net [209.135.219.146]) by ietfa.amsl.com (Postfix) with ESMTP id CCF651B2A0B for <saag@ietf.org>; Thu,  3 Sep 2015 14:16:56 -0700 (PDT)
Received: from localhost (unknown [209.135.209.5]) by odin.smetech.net (Postfix) with ESMTP id 5703CF2412D for <saag@ietf.org>; Thu,  3 Sep 2015 17:16:46 -0400 (EDT)
X-Virus-Scanned: amavisd-new at smetech.net
Received: from odin.smetech.net ([209.135.209.4]) by localhost (ronin.smeinc.net [209.135.209.5]) (amavisd-new, port 10024) with ESMTP id 2k3LpuvLnOXV for <saag@ietf.org>; Thu,  3 Sep 2015 17:15:28 -0400 (EDT)
Received: from [192.168.2.100] (pool-108-51-128-219.washdc.fios.verizon.net [108.51.128.219]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by odin.smetech.net (Postfix) with ESMTP id 10DCDF2412B for <saag@ietf.org>; Thu,  3 Sep 2015 17:16:25 -0400 (EDT)
Content-Type: text/plain; charset=us-ascii
Mime-Version: 1.0 (Apple Message framework v1085)
From: Russ Housley <housley@vigilsec.com>
In-Reply-To: <20150902212858.GM9021@mournblade.imrryr.org>
Date: Thu, 3 Sep 2015 17:16:14 -0400
Content-Transfer-Encoding: quoted-printable
Message-Id: <A4F863D6-6917-40FD-B205-36E909015A98@vigilsec.com>
References: <55A938F1.9090404@cs.tcd.ie> <20150720044849.GY28047@mournblade.imrryr.org> <B866063D-C1A8-4286-83E1-9EBAE7994297@vigilsec.com> <20150902212858.GM9021@mournblade.imrryr.org>
To: saag@ietf.org
X-Mailer: Apple Mail (2.1085)
Archived-At: <http://mailarchive.ietf.org/arch/msg/saag/Hj8xRiIYDpr9gi3T-yzzcJ_E9M8>
Subject: Re: [saag] AD review of draft-iab-crypto-alg-agility-06
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 03 Sep 2015 21:16:59 -0000

Viktor:

{ Dropping things where we have reached agreement. }

>>> I find section 2.5 too vague, not sure what point it is really
>>> trying to make.
>>=20
>> I'm not sure how to handle this comment.  I guess the point that I am
>> trying to make is that there can be too many levels of indirection =
and
>> still preserve the integrity of the first part of the negotiation.
>=20
>    2.5.  Cryptographic Key Management
>=20
>       Traditionally, protocol designers have avoided more than one =
approach
>       to key management because it makes the security analysis of the
>       overall protocol more difficult.  When frameworks such as EAP =
and
>       GSSAPI are employed, the key management is very flexible, often
>       hiding many of the details from the application.  This results =
in
>       protocols that support multiple key management approaches.  In =
fact,
>       the key management approach itself may be negotiable, which =
creates a
>       design challenge to protect the negotiation of the key =
management
>       approach before it is used to produce cryptographic keys.
>=20
>       Protocols can negotiate a key management approach, derive an =
initial
>       cryptographic key, and then authenticate the negotiation.  =
However,
>       if the authentication fails, the only recourse is to start the
>       negotiation over from the beginning.
>=20
>       Some environments will restrict the key management approaches by
>       policy.  Such policies tend to improve interoperability within a
>       particular environment, but they cause problems for individuals =
that
>       need to work in multiple incompatible environments.
>=20
> Reading section 2.5 again, and being well versed in both TLS and
> GSSAPI (I commit code to both OpenSSL and Heimdal), I still have
> no idea what it is saying.  In what sense is "key management" (which
> for me means how keys are deployed and rotated) "negotiated" in
> the protocol.
>=20
> Is this talking about "Key Exchange" rather than "Key Management"?
> Is the problem you have in mind that when, for example, negotiating
> "GSSAPI" in SASL one might not know what that entails before deciding
> to use GSSAPI over some other SASL mechanism?
>=20
> Whatever this section is trying to say, I'm just not smart enough
> to figure it out, even with the hint in this response.

Perhaps the section heading has been the problem all along.

Yes, the use of GSSAPI by SASL is another example.  In fact RFC 4422 =
makes the point:

   Note that the mechanism negotiation is not protected by the
   subsequent authentication exchange and hence is subject to downgrade
   attacks if not protected by other means.

Does "Cryptographic Key Establishment Techniques" work better for you?

>>> 	   Institutions, being large or dominate users within a large
>>> 	   user base, can assist by coordinating the demise of an
>>> 	   algorithm suite, making the rollover easier for their own
>>> 	   users as well as others.
>>>=20
>>>   Somehow the meaning of the above eludes me.  It needs a rewrite.
>>=20
>> The point is that big customers can help with the social part of the
>> transition by putting pressure on their suppliers.  I'm not sure what =
part
>> to change to make that more clear for you.
>=20
>    Dominant, or otherwise sufficiently large, market players can ...

How about this:

   Dominant players in a market, or others with a sufficiently large
   user base, can assist by coordinating the demise of an algorithm
   suite, making the transition easier for their own users as well as
   others.

>=20
>>> Section 2,7:
>>>=20
>>>      When selecting or negotiating a suite of cryptographic =
algorithms,
>>>      the strength of each algorithm SHOULD be considered.  The =
algorithms
>>>      in a suite SHOULD be roughly equal;
>>>=20
>>>   s/roughly equal/comparably strong/ or (to really spell it out):
>>>                  /have comparable best known attack work-factors/
>>>=20
>>>   However if a particular element of a suite is believed stronger
>>>   than the rest, we don't need to get too pedantic about that.
>>>   Slightly lop-sided choices are OK if the stronger outlier is
>>>   adequately fast, and weaker variants are not widely used.
>>=20
>> That was the point of "roughly".  Also, the second paragraph bring in =
the point about performance being a factor.
>>=20
>> How about this:
>>=20
>>   When selecting or negotiating a suite of cryptographic algorithms,
>>   the strength of each algorithm SHOULD be considered.  The =
algorithms
>>   in a suite SHOULD be roughly equal; however, the security service
>>   provided by each algorithm in a particular context needs to be
>>   considered when making the selection.  Algorithm strength needs to =
be
>>   considered at the time a protocol is designed.  It also needs to be
>>   considered at the time a protocol implementation is deployed and
>>   configured.  Advice from from experts is useful, but in reality, =
such
>>   advice is often unavailable to system administrators that are
>>   deploying a protocol implementation.  For this reason, protocol
>>   designers SHOULD provide clear guidance to implementors, leading to
>>   balanced options being available at the time of deployment.
>=20
> I do not think the greater length makes it clearer, perhaps the
> original shorter version will do.

This is the text that went to the IESG yesterday, so if this is working, =
let's keep it.

>>>  Overall I think this text is wrong to weasel out.  Failure to
>>>  negotiate the DH parameter size has proved rather problematic
>>>  in TLS, with servers needing to guess at universally inteoperable
>>>  prime bit length.  This is being addressed, with the DH groups
>>>  extension now supporting standard prime groups as well as standard
>>>  EC curves.  Underspecified algorithms MUST NOT be used.  Either
>>>  fix the parameters, or negotiate them.
>>=20
>> You raise an important point.  I suggest:
>>=20
>>   Performance is always a factor is selecting cryptographic =
algorithms.
>>   Performance and security need to be balanced.  Some algorithms =
offer
>>   flexibility in their strength by adjusting the key size, number of
>>   rounds, authentication tag size, prime group size, and so on.  For
>>   example, TLS cipher suites include Diffie-Hellman or RSA without
>>   specifying a particular public key length.  If the algorithm
>>   identifier or suite identifier named a particular public key =
length,
>>   migration to longer ones would be more difficult.  On the other =
hand,
>>   inclusion of a public key length would make it easier to migrate =
away
>>   from short ones when computational resources available to attacker
>>   dictate the need to do so.  The flexibility on asymmetric key =
length
>>   has lead to interoperability problems, and to avoid these problems =
in
>>   the future any aspect of the algorithm not specified by the =
algorithm
>>   identifier MUST be negotiated, including key size and parameters.
>=20
> Better, but of course negotiating the strength of long-term public
> keys is generally not possible, the server can't choose these on
> the fly.  So the MUST is perhaps too strong.  Rather, protocol
> designs SHOULD try to avoid unilateral choices of cryptographic
> parameters to the extent possible.  Thus we should encourage
> specification of a small set of explicit sizes or set of explicit
> groups, ... and then negotiate their use.

Stephen did not think the MUST was appropriate for a BCP.

The current wording is:

   Performance is always a factor is selecting cryptographic algorithms.
   Performance and security need to be balanced.  Some algorithms offer
   flexibility in their strength by adjusting the key size, number of
   rounds, authentication tag size, prime group size, and so on.  For
   example, TLS cipher suites include Diffie-Hellman or RSA without
   specifying a particular public key length.  If the algorithm
   identifier or suite identifier named a particular public key length,
   migration to longer ones would be more difficult.  On the other hand,
   inclusion of a public key length would make it easier to migrate away
   from short ones when computational resources available to attacker
   dictate the need to do so.  The flexibility on asymmetric key length
   has led to interoperability problems, and to avoid these problems in
   the future any aspect of the algorithm not specified by the algorithm
   identifiers need to be negotiated, including key size and parameters.

Russ=


From nobody Thu Sep  3 14:19:17 2015
Return-Path: <housley@vigilsec.com>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A11FD1B2D72 for <saag@ietfa.amsl.com>; Thu,  3 Sep 2015 14:19:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -101.9
X-Spam-Level: 
X-Spam-Status: No, score=-101.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, USER_IN_WHITELIST=-100] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 74Sq-Bp-quyU for <saag@ietfa.amsl.com>; Thu,  3 Sep 2015 14:19:15 -0700 (PDT)
Received: from odin.smetech.net (x-bolt-wan.smeinc.net [209.135.219.146]) by ietfa.amsl.com (Postfix) with ESMTP id 79A7D1B39BC for <saag@ietf.org>; Thu,  3 Sep 2015 14:19:15 -0700 (PDT)
Received: from localhost (unknown [209.135.209.5]) by odin.smetech.net (Postfix) with ESMTP id 099C6F24136 for <saag@ietf.org>; Thu,  3 Sep 2015 17:19:05 -0400 (EDT)
X-Virus-Scanned: amavisd-new at smetech.net
Received: from odin.smetech.net ([209.135.209.4]) by localhost (ronin.smeinc.net [209.135.209.5]) (amavisd-new, port 10024) with ESMTP id xv8ZG7R7C6We for <saag@ietf.org>; Thu,  3 Sep 2015 17:17:47 -0400 (EDT)
Received: from [192.168.2.100] (pool-108-51-128-219.washdc.fios.verizon.net [108.51.128.219]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by odin.smetech.net (Postfix) with ESMTP id 668FEF2412B for <saag@ietf.org>; Thu,  3 Sep 2015 17:18:44 -0400 (EDT)
Content-Type: text/plain; charset=us-ascii
Mime-Version: 1.0 (Apple Message framework v1085)
From: Russ Housley <housley@vigilsec.com>
In-Reply-To: <20150903211236.GV9021@mournblade.imrryr.org>
Date: Thu, 3 Sep 2015 17:18:33 -0400
Content-Transfer-Encoding: 7bit
Message-Id: <59606991-93CC-4F9C-BE7E-14AA8C1788A8@vigilsec.com>
References: <55A938F1.9090404@cs.tcd.ie> <20150720044849.GY28047@mournblade.imrryr.org> <B866063D-C1A8-4286-83E1-9EBAE7994297@vigilsec.com> <55E83554.6010808@cisco.com> <62CBD9E2-2DB4-4D3D-93E5-ADEB0F3D3C12@vigilsec.com> <20150903211236.GV9021@mournblade.imrryr.org>
To: saag@ietf.org
X-Mailer: Apple Mail (2.1085)
Archived-At: <http://mailarchive.ietf.org/arch/msg/saag/Bi3eqJ6RUlSoM5W_gxs1QklGhSs>
Subject: Re: [saag] AD review of draft-iab-crypto-alg-agility-06
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 03 Sep 2015 21:19:16 -0000

Viktor:

> On Thu, Sep 03, 2015 at 04:30:44PM -0400, Russ Housley wrote:
> 
>>   Institutions, being large or dominant users within a large user base,
>>   can assist by coordinating the demise of an algorithm suite, making
>>   the transition easier for their own users as well as others.
> 
> Nit: I still find the "Institutions, being large ..." phrasing a
> bit clumsy.  How about:
> 
>    Organizations that are dominant in the market or support a
>    large fraction of the user base, can help to overcome inertia
>    and hasten the deprecation of a weakened algorithm suite,
>    thereby making the transition easier for their own users as
>    well as others.


I proposed a change to that in a subsequent message...

   Dominant players in a market, or others with a sufficiently large
   user base, can assist by coordinating the demise of an algorithm
   suite, making the transition easier for their own users as well as
   others.

Russ


From nobody Thu Sep  3 14:22:27 2015
Return-Path: <rsalz@akamai.com>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8C0F61B394F for <saag@ietfa.amsl.com>; Thu,  3 Sep 2015 14:22:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.711
X-Spam-Level: 
X-Spam-Status: No, score=-2.711 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qM5yCzNdBLz2 for <saag@ietfa.amsl.com>; Thu,  3 Sep 2015 14:22:23 -0700 (PDT)
Received: from prod-mail-xrelay08.akamai.com (prod-mail-xrelay08.akamai.com [96.6.114.112]) by ietfa.amsl.com (Postfix) with ESMTP id A633A1B3704 for <saag@ietf.org>; Thu,  3 Sep 2015 14:22:22 -0700 (PDT)
Received: from prod-mail-xrelay08.akamai.com (localhost.localdomain [127.0.0.1]) by postfix.imss70 (Postfix) with ESMTP id BE51E74007D; Thu,  3 Sep 2015 21:22:21 +0000 (GMT)
Received: from prod-mail-relay08.akamai.com (prod-mail-relay08.akamai.com [172.27.22.71]) by prod-mail-xrelay08.akamai.com (Postfix) with ESMTP id A8E0D74001C; Thu,  3 Sep 2015 21:22:21 +0000 (GMT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=akamai.com; s=a1; t=1441315341; bh=UAa8gr/n+GF8N8NoyKUWe8DSvIkRaP24EJ8C62phns4=; l=296; h=From:To:Date:References:In-Reply-To:From; b=f122/M1DqXTH0x9kN6mx/jtQubMHudAs4ynd7qvnHd+DUy5LA4CuYcHeZv2XM/nV9 HV9jRhguVFpmRa1bxovcrEFyZF2luKuPWkXS0MD3ewpFt9YfGnlhto7aC0jFangLhs Jal3Gl/DysliyQB8NLXkW3XBInfIo+HwxL2DbOmY=
Received: from email.msg.corp.akamai.com (ustx2ex-cas1.msg.corp.akamai.com [172.27.25.30]) by prod-mail-relay08.akamai.com (Postfix) with ESMTP id A59D098082; Thu,  3 Sep 2015 21:22:21 +0000 (GMT)
Received: from USTX2EX-DAG1MB3.msg.corp.akamai.com (172.27.27.103) by ustx2ex-dag1mb4.msg.corp.akamai.com (172.27.27.104) with Microsoft SMTP Server (TLS) id 15.0.1076.9; Thu, 3 Sep 2015 16:22:21 -0500
Received: from USTX2EX-DAG1MB3.msg.corp.akamai.com ([172.27.27.103]) by ustx2ex-dag1mb3.msg.corp.akamai.com ([172.27.27.103]) with mapi id 15.00.1076.000; Thu, 3 Sep 2015 16:22:21 -0500
From: "Salz, Rich" <rsalz@akamai.com>
To: Russ Housley <housley@vigilsec.com>, "saag@ietf.org" <saag@ietf.org>
Thread-Topic: [saag] AD review of draft-iab-crypto-alg-agility-06
Thread-Index: AQHQ5cC+021A7RxjOEahYRWcAOaGUp4rB1UAgACPywCAAAuzAIAAAaqA//+tCfA=
Date: Thu, 3 Sep 2015 21:22:20 +0000
Message-ID: <421a834365f04dcf8bbf6200184031c8@ustx2ex-dag1mb3.msg.corp.akamai.com>
References: <55A938F1.9090404@cs.tcd.ie> <20150720044849.GY28047@mournblade.imrryr.org> <B866063D-C1A8-4286-83E1-9EBAE7994297@vigilsec.com> <55E83554.6010808@cisco.com> <62CBD9E2-2DB4-4D3D-93E5-ADEB0F3D3C12@vigilsec.com> <20150903211236.GV9021@mournblade.imrryr.org> <59606991-93CC-4F9C-BE7E-14AA8C1788A8@vigilsec.com>
In-Reply-To: <59606991-93CC-4F9C-BE7E-14AA8C1788A8@vigilsec.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [172.19.42.8]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: <http://mailarchive.ietf.org/arch/msg/saag/l7xkqnBOdghOwsKxY-LbSVmKppo>
Subject: Re: [saag] AD review of draft-iab-crypto-alg-agility-06
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 03 Sep 2015 21:22:26 -0000

>    Dominant players in a market, or others with a sufficiently large
>    user base, can assist by coordinating the demise of an algorithm
>    suite, making the transition easier for their own users as well as
>    others.

How about "Organizations that have a large influence, can ..."


From nobody Thu Sep  3 14:27:17 2015
Return-Path: <ietf-dane@dukhovni.org>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 522D91B2E4F for <saag@ietfa.amsl.com>; Thu,  3 Sep 2015 14:27:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level: 
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id N5JX9YIv88rf for <saag@ietfa.amsl.com>; Thu,  3 Sep 2015 14:27:13 -0700 (PDT)
Received: from mournblade.imrryr.org (mournblade.imrryr.org [38.117.134.19]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8FD4C1AD04E for <saag@ietf.org>; Thu,  3 Sep 2015 14:27:13 -0700 (PDT)
Received: by mournblade.imrryr.org (Postfix, from userid 1034) id E5A14284B6C; Thu,  3 Sep 2015 21:27:12 +0000 (UTC)
Date: Thu, 3 Sep 2015 21:27:12 +0000
From: Viktor Dukhovni <ietf-dane@dukhovni.org>
To: "saag@ietf.org" <saag@ietf.org>
Message-ID: <20150903212712.GX9021@mournblade.imrryr.org>
References: <55A938F1.9090404@cs.tcd.ie> <20150720044849.GY28047@mournblade.imrryr.org> <B866063D-C1A8-4286-83E1-9EBAE7994297@vigilsec.com> <55E83554.6010808@cisco.com> <62CBD9E2-2DB4-4D3D-93E5-ADEB0F3D3C12@vigilsec.com> <20150903211236.GV9021@mournblade.imrryr.org> <59606991-93CC-4F9C-BE7E-14AA8C1788A8@vigilsec.com> <421a834365f04dcf8bbf6200184031c8@ustx2ex-dag1mb3.msg.corp.akamai.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <421a834365f04dcf8bbf6200184031c8@ustx2ex-dag1mb3.msg.corp.akamai.com>
User-Agent: Mutt/1.5.23 (2014-03-12)
Archived-At: <http://mailarchive.ietf.org/arch/msg/saag/m-FcqYmxoTUYXQlZ3eupbXXK-C4>
Subject: Re: [saag] AD review of draft-iab-crypto-alg-agility-06
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: "saag@ietf.org" <saag@ietf.org>
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 03 Sep 2015 21:27:15 -0000

On Thu, Sep 03, 2015 at 09:22:20PM +0000, Salz, Rich wrote:

> >    Dominant players in a market, or others with a sufficiently large
> >    user base, can assist by coordinating the demise of an algorithm
> >    suite, making the transition easier for their own users as well as
> >    others.
> 
> How about "Organizations that have a large influence, can ..."

Perhaps, but the original above is I think good enough, the gains,
if any from the proposed replacement are marginal.  The new version
is much less clumsy than the original.

-- 
	Viktor.


From nobody Thu Sep  3 14:30:31 2015
Return-Path: <rsalz@akamai.com>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 95AB61B3934 for <saag@ietfa.amsl.com>; Thu,  3 Sep 2015 14:30:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.796
X-Spam-Level: 
X-Spam-Status: No, score=0.796 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FH_RELAY_NODNS=1.451, HELO_MISMATCH_COM=0.553, RDNS_NONE=0.793, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vmMmEPlYeRld for <saag@ietfa.amsl.com>; Thu,  3 Sep 2015 14:30:28 -0700 (PDT)
Received: from prod-mail-xrelay05.akamai.com (unknown [23.79.238.179]) by ietfa.amsl.com (Postfix) with ESMTP id ABC5F1B377D for <saag@ietf.org>; Thu,  3 Sep 2015 14:30:28 -0700 (PDT)
Received: from prod-mail-xrelay05.akamai.com (localhost.localdomain [127.0.0.1]) by postfix.imss70 (Postfix) with ESMTP id AEA0E4B9E0 for <saag@ietf.org>; Thu,  3 Sep 2015 21:30:27 +0000 (GMT)
Received: from prod-mail-relay11.akamai.com (prod-mail-relay11.akamai.com [172.27.118.250]) by prod-mail-xrelay05.akamai.com (Postfix) with ESMTP id 96EA0480B5 for <saag@ietf.org>; Thu,  3 Sep 2015 21:30:27 +0000 (GMT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=akamai.com; s=a1; t=1441315827; bh=afbPlzxjc77A9vTAN3YV546VFDjWAvZLCn+MVuJtb90=; h=From:To:Subject:Date:References:In-Reply-To:From; b=XY+e2QYcLk6hVlqOxf6NbER+i1rbfzIX8P0a9cedaUx4lCQ5NA4T2L8toSOUAdSVT GBDbtLedHBEGTaJjS4nL7GVbR0f5NxL5kL7ZNwPvjjDlNDYA1/prULzorUVV6qWRmj 3dTGqC9NG/7iSCzMtMEwViLpQB+r2hdwhzfRoxd0=
Received: from email.msg.corp.akamai.com (ustx2ex-cas5.msg.corp.akamai.com [172.27.25.34]) by prod-mail-relay11.akamai.com (Postfix) with ESMTP id 7D376202A for <saag@ietf.org>; Thu,  3 Sep 2015 21:30:27 +0000 (GMT)
Received: from USTX2EX-DAG1MB3.msg.corp.akamai.com (172.27.27.103) by ustx2ex-dag1mb3.msg.corp.akamai.com (172.27.27.103) with Microsoft SMTP Server (TLS) id 15.0.1076.9; Thu, 3 Sep 2015 16:30:26 -0500
Received: from USTX2EX-DAG1MB3.msg.corp.akamai.com ([172.27.27.103]) by ustx2ex-dag1mb3.msg.corp.akamai.com ([172.27.27.103]) with mapi id 15.00.1076.000; Thu, 3 Sep 2015 16:30:26 -0500
From: "Salz, Rich" <rsalz@akamai.com>
To: "saag@ietf.org" <saag@ietf.org>
Thread-Topic: [saag] AD review of draft-iab-crypto-alg-agility-06
Thread-Index: AQHQ5cC+021A7RxjOEahYRWcAOaGUp4rB1UAgACPywCAAAuzAIAAAaqA//+tCfCAAFVhAP//rOkA
Date: Thu, 3 Sep 2015 21:30:26 +0000
Message-ID: <ba8574cf5aa542d99b630fabf9af63fc@ustx2ex-dag1mb3.msg.corp.akamai.com>
References: <55A938F1.9090404@cs.tcd.ie> <20150720044849.GY28047@mournblade.imrryr.org> <B866063D-C1A8-4286-83E1-9EBAE7994297@vigilsec.com> <55E83554.6010808@cisco.com> <62CBD9E2-2DB4-4D3D-93E5-ADEB0F3D3C12@vigilsec.com> <20150903211236.GV9021@mournblade.imrryr.org> <59606991-93CC-4F9C-BE7E-14AA8C1788A8@vigilsec.com> <421a834365f04dcf8bbf6200184031c8@ustx2ex-dag1mb3.msg.corp.akamai.com> <20150903212712.GX9021@mournblade.imrryr.org>
In-Reply-To: <20150903212712.GX9021@mournblade.imrryr.org>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [172.19.42.8]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: <http://mailarchive.ietf.org/arch/msg/saag/kX-8eTU509VUyzHRgjpyooAS00I>
Subject: Re: [saag] AD review of draft-iab-crypto-alg-agility-06
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 03 Sep 2015 21:30:30 -0000

> Perhaps, but the original above is I think good enough, the gains, if any=
 from

I dislike the phrase "dominant players" given the history of anti-trust in =
this industry.


From nobody Thu Sep  3 14:31:21 2015
Return-Path: <kathleen.moriarty.ietf@gmail.com>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4EC521B3A85 for <saag@ietfa.amsl.com>; Thu,  3 Sep 2015 14:31:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level: 
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9,  DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Gab6IQkd0fkz for <saag@ietfa.amsl.com>; Thu,  3 Sep 2015 14:31:17 -0700 (PDT)
Received: from mail-wi0-x235.google.com (mail-wi0-x235.google.com [IPv6:2a00:1450:400c:c05::235]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3DCC51B399B for <saag@ietf.org>; Thu,  3 Sep 2015 14:31:17 -0700 (PDT)
Received: by wicge5 with SMTP id ge5so1573203wic.0 for <saag@ietf.org>; Thu, 03 Sep 2015 14:31:15 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;  h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=SRW5jIJqijyOWoX42OdU0yC9BWXFyU4BDvCAOH69ASs=; b=CydGsoXtZFr1ldQMJL+qySxWRhD/bIlaRut0/yXvyn9yGOhp477JR4SYM60O3KEb2l R/9pkHJvMofXw+L8m/cmwsVCE+qRZ4musgaJEVWjSAhUtz/LdIbd4qyD6AmQNV3vSOQa hMofsGlZIqpymnzfib7YL/5gFIlVotNdNXq3YaZOhgJq9wqmyAK5Box6Ay3wmNOpLeBh +9sxLE4TrhPJwNCIc5bb5WJnXBVhBhJ0a2AzjfA0Mz4kH/N90r6/rVwq/BgxZBJmsyAU EsOVL/xMLeCP/TjDbFn73zJG9mH/kmOQoZJ1NBLcvEHtHVPF9ks6290PX0vmXYDufOem DuZw==
MIME-Version: 1.0
X-Received: by 10.180.106.68 with SMTP id gs4mr314499wib.61.1441315875886; Thu, 03 Sep 2015 14:31:15 -0700 (PDT)
Received: by 10.28.157.84 with HTTP; Thu, 3 Sep 2015 14:31:15 -0700 (PDT)
In-Reply-To: <tsld1xzjjyb.fsf@mit.edu>
References: <CAHbuEH6w+O-TSA9SRP-9TrM+Hdh+vn7Me+tdJrFTNY_-Nbenug@mail.gmail.com> <20150901165526.GU9021@mournblade.imrryr.org> <4F6E430F-61E7-46BA-9B4A-8E12156B62FA@vigilsec.com> <20150901211906.GA9021@mournblade.imrryr.org> <E44EE5B3-1469-49D7-9C15-299230E13779@vigilsec.com> <tsl8u8pmzta.fsf@mit.edu> <92D9378E-4724-4721-A5F4-26614D96831E@gmail.com> <20150902040145.GD9021@mournblade.imrryr.org> <CAC4RtVBJQX+B3XvnGnUpHbHdyw08Yn+CEGXML7K+c3q2pLNa7w@mail.gmail.com> <20150902223418.GS9021@mournblade.imrryr.org> <C1143EE0-499A-4DD5-B412-53F03A8C28BE@vigilsec.com> <tsld1xzjjyb.fsf@mit.edu>
Date: Thu, 3 Sep 2015 17:31:15 -0400
Message-ID: <CAHbuEH4iFCeTuaYhaeMK7M74mpgWYdFLJ_ybV1m-ZDgUVkPzww@mail.gmail.com>
From: Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com>
To: Sam Hartman <hartmans-ietf@mit.edu>
Content-Type: text/plain; charset=UTF-8
Archived-At: <http://mailarchive.ietf.org/arch/msg/saag/KIjclaii3IwHfpi2ALlIoVMT5kg>
Cc: "saag@ietf.org" <saag@ietf.org>
Subject: Re: [saag] Section 2.9: was Re: AD review of draft-iab-crypto-alg-agility-06
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 03 Sep 2015 21:31:19 -0000

On Thu, Sep 3, 2015 at 5:01 PM, Sam Hartman <hartmans-ietf@mit.edu> wrote:
>>>>>> "Russ" == Russ Housley <housley@vigilsec.com> writes:
>     Russ> Would it help to change "As a result" to "As a result, when
>     Russ> communicating parties do not have strong algorithms in
>     Russ> common"?
>
> Yes!
> that sounds great.

I'm fine with this change as well.

Thanks.
>
> _______________________________________________
> saag mailing list
> saag@ietf.org
> https://www.ietf.org/mailman/listinfo/saag



-- 

Best regards,
Kathleen


From nobody Thu Sep  3 14:48:16 2015
Return-Path: <nico@cryptonector.com>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 83D861A1A6B for <saag@ietfa.amsl.com>; Thu,  3 Sep 2015 14:48:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.366
X-Spam-Level: 
X-Spam-Status: No, score=-2.366 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, IP_NOT_FRIENDLY=0.334, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jaTjG1FqPz39 for <saag@ietfa.amsl.com>; Thu,  3 Sep 2015 14:48:13 -0700 (PDT)
Received: from homiemail-a103.g.dreamhost.com (sub4.mail.dreamhost.com [69.163.253.135]) by ietfa.amsl.com (Postfix) with ESMTP id 2BDE41A8AFE for <saag@ietf.org>; Thu,  3 Sep 2015 14:48:13 -0700 (PDT)
Received: from homiemail-a103.g.dreamhost.com (localhost [127.0.0.1]) by homiemail-a103.g.dreamhost.com (Postfix) with ESMTP id C7F8C2005E629; Thu,  3 Sep 2015 14:48:12 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=cryptonector.com; h=date :from:to:subject:message-id:references:mime-version:content-type :in-reply-to; s=cryptonector.com; bh=8vwsfMGI3iGi2/WQP5YRitclPf8 =; b=Fb5kM4nbJYwCQRYyVHHalz0ySbG6v6nnZpr/yOq1oDDW4lzApg5HP1dJEBg UZxnQuUtdqmByIcW2UK3FUUOlC28K7Phs6BmY/LxLISPxjPBQagifX9nGrX6cXAB Ka4f+dl3Pw9zUeDcO3FMbnD3uHydNK0qLZbjYXz9JVEwlRBk=
Received: from localhost (108-207-244-100.lightspeed.austtx.sbcglobal.net [108.207.244.100]) (Authenticated sender: nico@cryptonector.com) by homiemail-a103.g.dreamhost.com (Postfix) with ESMTPA id 00C8D2005E623; Thu,  3 Sep 2015 14:48:11 -0700 (PDT)
Date: Thu, 3 Sep 2015 16:48:10 -0500
From: Nico Williams <nico@cryptonector.com>
To: saag@ietf.org
Message-ID: <20150903214809.GE1541@localhost>
References: <55A938F1.9090404@cs.tcd.ie> <20150720044849.GY28047@mournblade.imrryr.org> <B866063D-C1A8-4286-83E1-9EBAE7994297@vigilsec.com> <20150902212858.GM9021@mournblade.imrryr.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20150902212858.GM9021@mournblade.imrryr.org>
User-Agent: Mutt/1.5.21 (2010-09-15)
Archived-At: <http://mailarchive.ietf.org/arch/msg/saag/RqB4BlEMpUxFqBi4ba7uftMCxlA>
Subject: Re: [saag] AD review of draft-iab-crypto-alg-agility-06
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 03 Sep 2015 21:48:14 -0000

On Wed, Sep 02, 2015 at 09:28:58PM +0000, Viktor Dukhovni wrote:
> On Wed, Sep 02, 2015 at 04:48:38PM -0400, Russ Housley wrote:
>     2.5.  Cryptographic Key Management
> 
>        Traditionally, protocol designers have avoided more than one approach
>        to key management because it makes the security analysis of the
>        overall protocol more difficult.  When frameworks such as EAP and
>        GSSAPI are employed, the key management is very flexible, often
>        hiding many of the details from the application.  This results in
>        protocols that support multiple key management approaches.  In fact,
>        the key management approach itself may be negotiable, which creates a
>        design challenge to protect the negotiation of the key management
>        approach before it is used to produce cryptographic keys.
> 
>        Protocols can negotiate a key management approach, derive an initial
>        cryptographic key, and then authenticate the negotiation.  However,
>        if the authentication fails, the only recourse is to start the
>        negotiation over from the beginning.
> 
>        Some environments will restrict the key management approaches by
>        policy.  Such policies tend to improve interoperability within a
>        particular environment, but they cause problems for individuals that
>        need to work in multiple incompatible environments.
> 
> Reading section 2.5 again, and being well versed in both TLS and
> GSSAPI (I commit code to both OpenSSL and Heimdal), I still have
> no idea what it is saying.  In what sense is "key management" (which
> for me means how keys are deployed and rotated) "negotiated" in
> the protocol.

I think what this is referring to is that *applications* may not get a
great deal of visibility into what happens at negotiation time.

Of course, local policy can still be applied ex-application, so that's
not fatal.

Any time you have a lot of options and layered frameworks we get this
problem.  Even plain TLS has quite a few things to represent to an
application that wishes to impose some policy.

The simplest approach, IMO, is to have local policy ex-application, with
applications at most naming a local policy to apply.

> Is this talking about "Key Exchange" rather than "Key Management"?
> Is the problem you have in mind that when, for example, negotiating
> "GSSAPI" in SASL one might not know what that entails before deciding
> to use GSSAPI over some other SASL mechanism?
> 
> Whatever this section is trying to say, I'm just not smart enough
> to figure it out, even with the hint in this response.

Because I've dealt (struggled) with this before, it's quite clear to me
what Russ intended to convey.  I agree that it's not necessarily clear
to others because the word "application" appears only once, in the first
paragraph.  So it can be made clearer.

Nico
-- 


From nobody Thu Sep  3 14:54:46 2015
Return-Path: <huitema@microsoft.com>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A83CA1B414F for <saag@ietfa.amsl.com>; Thu,  3 Sep 2015 14:54:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.902
X-Spam-Level: 
X-Spam-Status: No, score=-1.902 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qWPGfHPScjv6 for <saag@ietfa.amsl.com>; Thu,  3 Sep 2015 14:54:43 -0700 (PDT)
Received: from na01-bl2-obe.outbound.protection.outlook.com (mail-bl2on0120.outbound.protection.outlook.com [65.55.169.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0EE321A01F9 for <saag@ietf.org>; Thu,  3 Sep 2015 14:54:42 -0700 (PDT)
Received: from DM2PR0301MB0654.namprd03.prod.outlook.com (10.160.96.16) by DM2PR0301MB0669.namprd03.prod.outlook.com (10.160.96.19) with Microsoft SMTP Server (TLS) id 15.1.256.15; Thu, 3 Sep 2015 21:54:42 +0000
Received: from DM2PR0301MB0655.namprd03.prod.outlook.com (10.160.96.17) by DM2PR0301MB0654.namprd03.prod.outlook.com (10.160.96.16) with Microsoft SMTP Server (TLS) id 15.1.256.15; Thu, 3 Sep 2015 21:54:41 +0000
Received: from DM2PR0301MB0655.namprd03.prod.outlook.com ([10.160.96.17]) by DM2PR0301MB0655.namprd03.prod.outlook.com ([10.160.96.17]) with mapi id 15.01.0256.013; Thu, 3 Sep 2015 21:54:40 +0000
From: Christian Huitema <huitema@microsoft.com>
To: "Salz, Rich" <rsalz@akamai.com>, "saag@ietf.org" <saag@ietf.org>
Thread-Topic: [saag] AD review of draft-iab-crypto-alg-agility-06
Thread-Index: AQHQwLSqpuE/uycWaUm/m9eo13E63Z3jzVOAgEYyvwCAAP2JAIAAj8wAgAALsgCAAAGqgIAAAQ8AgAABXACAAADnAIAABakQ
Date: Thu, 3 Sep 2015 21:54:40 +0000
Message-ID: <DM2PR0301MB06550C9610C859271EAEC04BA8680@DM2PR0301MB0655.namprd03.prod.outlook.com>
References: <55A938F1.9090404@cs.tcd.ie> <20150720044849.GY28047@mournblade.imrryr.org> <B866063D-C1A8-4286-83E1-9EBAE7994297@vigilsec.com> <55E83554.6010808@cisco.com> <62CBD9E2-2DB4-4D3D-93E5-ADEB0F3D3C12@vigilsec.com> <20150903211236.GV9021@mournblade.imrryr.org> <59606991-93CC-4F9C-BE7E-14AA8C1788A8@vigilsec.com> <421a834365f04dcf8bbf6200184031c8@ustx2ex-dag1mb3.msg.corp.akamai.com> <20150903212712.GX9021@mournblade.imrryr.org> <ba8574cf5aa542d99b630fabf9af63fc@ustx2ex-dag1mb3.msg.corp.akamai.com>
In-Reply-To: <ba8574cf5aa542d99b630fabf9af63fc@ustx2ex-dag1mb3.msg.corp.akamai.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
authentication-results: spf=none (sender IP is ) smtp.mailfrom=huitema@microsoft.com; 
x-originating-ip: [2001:4898:80e8:5::6b2]
x-microsoft-exchange-diagnostics: 1; DM2PR0301MB0654; 5:ih8jqR3/67Q/NxKJwQc1eFznXlASMMZD14HUrAvpm9i6yzfbQr/QwE3hzwvQRH7Bc0ct32tZ47qPBuo5LoqGDNB/GuWpgiSuq3lbKnT7pWDRpYhiDGvxEhkDZL2enYtRhLImlE98I6KAgpfOPbNYQw==; 24:fLFAt6HPURMEScTchELtv8bI7PSJTEg6ZXkAzrYVwtzQcCjx3WoDfB3SBdPHzZjAgqjSi8SAotr6IJweBMnaKE8SPA9/AYEYpPV6Oc+xDNY=; 20:Lvxcp8bd6TIcoVmUQLUz+7CluzPG2OgL5vWrq9wrFWNSsh18gVDtmhWew0dwG8fv7AsaVBsCNa7JuDdFQ2HQkQ==
x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:DM2PR0301MB0654;
x-microsoft-antispam-prvs: <DM2PR0301MB0654F7491E9367F533D2CF6EA8680@DM2PR0301MB0654.namprd03.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:;
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(601004)(2401001)(8121501046)(5005006)(3002001); SRVR:DM2PR0301MB0654;  BCL:0; PCL:0; RULEID:; SRVR:DM2PR0301MB0654; 
x-forefront-prvs: 0688BF9B46
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(6009001)(24454002)(377454003)(199003)(189002)(68736005)(54356999)(5002640100001)(2900100001)(5001770100001)(86612001)(4001540100001)(19580395003)(5001860100001)(107886002)(2950100001)(5001960100002)(5001830100001)(74316001)(33656002)(76176999)(101416001)(50986999)(97736004)(64706001)(5003600100002)(86362001)(87936001)(2501003)(106116001)(5004730100002)(46102003)(122556002)(189998001)(230783001)(76576001)(62966003)(40100003)(106356001)(5007970100001)(10290500002)(77096005)(19580405001)(102836002)(8990500004)(77156002)(5005710100001)(105586002)(10090500001)(92566002)(99286002)(10400500002)(81156007)(93886004)(3826002); DIR:OUT; SFP:1102; SCL:1; SRVR:DM2PR0301MB0654; H:DM2PR0301MB0655.namprd03.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en; 
received-spf: None (protection.outlook.com: microsoft.com does not designate permitted sender hosts)
spamdiagnosticoutput: 1:23
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-originalarrivaltime: 03 Sep 2015 21:54:40.7377 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM2PR0301MB0654
X-Microsoft-Exchange-Diagnostics: 1; DM2PR0301MB0669; 2:oVmgLGmOmXNAvnoWI2GpK1eY748M6cDjHkPEvWzsSx801Frdd2BaBj4C0SryTJ+ulwWi3XgACGm5riXdE7aN+LXapiO+9xIV+5zvyPe7CuC0rhNZ/pxOkeKHcYdg92uy/rtAVHl632MTOcoNGSrqFISvvbPN6u+Qwyo5WgYph0c=; 23:WWzqxkvfq4QovtQ3VEGaCBuaDiuo0BVxeLDXTA0oVXUABjDIi3MHOT3u7dMeFP7vBZiXu+LC4tQh/C011XHp2pS6InjIX656zypQokAkVmYbFsBCFaET+I7qrKIRkfh5i6o/zqM5JoL94EAfHA64/lz2TvxofDRA8YABMiQc5YcOgfT+w+OWHyZMRUau7Lt/
X-OriginatorOrg: microsoft.com
Archived-At: <http://mailarchive.ietf.org/arch/msg/saag/r0XdTfHzkTYkuo7Ah8Isw_h0b2U>
Subject: Re: [saag] AD review of draft-iab-crypto-alg-agility-06
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 03 Sep 2015 21:54:44 -0000

On  Thursday, September 3, 2015 2:30 PM, Rich Salz wrote:
> To: saag@ietf.org
> Subject: Re: [saag] AD review of draft-iab-crypto-alg-agility-06
>=20
> > Perhaps, but the original above is I think good enough, the gains, if a=
ny from
>=20
> I dislike the phrase "dominant players" given the history of anti-trust i=
n this
> industry.

+1

You can use words like "large market share" or "large user base", which are=
 factual. "Dominant" is an opinion with legal implications... And you proba=
bly don't want to advice big companies to "use your dominant position to bu=
lly smaller competitors!"

-- Christian Huitema




From nobody Thu Sep  3 14:56:34 2015
Return-Path: <ietf-dane@dukhovni.org>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 647101B420F for <saag@ietfa.amsl.com>; Thu,  3 Sep 2015 14:56:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level: 
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id D6uPdP4M_l3N for <saag@ietfa.amsl.com>; Thu,  3 Sep 2015 14:56:27 -0700 (PDT)
Received: from mournblade.imrryr.org (mournblade.imrryr.org [38.117.134.19]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2E10E1B41F3 for <saag@ietf.org>; Thu,  3 Sep 2015 14:56:27 -0700 (PDT)
Received: by mournblade.imrryr.org (Postfix, from userid 1034) id 5E84F284B6C; Thu,  3 Sep 2015 21:56:26 +0000 (UTC)
Date: Thu, 3 Sep 2015 21:56:26 +0000
From: Viktor Dukhovni <ietf-dane@dukhovni.org>
To: saag@ietf.org
Message-ID: <20150903215626.GY9021@mournblade.imrryr.org>
References: <55A938F1.9090404@cs.tcd.ie> <20150720044849.GY28047@mournblade.imrryr.org> <B866063D-C1A8-4286-83E1-9EBAE7994297@vigilsec.com> <20150902212858.GM9021@mournblade.imrryr.org> <A4F863D6-6917-40FD-B205-36E909015A98@vigilsec.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <A4F863D6-6917-40FD-B205-36E909015A98@vigilsec.com>
User-Agent: Mutt/1.5.23 (2014-03-12)
Archived-At: <http://mailarchive.ietf.org/arch/msg/saag/UW9l8e8nD8O1bkjz11zM-RvOt1g>
Subject: Re: [saag] AD review of draft-iab-crypto-alg-agility-06
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: saag@ietf.org
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 03 Sep 2015 21:56:30 -0000

On Thu, Sep 03, 2015 at 05:16:14PM -0400, Russ Housley wrote:

> >    2.5.  Cryptographic Key Management
> > 
> >       [...]
> > 
> > Is this talking about "Key Exchange" rather than "Key Management"?
> > Is the problem you have in mind that when, for example, negotiating
> > "GSSAPI" in SASL one might not know what that entails before deciding
> > to use GSSAPI over some other SASL mechanism?
> > 
> > Whatever this section is trying to say, I'm just not smart enough
> > to figure it out, even with the hint in this response.
> 
> Perhaps the section heading has been the problem all along.
> 
> Yes, the use of GSSAPI by SASL is another example.  In fact RFC 4422 makes the point:
> 
>    Note that the mechanism negotiation is not protected by the
>    subsequent authentication exchange and hence is subject to downgrade
>    attacks if not protected by other means.
> 
> Does "Cryptographic Key Establishment Techniques" work better for you?

OK, so perhaps we're talking about negotiating "Key Establishment"
methods.  Or perhaps in fact "layered" security protocols where
the outer security protocol negotiates one of many inner security
protocols (opaque to the outer protocol) and the inner protocols
do the actual crypto.

In the SASL case when choosing between PLAIN, GSSAPI, EXTERNAL,
...  there may in fact be no integrity protection of the outer
negotiation and lack of transparency about the compative strengths
of the available alternatives.

Beyond repairing the heading (which is important), the content of
that section still needs work, because it should have been clear
what it means even with a misleading heading.

> How about this:
> 
>    Dominant players in a market, or others with a sufficiently large
>    user base, can assist by coordinating the demise of an algorithm
>    suite, making the transition easier for their own users as well as
>    others.

[ Duplicate, yes good. ]

> The current wording is:
> 
>    Performance is always a factor is selecting cryptographic algorithms.
>    Performance and security need to be balanced.  Some algorithms offer
>    flexibility in their strength by adjusting the key size, number of
>    rounds, authentication tag size, prime group size, and so on.  For
>    example, TLS cipher suites include Diffie-Hellman or RSA without
>    specifying a particular public key length.  If the algorithm
>    identifier or suite identifier named a particular public key length,
>    migration to longer ones would be more difficult.  On the other hand,
>    inclusion of a public key length would make it easier to migrate away
>    from short ones when computational resources available to attacker
>    dictate the need to do so.  The flexibility on asymmetric key length
>    has led to interoperability problems, and to avoid these problems in
>    the future any aspect of the algorithm not specified by the algorithm
>    identifiers need to be negotiated, including key size and parameters.

Close enough I guess.  I hope protocol designers will make sensible
choices.  Thus, for example, in TLS I would not suggest different
suites for each of a small set of supported RSA modulus bit lengths.

On the other hand, in DNSSEC, I would in fact have been tempted to
nail down the modulus sizes as part of the algorithm id.  The good
news is that we get that with the EC algorithms for DNSSEC (one
algorithm id per-curve) and I expect that eventually the RSA
algorithms for DNSSEC will be deprecated (though it may take a
decade or more).

So the "right thing to do" here varies a bit by context.

-- 
	Viktor.


From nobody Thu Sep  3 15:19:01 2015
Return-Path: <nico@cryptonector.com>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BD3CB1A88ED for <saag@ietfa.amsl.com>; Thu,  3 Sep 2015 15:18:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.366
X-Spam-Level: 
X-Spam-Status: No, score=-2.366 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, IP_NOT_FRIENDLY=0.334, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id njb8WkUOEDMg for <saag@ietfa.amsl.com>; Thu,  3 Sep 2015 15:18:58 -0700 (PDT)
Received: from homiemail-a29.g.dreamhost.com (sub4.mail.dreamhost.com [69.163.253.135]) by ietfa.amsl.com (Postfix) with ESMTP id 846841A1F04 for <saag@ietf.org>; Thu,  3 Sep 2015 15:18:58 -0700 (PDT)
Received: from homiemail-a29.g.dreamhost.com (localhost [127.0.0.1]) by homiemail-a29.g.dreamhost.com (Postfix) with ESMTP id 42086674058; Thu,  3 Sep 2015 15:18:58 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=cryptonector.com; h=date :from:to:subject:message-id:references:mime-version:content-type :in-reply-to; s=cryptonector.com; bh=36N6XW0YYrgMO+vk/2vI7smuWLw =; b=InrNZLojemJR5dyh2ikaoOMf+3SmizHPaLT9LZYATrP1tcZHsDEICmFMNcU m0/YCQOPlXZV2C6SqUzqONT3xUac1LV0j36SGxJWuRdLdab/qzIJ1DZaJeR40Ow0 N/M7LzW11vCdi03wIFkuEnjHZ04XQ74t+fb0jn+yLv5h+5GA=
Received: from localhost (108-207-244-100.lightspeed.austtx.sbcglobal.net [108.207.244.100]) (Authenticated sender: nico@cryptonector.com) by homiemail-a29.g.dreamhost.com (Postfix) with ESMTPA id 9BF2F674057; Thu,  3 Sep 2015 15:18:57 -0700 (PDT)
Date: Thu, 3 Sep 2015 17:18:56 -0500
From: Nico Williams <nico@cryptonector.com>
To: saag@ietf.org
Message-ID: <20150903221855.GF1541@localhost>
References: <55A938F1.9090404@cs.tcd.ie> <20150720044849.GY28047@mournblade.imrryr.org> <B866063D-C1A8-4286-83E1-9EBAE7994297@vigilsec.com> <20150902212858.GM9021@mournblade.imrryr.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20150902212858.GM9021@mournblade.imrryr.org>
User-Agent: Mutt/1.5.21 (2010-09-15)
Archived-At: <http://mailarchive.ietf.org/arch/msg/saag/Am1Q_jLKBrKuA19l0oqSF2T-utg>
Subject: Re: [saag] AD review of draft-iab-crypto-alg-agility-06
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 03 Sep 2015 22:18:59 -0000

Viktor asks me what the take-away from section 2.5 should be.  IMO it is
as follows.

Applications (app devs) and users are not in a good position to evaluate
cryptographic strength (and acceptability) of outcomes of protocol
negotiations, therefore this should be moved to local policy.  Local
policy includes defaults provided by implementors of security mechanisms
(TLS, Kerberos, etcetera).

This I-D, aiming to be a BCP, needs to outline a best practice as to
policy.  That best practice, IMO, is to give application developers and
users a very small control knob: a choice between named policies with
simple semantics.  "Strong", "normal", "opportunistic", "maximally
interoperable", "weak" -- these are both, good names and descriptions of
possible policies to apply; they are also good descriptors of outcomes.

Local policy should be expressible in some way, but it's OK if it's
hardcoded in implementations, as long as there are choices like the ones
I listed above, as those are the ones that applications and their users
need to apply.

It's OK -expected!- that the content of such policies will vary over
time because the relative strengths of cryptographic algorithms and
protocols vary over time as cryptanalysis improves.

Another take-away here is that implementors of security mechanisms and
frameworks really must provide interfaces by which to request a policy
to apply.  I.e., SASL, GSS, and others need a way for the application to
request a policy or check whether an outcome meets a given policy.  It's
not really enough to tell users to edit N configuration files,
especially if that makes it difficult to have more than one policy.

Now, local policy is NOT really part of a protocol.  So, this guidance
can't be for protocol designers.  It can be for framework API designers
(e.g., for us in KITTEN WG).  It can be for implementors of protocols
and frameworks.  That's OK, we can do that in a BCP.

Nico
-- 


From nobody Thu Sep  3 15:27:23 2015
Return-Path: <ietf-dane@dukhovni.org>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5F07A1B35F3 for <saag@ietfa.amsl.com>; Thu,  3 Sep 2015 15:27:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level: 
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FQEoL4x45-Zu for <saag@ietfa.amsl.com>; Thu,  3 Sep 2015 15:27:21 -0700 (PDT)
Received: from mournblade.imrryr.org (mournblade.imrryr.org [38.117.134.19]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 159821B339F for <saag@ietf.org>; Thu,  3 Sep 2015 15:27:21 -0700 (PDT)
Received: by mournblade.imrryr.org (Postfix, from userid 1034) id 6B647284B6C; Thu,  3 Sep 2015 22:27:20 +0000 (UTC)
Date: Thu, 3 Sep 2015 22:27:20 +0000
From: Viktor Dukhovni <ietf-dane@dukhovni.org>
To: saag@ietf.org
Message-ID: <20150903222720.GA9021@mournblade.imrryr.org>
References: <55A938F1.9090404@cs.tcd.ie> <20150720044849.GY28047@mournblade.imrryr.org> <B866063D-C1A8-4286-83E1-9EBAE7994297@vigilsec.com> <20150902212858.GM9021@mournblade.imrryr.org> <20150903221855.GF1541@localhost>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20150903221855.GF1541@localhost>
User-Agent: Mutt/1.5.23 (2014-03-12)
Archived-At: <http://mailarchive.ietf.org/arch/msg/saag/bLvxCfDy-B3hOT16DFJGr8edI_w>
Subject: Re: [saag] AD review of draft-iab-crypto-alg-agility-06
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: saag@ietf.org
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 03 Sep 2015 22:27:22 -0000

On Thu, Sep 03, 2015 at 05:18:56PM -0500, Nico Williams wrote:

> Viktor asks me what the take-away from section 2.5 should be.  IMO it is
> as follows.

Furthermore, Viktor, continuing to "play dumb" in the third person,
still does not see how mere mortals might reach conclusions similar
to Nico's from the current text.  So much so, that he can well
imagine that the text might be trying to say something entirely
different.

So, whether Nico's reading is right, or wrong, please make the text
more clearly carry its intended meaning, along with some tangible
best-practice for protocol, library or application designers.

-- 
	Viktor.


From nobody Thu Sep  3 16:34:50 2015
Return-Path: <watsonbladd@gmail.com>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 73FA21B30B5 for <saag@ietfa.amsl.com>; Thu,  3 Sep 2015 16:34:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level: 
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9,  DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id A8mHarGVLI5N for <saag@ietfa.amsl.com>; Thu,  3 Sep 2015 16:34:46 -0700 (PDT)
Received: from mail-wi0-x242.google.com (mail-wi0-x242.google.com [IPv6:2a00:1450:400c:c05::242]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BB5FA1B306F for <saag@ietf.org>; Thu,  3 Sep 2015 16:34:45 -0700 (PDT)
Received: by wiku15 with SMTP id u15so211571wik.1 for <saag@ietf.org>; Thu, 03 Sep 2015 16:34:44 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;  h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=97I//xW2os7ISiWaXOGRGAtAdqvczD7vsekDCWkE4no=; b=1JzVFgLNz8Jp61uNSMlw85L7unYIFxAUTY7FkGLmM8+dovwUQCYZKH2UimfCs1HMJw iQO5l/veuDIDvTFwuEG2X7NQfUms13WaUT7Lsq/vWj9wrsNEpB4+rP/UYtNRuvpgjBEc ETCbkrEVfi6cgrv5lATIigod13rUdXCVaaVMpCG2cs8EToa+Uiw9ACoPxh9MECHY1knt 6wxJh9DNO+IqcALnSoH/SF8YG+A1PGfdXslE2mPB/4y7YlsFZC0xA5tudYpq9a9KgID9 b8Fjg86NxjPsLOX+uYctFJ+ekX2XlY7ibKOD7Zz2ulaSOXmP678RDiQKU1jhGVHZgzsA BP7w==
MIME-Version: 1.0
X-Received: by 10.180.106.34 with SMTP id gr2mr1488441wib.18.1441323284374; Thu, 03 Sep 2015 16:34:44 -0700 (PDT)
Received: by 10.28.132.11 with HTTP; Thu, 3 Sep 2015 16:34:44 -0700 (PDT)
In-Reply-To: <20150903221855.GF1541@localhost>
References: <55A938F1.9090404@cs.tcd.ie> <20150720044849.GY28047@mournblade.imrryr.org> <B866063D-C1A8-4286-83E1-9EBAE7994297@vigilsec.com> <20150902212858.GM9021@mournblade.imrryr.org> <20150903221855.GF1541@localhost>
Date: Thu, 3 Sep 2015 19:34:44 -0400
Message-ID: <CACsn0c=-orhpugxL9Cz8LHMbzzTetZRAq8bbTscXOqz4Et8Mmw@mail.gmail.com>
From: Watson Ladd <watsonbladd@gmail.com>
To: Nico Williams <nico@cryptonector.com>
Content-Type: text/plain; charset=UTF-8
Archived-At: <http://mailarchive.ietf.org/arch/msg/saag/DdUR0hWF9vnZ2ad7FVbc2gA7GyU>
Cc: "saag@ietf.org" <saag@ietf.org>
Subject: Re: [saag] AD review of draft-iab-crypto-alg-agility-06
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 03 Sep 2015 23:34:49 -0000

On Thu, Sep 3, 2015 at 6:18 PM, Nico Williams <nico@cryptonector.com> wrote:
> Viktor asks me what the take-away from section 2.5 should be.  IMO it is
> as follows.
>
> Applications (app devs) and users are not in a good position to evaluate
> cryptographic strength (and acceptability) of outcomes of protocol
> negotiations, therefore this should be moved to local policy.  Local
> policy includes defaults provided by implementors of security mechanisms
> (TLS, Kerberos, etcetera).

I don't understand what this means. Should the curl developers let
sysadmins or distributions configure ciphersuites, or use the default
in OpenSSL? Should OpenSSL express the flexibility it now does with
regards to configuration? If we want to say something about these
questions, it should be clear.

>
> This I-D, aiming to be a BCP, needs to outline a best practice as to
> policy.  That best practice, IMO, is to give application developers and
> users a very small control knob: a choice between named policies with
> simple semantics.  "Strong", "normal", "opportunistic", "maximally
> interoperable", "weak" -- these are both, good names and descriptions of
> possible policies to apply; they are also good descriptors of outcomes.

Why should we deploy weak crypto knowingly? We know that transitions
away take years, and tend to start late.

>
> Local policy should be expressible in some way, but it's OK if it's
> hardcoded in implementations, as long as there are choices like the ones
> I listed above, as those are the ones that applications and their users
> need to apply.
>
> It's OK -expected!- that the content of such policies will vary over
> time because the relative strengths of cryptographic algorithms and
> protocols vary over time as cryptanalysis improves.
>
> Another take-away here is that implementors of security mechanisms and
> frameworks really must provide interfaces by which to request a policy
> to apply.  I.e., SASL, GSS, and others need a way for the application to
> request a policy or check whether an outcome meets a given policy.  It's
> not really enough to tell users to edit N configuration files,
> especially if that makes it difficult to have more than one policy.
>
> Now, local policy is NOT really part of a protocol.  So, this guidance
> can't be for protocol designers.  It can be for framework API designers
> (e.g., for us in KITTEN WG).  It can be for implementors of protocols
> and frameworks.  That's OK, we can do that in a BCP.

Let's say I write protocol X. Protocol X uses TLS. I know a lot about
the domain that X deals with, but not the domain that TLS deals with.
Shouldn't this be enough to ensure security? And if it isn't, isn't
that a sign that we need a replacement that will be sufficient.

>
> Nico
> --
>
> _______________________________________________
> saag mailing list
> saag@ietf.org
> https://www.ietf.org/mailman/listinfo/saag



-- 
"Man is born free, but everywhere he is in chains".
--Rousseau.


From nobody Fri Sep  4 06:41:36 2015
Return-Path: <derek@ihtfp.com>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 591BD1B43B9 for <saag@ietfa.amsl.com>; Fri,  4 Sep 2015 06:41:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level: 
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9,  DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id imt7dRyyLtOd for <saag@ietfa.amsl.com>; Fri,  4 Sep 2015 06:41:33 -0700 (PDT)
Received: from mail2.ihtfp.org (mail2.ihtfp.org [IPv6:2001:4830:143:1::3a11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EB0391B4A67 for <saag@ietf.org>; Fri,  4 Sep 2015 06:41:32 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mail2.ihtfp.org (Postfix) with ESMTP id 884CEE2035; Fri,  4 Sep 2015 09:41:31 -0400 (EDT)
Received: from mail2.ihtfp.org ([127.0.0.1]) by localhost (mail2.ihtfp.org [127.0.0.1]) (amavisd-maia, port 10024) with ESMTP id 29724-06; Fri,  4 Sep 2015 09:41:28 -0400 (EDT)
Received: from securerf.ihtfp.org (unknown [IPv6:fe80::ea2a:eaff:fe7d:235]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mocana.ihtfp.org", Issuer "IHTFP Consulting Certification Authority" (verified OK)) by mail2.ihtfp.org (Postfix) with ESMTPS id CF956E2034; Fri,  4 Sep 2015 09:41:27 -0400 (EDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ihtfp.com; s=default; t=1441374087; bh=b4c/noM1IEHEFmF321nd3XBZgIXS51gFm28JTESL3/A=; h=From:To:Cc:Subject:References:Date:In-Reply-To; b=MM+pKH5uGR29Gr0eNXimB90n9PRPEKPpYnLcD7FT1szpyQ4uhxrHHKpOzys/t20xO drLjlwKS2UWmr3YK/iw9qTfEEbYX+AtSXt9WdY7toOH8BMjSbdBj5oNC8lERAlPwCV gf3AbGm9pfzV+0ODrBfYRRraPxRiQzTSNkEtK6CY=
Received: (from warlord@localhost) by securerf.ihtfp.org (8.14.8/8.14.8/Submit) id t84DfReL016345; Fri, 4 Sep 2015 09:41:27 -0400
From: Derek Atkins <derek@ihtfp.com>
To: Russ Housley <housley@vigilsec.com>
References: <55A938F1.9090404@cs.tcd.ie> <20150720044849.GY28047@mournblade.imrryr.org> <B866063D-C1A8-4286-83E1-9EBAE7994297@vigilsec.com> <55E83554.6010808@cisco.com> <62CBD9E2-2DB4-4D3D-93E5-ADEB0F3D3C12@vigilsec.com>
Date: Fri, 04 Sep 2015 09:41:27 -0400
In-Reply-To: <62CBD9E2-2DB4-4D3D-93E5-ADEB0F3D3C12@vigilsec.com> (Russ Housley's message of "Thu, 3 Sep 2015 16:30:44 -0400")
Message-ID: <sjmd1xy2tfc.fsf@securerf.ihtfp.org>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.3 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain
X-Virus-Scanned: Maia Mailguard 1.0.2a
Archived-At: <http://mailarchive.ietf.org/arch/msg/saag/nGCzinYJHvXkaa91ZBvX_EfcdRc>
Cc: saag@ietf.org
Subject: Re: [saag] AD review of draft-iab-crypto-alg-agility-06
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 04 Sep 2015 13:41:35 -0000

One spelling nit:

Russ Housley <housley@vigilsec.com> writes:

> I'm trying to address both comments with this proposal:
>
> 2.6.  Preserving Interoperability
>
>    Cryptographic algorithm deprecation is very difficult.  People do not
>    like to introduce interoperability problems, even to preserve
>    security.  As a result, flawed algorithms are supported for far too
>    long.  The impact of legacy software and long support tails on
>    security can be reduced by making it easy to transition from old
>    algorithms and suites to new ones.  Social pressure is often needed
>    to cause the transition to happen.
>
>    Implementers have been reluctant to remove deprecated algorithms or
>    suites from server software, and server administrators have been
>    reluctant to diable them over concerns that some party will no longer
--------------------^

This should be "disable", not "diable".

>    have the ability to connect to their server.  Implementers and
>    administrators want to improve security by using the best supported
>    algorithms, but their actions are tempered by the desire to preserve
>    connectivity.  Recently, some browser vendors have started to provide
>    visual warnings when a deprecated algorithm or suite is used.  These
>    visual warnings provide a new incentive to transition away from
>    deprecated algorithms and suites.
>
>    Transition in Internet infrastructure is particularly difficult.  The
>    digital signature on the certificate for an intermediate
>    certification authority (CA) [RFC5280] is often expected to last
>    decades, which hinders the transition away from a weak signature
>    algorithm or short key length.  Once a long-lived certificate is
>    issued with a particular signature algorithm, that algorithm will be
>    used by many relying parties, and none of them can stop supporting it
>    without invalidating all of the subordinate certificates.  In a
>    hierarchical system, many subordinate certificates could be impacted
>    by the decision to drop support for a weak signature algorithm or an
>    associated hash function.
>
>    Institutions, being large or dominant users within a large user base,
>    can assist by coordinating the demise of an algorithm suite, making
>    the transition easier for their own users as well as others.
>
> Russ

-derek

> saag mailing list
> saag@ietf.org
> https://www.ietf.org/mailman/listinfo/saag
>
>

-- 
       Derek Atkins                 617-623-3745
       derek@ihtfp.com             www.ihtfp.com
       Computer and Internet Security Consultant


From nobody Sat Sep  5 07:23:38 2015
Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 77BED1B49E2; Sat,  5 Sep 2015 07:23:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.311
X-Spam-Level: 
X-Spam-Status: No, score=-4.311 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id A8iJ3lKP9yTL; Sat,  5 Sep 2015 07:23:35 -0700 (PDT)
Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2D6311B474B; Sat,  5 Sep 2015 07:23:35 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id 1A5CEBE32; Sat,  5 Sep 2015 15:23:33 +0100 (IST)
X-Virus-Scanned: Debian amavisd-new at scss.tcd.ie
Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UnasG8XDktBC; Sat,  5 Sep 2015 15:23:30 +0100 (IST)
Received: from [10.87.48.73] (unknown [86.42.21.56]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id 73551BDF9; Sat,  5 Sep 2015 15:23:30 +0100 (IST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cs.tcd.ie; s=mail; t=1441463010; bh=J4EbKohn3CqLQ2cN2qYfuF+w1HdSBlAkiCrv1aIgz/4=; h=Subject:To:References:From:Date:In-Reply-To:From; b=XGBBQEcZtvSzBwzm0J5kUGjskA1EWV3Fhn88AWKq92cembZ9cTT2S3GFU0kjA2jV8 hbDufHqbyDGPsX2hdJnv762ame6jE7cUW7se5X52vtn+CGub+I95WuHjzGG7Toh8UV ctkpOBjjQtoYcxO8U9jbvOKLBL4SJ1RiZmXOaFEU=
To: Sean Leonard <dev+ietf@seantek.com>, pkix@ietf.org, saag@ietf.org
References: <20141113051500.12824.67140.idtracker@ietfa.amsl.com> <8FF19ABF-17F7-4A83-ABF9-DF84C93528A8@seantek.com>
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Openpgp: id=D66EA7906F0B897FB2E97D582F3C8736805F8DA2; url=
Message-ID: <55EAFAE2.9040107@cs.tcd.ie>
Date: Sat, 5 Sep 2015 15:23:30 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.2.0
MIME-Version: 1.0
In-Reply-To: <8FF19ABF-17F7-4A83-ABF9-DF84C93528A8@seantek.com>
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/saag/upZPs-VrxXibi027YOL2nNSTRfY>
Subject: Re: [saag] [pkix] (it updates RFC 2585) New Version Notification for draft-seantek-certfrag-02.txt
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 05 Sep 2015 14:23:37 -0000

Hi,

Sean has asked me if I'd be ok with AD sponsoring this one. While it
seems reasonable as a thing one might want to do, I haven't seen that
it is something anyone else wants to use so I'm not convinced for now.

If you would use this or especially if you would implement this, please
speak up now. If you think doing this is a bad plan, now is also a
fine time to speak up.

My plan is to decide in a couple of weeks (Sep 19th). The default if we
get silence is that I'd not be sponsoring this one. If the response is
that a bunch of folks would use or implement, I'd be fine with AD
sponsoring it.

Thanks,
S.

On 13/11/14 05:23, Sean Leonard wrote:
> draft-seantek-certfrag-02 has been posted.
> 
> Among other nits, I think that this draft needs to be Standards Track with IETF Consensus because it updates RFC 2585, which is Standards Track, and application/pkix-cert and application/pkix-crl are in the standards tree [RFC 6838].
> 
> (Thanks Sean T.)
> 
> Sean
> 
> Begin forwarded message:
> 
>> From: internet-drafts@ietf.org
>> Subject: New Version Notification for draft-seantek-certfrag-02.txt
>> Date: November 12, 2014 at 7:15:00 PM HST
> 
> A new version of I-D, draft-seantek-certfrag-02.txt
> has been successfully submitted by Sean Leonard and posted to the
> IETF repository.
> 
> Name:		draft-seantek-certfrag
> Revision:	02
> Title:		URI Fragment Identifiers for the application/pkix-cert Media Type
> Document date:	2014-11-12
> Group:		Individual Submission
> Pages:		4
> URL:            http://www.ietf.org/internet-drafts/draft-seantek-certfrag-02.txt
> Status:         https://datatracker.ietf.org/doc/draft-seantek-certfrag/
> Htmlized:       http://tools.ietf.org/html/draft-seantek-certfrag-02
> Diff:           http://www.ietf.org/rfcdiff?url2=draft-seantek-certfrag-02
> 
> Abstract:
>   This memo describes Uniform Resource Identifier (URI) fragment
>   identifiers for PKIX certificates, which are identified with the
>   Internet media type application/pkix-cert.
> 
> 
> The IETF Secretariat
> 
> 
> 
> _______________________________________________
> pkix mailing list
> pkix@ietf.org
> https://www.ietf.org/mailman/listinfo/pkix
> 


From nobody Mon Sep  7 14:06:34 2015
Return-Path: <housley@vigilsec.com>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A43E71B5374 for <saag@ietfa.amsl.com>; Mon,  7 Sep 2015 14:06:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -101.9
X-Spam-Level: 
X-Spam-Status: No, score=-101.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, USER_IN_WHITELIST=-100] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id x9rdL0D7Oicb for <saag@ietfa.amsl.com>; Mon,  7 Sep 2015 14:06:32 -0700 (PDT)
Received: from odin.smetech.net (x-bolt-wan.smeinc.net [209.135.219.146]) by ietfa.amsl.com (Postfix) with ESMTP id D5A6F1B4DC8 for <saag@ietf.org>; Mon,  7 Sep 2015 14:06:31 -0700 (PDT)
Received: from localhost (unknown [209.135.209.5]) by odin.smetech.net (Postfix) with ESMTP id 159F1F24192; Mon,  7 Sep 2015 17:06:22 -0400 (EDT)
X-Virus-Scanned: amavisd-new at smetech.net
Received: from odin.smetech.net ([209.135.209.4]) by localhost (ronin.smeinc.net [209.135.209.5]) (amavisd-new, port 10024) with ESMTP id Z2hb4n4ibYLf; Mon,  7 Sep 2015 17:05:04 -0400 (EDT)
Received: from [192.168.2.100] (pool-108-51-128-219.washdc.fios.verizon.net [108.51.128.219]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by odin.smetech.net (Postfix) with ESMTP id 312A4F2415F; Mon,  7 Sep 2015 17:06:01 -0400 (EDT)
Mime-Version: 1.0 (Apple Message framework v1085)
Content-Type: text/plain; charset=us-ascii
From: Russ Housley <housley@vigilsec.com>
In-Reply-To: <sjmd1xy2tfc.fsf@securerf.ihtfp.org>
Date: Mon, 7 Sep 2015 17:05:49 -0400
Content-Transfer-Encoding: 7bit
Message-Id: <C76669F5-A021-4909-B681-F2865E3C3F17@vigilsec.com>
References: <55A938F1.9090404@cs.tcd.ie> <20150720044849.GY28047@mournblade.imrryr.org> <B866063D-C1A8-4286-83E1-9EBAE7994297@vigilsec.com> <55E83554.6010808@cisco.com> <62CBD9E2-2DB4-4D3D-93E5-ADEB0F3D3C12@vigilsec.com> <sjmd1xy2tfc.fsf@securerf.ihtfp.org>
To: Derek Atkins <derek@ihtfp.com>
X-Mailer: Apple Mail (2.1085)
Archived-At: <http://mailarchive.ietf.org/arch/msg/saag/fLwjajulVeGPNsuSB8wIVBO8Sb4>
Cc: saag@ietf.org
Subject: Re: [saag] AD review of draft-iab-crypto-alg-agility-06
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 07 Sep 2015 21:06:33 -0000

Fixed.  Thanks.


On Sep 4, 2015, at 9:41 AM, Derek Atkins wrote:

> One spelling nit:
> 
> Russ Housley <housley@vigilsec.com> writes:
> 
>> I'm trying to address both comments with this proposal:
>> 
>> 2.6.  Preserving Interoperability
>> 
>>   Cryptographic algorithm deprecation is very difficult.  People do not
>>   like to introduce interoperability problems, even to preserve
>>   security.  As a result, flawed algorithms are supported for far too
>>   long.  The impact of legacy software and long support tails on
>>   security can be reduced by making it easy to transition from old
>>   algorithms and suites to new ones.  Social pressure is often needed
>>   to cause the transition to happen.
>> 
>>   Implementers have been reluctant to remove deprecated algorithms or
>>   suites from server software, and server administrators have been
>>   reluctant to diable them over concerns that some party will no longer
> --------------------^
> 
> This should be "disable", not "diable".
> 
>>   have the ability to connect to their server.  Implementers and
>>   administrators want to improve security by using the best supported
>>   algorithms, but their actions are tempered by the desire to preserve
>>   connectivity.  Recently, some browser vendors have started to provide
>>   visual warnings when a deprecated algorithm or suite is used.  These
>>   visual warnings provide a new incentive to transition away from
>>   deprecated algorithms and suites.
>> 
>>   Transition in Internet infrastructure is particularly difficult.  The
>>   digital signature on the certificate for an intermediate
>>   certification authority (CA) [RFC5280] is often expected to last
>>   decades, which hinders the transition away from a weak signature
>>   algorithm or short key length.  Once a long-lived certificate is
>>   issued with a particular signature algorithm, that algorithm will be
>>   used by many relying parties, and none of them can stop supporting it
>>   without invalidating all of the subordinate certificates.  In a
>>   hierarchical system, many subordinate certificates could be impacted
>>   by the decision to drop support for a weak signature algorithm or an
>>   associated hash function.
>> 
>>   Institutions, being large or dominant users within a large user base,
>>   can assist by coordinating the demise of an algorithm suite, making
>>   the transition easier for their own users as well as others.
>> 
>> Russ
> 
> -derek
> 
>> saag mailing list
>> saag@ietf.org
>> https://www.ietf.org/mailman/listinfo/saag
>> 
>> 
> 
> -- 
>       Derek Atkins                 617-623-3745
>       derek@ihtfp.com             www.ihtfp.com
>       Computer and Internet Security Consultant


From nobody Mon Sep  7 14:22:57 2015
Return-Path: <housley@vigilsec.com>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1C7B51A8833 for <saag@ietfa.amsl.com>; Mon,  7 Sep 2015 14:22:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -101.9
X-Spam-Level: 
X-Spam-Status: No, score=-101.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, USER_IN_WHITELIST=-100] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lJYgNnvFV4wR for <saag@ietfa.amsl.com>; Mon,  7 Sep 2015 14:22:55 -0700 (PDT)
Received: from odin.smetech.net (x-bolt-wan.smeinc.net [209.135.219.146]) by ietfa.amsl.com (Postfix) with ESMTP id 066321A898C for <saag@ietf.org>; Mon,  7 Sep 2015 14:22:55 -0700 (PDT)
Received: from localhost (unknown [209.135.209.5]) by odin.smetech.net (Postfix) with ESMTP id 69F89F24177; Mon,  7 Sep 2015 17:22:44 -0400 (EDT)
X-Virus-Scanned: amavisd-new at smetech.net
Received: from odin.smetech.net ([209.135.209.4]) by localhost (ronin.smeinc.net [209.135.209.5]) (amavisd-new, port 10024) with ESMTP id j-dFtlmFpYWd; Mon,  7 Sep 2015 17:21:27 -0400 (EDT)
Received: from [192.168.2.100] (pool-108-51-128-219.washdc.fios.verizon.net [108.51.128.219]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by odin.smetech.net (Postfix) with ESMTP id B05C2F24143; Mon,  7 Sep 2015 17:22:23 -0400 (EDT)
Mime-Version: 1.0 (Apple Message framework v1085)
Content-Type: text/plain; charset=us-ascii
From: Russ Housley <housley@vigilsec.com>
In-Reply-To: <20150903214809.GE1541@localhost>
Date: Mon, 7 Sep 2015 17:22:12 -0400
Content-Transfer-Encoding: quoted-printable
Message-Id: <CB751DCD-7A3D-4834-8287-FD3F8163492A@vigilsec.com>
References: <55A938F1.9090404@cs.tcd.ie> <20150720044849.GY28047@mournblade.imrryr.org> <B866063D-C1A8-4286-83E1-9EBAE7994297@vigilsec.com> <20150902212858.GM9021@mournblade.imrryr.org> <20150903214809.GE1541@localhost>
To: Nico Williams <nico@cryptonector.com>, Viktor Dukhovni <ietf-dane@dukhovni.org>
X-Mailer: Apple Mail (2.1085)
Archived-At: <http://mailarchive.ietf.org/arch/msg/saag/KoWGpqZbAS8V6T2XBSEeNynktpc>
Cc: saag@ietf.org
Subject: Re: [saag] AD review of draft-iab-crypto-alg-agility-06
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 07 Sep 2015 21:22:56 -0000

Nico and Viktor:

Late last week, you each made comments on Section 2.5.  I have tried to =
address them.  The text in my edit buffer is:

2.5.  Cryptographic Key Establishment

   Traditionally, protocol designers have avoided more than one approach
   to exchanges that establish cryptographic keys because it makes the
   security analysis of the overall protocol more difficult.  When
   frameworks such as EAP [RFC3748] and SASL [RFC4422] are employed, key
   establishment is very flexible, often hiding many of the details from
   the application.  This results in protocols that support multiple key
   establishment approaches.  In fact, the key establishment approach
   itself is negotiable, which creates a design challenge to protect the
   negotiation of the key establishment approach before it is used to
   produce cryptographic keys.

   Protocols can negotiate a key establishment approach, derive an
   initial cryptographic key, and then authenticate the negotiation.
   However, if the authentication fails, the only recourse is to start
   the negotiation over from the beginning.

   Some environments will restrict the key establishment approaches by
   policy.  Such policies tend to improve interoperability within a
   particular environment, but they cause problems for individuals that
   need to work in multiple incompatible environments.

I hope the change in terminology helps.  Let me know.

Russ


From nobody Mon Sep  7 14:30:51 2015
Return-Path: <housley@vigilsec.com>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EE0861B3A2A; Mon,  7 Sep 2015 14:30:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -101.9
X-Spam-Level: 
X-Spam-Status: No, score=-101.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, USER_IN_WHITELIST=-100] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7uWRvEaCytCC; Mon,  7 Sep 2015 14:30:46 -0700 (PDT)
Received: from odin.smetech.net (x-bolt-wan.smeinc.net [209.135.219.146]) by ietfa.amsl.com (Postfix) with ESMTP id CDFB61B3A9C; Mon,  7 Sep 2015 14:30:46 -0700 (PDT)
Received: from localhost (unknown [209.135.209.5]) by odin.smetech.net (Postfix) with ESMTP id 6AB68F24177; Mon,  7 Sep 2015 17:30:36 -0400 (EDT)
X-Virus-Scanned: amavisd-new at smetech.net
Received: from odin.smetech.net ([209.135.209.4]) by localhost (ronin.smeinc.net [209.135.209.5]) (amavisd-new, port 10024) with ESMTP id s7UgwTxSUMq9; Mon,  7 Sep 2015 17:29:19 -0400 (EDT)
Received: from [192.168.2.100] (pool-108-51-128-219.washdc.fios.verizon.net [108.51.128.219]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by odin.smetech.net (Postfix) with ESMTP id C9EA2F24143; Mon,  7 Sep 2015 17:30:15 -0400 (EDT)
Mime-Version: 1.0 (Apple Message framework v1085)
Content-Type: text/plain; charset=us-ascii
From: Russ Housley <housley@vigilsec.com>
In-Reply-To: <20150907212439.10003.55193.idtracker@ietfa.amsl.com>
Date: Mon, 7 Sep 2015 17:30:04 -0400
Content-Transfer-Encoding: quoted-printable
Message-Id: <13C69D8A-F2A7-429F-A2B6-93B7344192D2@vigilsec.com>
References: <20150907212439.10003.55193.idtracker@ietfa.amsl.com>
To: IETF SAAG <saag@ietf.org>
X-Mailer: Apple Mail (2.1085)
Archived-At: <http://mailarchive.ietf.org/arch/msg/saag/q5-PWLlOF1Jxy_cHPgUvsGGD1so>
Cc: IESG IESG <iesg@ietf.org>
Subject: [saag] draft-iab-crypto-alg-agility-08
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 07 Sep 2015 21:30:48 -0000

https://www.ietf.org/id/draft-iab-crypto-alg-agility-08.txt

I have tried to address all of the comments from the SAAG mail list and =
all of the comments from the IESG Evaluation (both the DISCUSS positions =
and the NO OBJECTION with COMMENT positions).  Please review -08.

Russ


From nobody Mon Sep  7 14:41:33 2015
Return-Path: <ietf-dane@dukhovni.org>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 91B491B4D06 for <saag@ietfa.amsl.com>; Mon,  7 Sep 2015 14:41:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.2
X-Spam-Level: 
X-Spam-Status: No, score=-1.2 tagged_above=-999 required=5 tests=[BAYES_05=-0.5, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wV4lpj4gty0X for <saag@ietfa.amsl.com>; Mon,  7 Sep 2015 14:41:30 -0700 (PDT)
Received: from mournblade.imrryr.org (mournblade.imrryr.org [38.117.134.19]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 09DC11B3F66 for <saag@ietf.org>; Mon,  7 Sep 2015 14:41:30 -0700 (PDT)
Received: by mournblade.imrryr.org (Postfix, from userid 1034) id EADFA283048; Mon,  7 Sep 2015 21:41:28 +0000 (UTC)
Date: Mon, 7 Sep 2015 21:41:28 +0000
From: Viktor Dukhovni <ietf-dane@dukhovni.org>
To: saag@ietf.org
Message-ID: <20150907214128.GZ21942@mournblade.imrryr.org>
References: <55A938F1.9090404@cs.tcd.ie> <20150720044849.GY28047@mournblade.imrryr.org> <B866063D-C1A8-4286-83E1-9EBAE7994297@vigilsec.com> <20150902212858.GM9021@mournblade.imrryr.org> <20150903214809.GE1541@localhost> <CB751DCD-7A3D-4834-8287-FD3F8163492A@vigilsec.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <CB751DCD-7A3D-4834-8287-FD3F8163492A@vigilsec.com>
User-Agent: Mutt/1.5.24 (2015-08-30)
Archived-At: <http://mailarchive.ietf.org/arch/msg/saag/afUL3WrKov-t7tY2-_PIscJcvi8>
Subject: Re: [saag] AD review of draft-iab-crypto-alg-agility-06
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: saag@ietf.org
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 07 Sep 2015 21:41:31 -0000

On Mon, Sep 07, 2015 at 05:22:12PM -0400, Russ Housley wrote:

> 2.5.  Cryptographic Key Establishment
> 
>    Traditionally, protocol designers have avoided more than one approach
>    to exchanges that establish cryptographic keys because it makes the
>    security analysis of the overall protocol more difficult.  When
>    frameworks such as EAP [RFC3748] and SASL [RFC4422] are employed, key
>    establishment is very flexible, often hiding many of the details from
>    the application.  This results in protocols that support multiple key
>    establishment approaches.  In fact, the key establishment approach
>    itself is negotiable, which creates a design challenge to protect the
>    negotiation of the key establishment approach before it is used to
>    produce cryptographic keys.
> 
>    Protocols can negotiate a key establishment approach, derive an
>    initial cryptographic key, and then authenticate the negotiation.
>    However, if the authentication fails, the only recourse is to start
>    the negotiation over from the beginning.
> 
>    Some environments will restrict the key establishment approaches by
>    policy.  Such policies tend to improve interoperability within a
>    particular environment, but they cause problems for individuals that
>    need to work in multiple incompatible environments.
> 
> I hope the change in terminology helps.  Let me know.

The subject under discussion is now much more clear, this is I
think progress, thanks!  

The text might still use a bit more polish.  More importantly
though, is there an intended best-practice recommendation here?
Or if not, what is the intended purpose of this section?

-- 
	Viktor.


From nobody Mon Sep  7 14:50:02 2015
Return-Path: <housley@vigilsec.com>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2DBA11B58E2 for <saag@ietfa.amsl.com>; Mon,  7 Sep 2015 14:50:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -101.9
X-Spam-Level: 
X-Spam-Status: No, score=-101.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, USER_IN_WHITELIST=-100] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id znwVogOCGWp0 for <saag@ietfa.amsl.com>; Mon,  7 Sep 2015 14:50:00 -0700 (PDT)
Received: from odin.smetech.net (x-bolt-wan.smeinc.net [209.135.219.146]) by ietfa.amsl.com (Postfix) with ESMTP id EE3131B5A4F for <saag@ietf.org>; Mon,  7 Sep 2015 14:49:59 -0700 (PDT)
Received: from localhost (unknown [209.135.209.5]) by odin.smetech.net (Postfix) with ESMTP id 9E6A9F2417D for <saag@ietf.org>; Mon,  7 Sep 2015 17:49:49 -0400 (EDT)
X-Virus-Scanned: amavisd-new at smetech.net
Received: from odin.smetech.net ([209.135.209.4]) by localhost (ronin.smeinc.net [209.135.209.5]) (amavisd-new, port 10024) with ESMTP id 3rUsEQ6tFPHI for <saag@ietf.org>; Mon,  7 Sep 2015 17:48:32 -0400 (EDT)
Received: from [192.168.2.100] (pool-108-51-128-219.washdc.fios.verizon.net [108.51.128.219]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by odin.smetech.net (Postfix) with ESMTP id B5DB7F24143 for <saag@ietf.org>; Mon,  7 Sep 2015 17:49:28 -0400 (EDT)
Content-Type: text/plain; charset=us-ascii
Mime-Version: 1.0 (Apple Message framework v1085)
From: Russ Housley <housley@vigilsec.com>
In-Reply-To: <20150907214128.GZ21942@mournblade.imrryr.org>
Date: Mon, 7 Sep 2015 17:49:17 -0400
Content-Transfer-Encoding: quoted-printable
Message-Id: <8AA72C31-9BBE-4D7B-A62A-F705C19A2F33@vigilsec.com>
References: <55A938F1.9090404@cs.tcd.ie> <20150720044849.GY28047@mournblade.imrryr.org> <B866063D-C1A8-4286-83E1-9EBAE7994297@vigilsec.com> <20150902212858.GM9021@mournblade.imrryr.org> <20150903214809.GE1541@localhost> <CB751DCD-7A3D-4834-8287-FD3F8163492A@vigilsec.com> <20150907214128.GZ21942@mournblade.imrryr.org>
To: saag@ietf.org
X-Mailer: Apple Mail (2.1085)
Archived-At: <http://mailarchive.ietf.org/arch/msg/saag/sNYvOcmWijDe8kqbUvPEHbs8pyY>
Subject: Re: [saag] AD review of draft-iab-crypto-alg-agility-06
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 07 Sep 2015 21:50:01 -0000

On Sep 7, 2015, at 5:41 PM, Viktor Dukhovni wrote:

> On Mon, Sep 07, 2015 at 05:22:12PM -0400, Russ Housley wrote:
>=20
>> 2.5.  Cryptographic Key Establishment
>>=20
>>   Traditionally, protocol designers have avoided more than one =
approach
>>   to exchanges that establish cryptographic keys because it makes the
>>   security analysis of the overall protocol more difficult.  When
>>   frameworks such as EAP [RFC3748] and SASL [RFC4422] are employed, =
key
>>   establishment is very flexible, often hiding many of the details =
from
>>   the application.  This results in protocols that support multiple =
key
>>   establishment approaches.  In fact, the key establishment approach
>>   itself is negotiable, which creates a design challenge to protect =
the
>>   negotiation of the key establishment approach before it is used to
>>   produce cryptographic keys.
>>=20
>>   Protocols can negotiate a key establishment approach, derive an
>>   initial cryptographic key, and then authenticate the negotiation.
>>   However, if the authentication fails, the only recourse is to start
>>   the negotiation over from the beginning.
>>=20
>>   Some environments will restrict the key establishment approaches by
>>   policy.  Such policies tend to improve interoperability within a
>>   particular environment, but they cause problems for individuals =
that
>>   need to work in multiple incompatible environments.
>>=20
>> I hope the change in terminology helps.  Let me know.
>=20
> The subject under discussion is now much more clear, this is I
> think progress, thanks! =20
>=20
> The text might still use a bit more polish.  More importantly
> though, is there an intended best-practice recommendation here?
> Or if not, what is the intended purpose of this section?

My intent is to give a heads up.  If there are too many layers, the =
application may not be able to do anything other than start the =
negotiation again.

Russ


From nobody Tue Sep  8 11:33:25 2015
Return-Path: <paul@marvell.com>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E27A81A6FF8; Tue,  8 Sep 2015 11:33:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.267
X-Spam-Level: 
X-Spam-Status: No, score=-2.267 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, IP_NOT_FRIENDLY=0.334, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Sj5p-uICgZtn; Tue,  8 Sep 2015 11:33:19 -0700 (PDT)
Received: from mx0a-0016f401.pphosted.com (mx0a-0016f401.pphosted.com [67.231.148.174]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DB7FE1A7113; Tue,  8 Sep 2015 11:33:19 -0700 (PDT)
Received: from pps.filterd (m0045849.ppops.net [127.0.0.1]) by mx0a-0016f401.pphosted.com (8.15.0.59/8.15.0.59) with SMTP id t88IPAvT029603; Tue, 8 Sep 2015 11:33:00 -0700
Received: from sc-exch03.marvell.com ([199.233.58.183]) by mx0a-0016f401.pphosted.com with ESMTP id 1wqwrk0vtv-2 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-SHA bits=256 verify=NOT); Tue, 08 Sep 2015 11:33:00 -0700
Received: from SC-EXCH03.marvell.com (10.93.176.83) by SC-EXCH03.marvell.com (10.93.176.83) with Microsoft SMTP Server (TLS) id 15.0.1044.25; Tue, 8 Sep 2015 11:32:59 -0700
Received: from SC-EXCH03.marvell.com ([fe80::6cb0:4dfa:f3f3:b8b6]) by SC-EXCH03.marvell.com ([fe80::6cb0:4dfa:f3f3:b8b6%21]) with mapi id 15.00.1044.021; Tue, 8 Sep 2015 11:32:59 -0700
From: Paul Lambert <paul@marvell.com>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>, Sean Leonard <dev+ietf@seantek.com>, "pkix@ietf.org" <pkix@ietf.org>, "saag@ietf.org" <saag@ietf.org>
Thread-Topic: [saag] [pkix] (it updates RFC 2585) New Version Notification for draft-seantek-certfrag-02.txt
Thread-Index: AQHQ5+aJJoI9xQUJuE+O4MuCRoB4eJ4y+cQA
Date: Tue, 8 Sep 2015 18:32:59 +0000
Message-ID: <D2147567.77C32%paul@marvell.com>
References: <20141113051500.12824.67140.idtracker@ietfa.amsl.com> <8FF19ABF-17F7-4A83-ABF9-DF84C93528A8@seantek.com> <55EAFAE2.9040107@cs.tcd.ie>
In-Reply-To: <55EAFAE2.9040107@cs.tcd.ie>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
user-agent: Microsoft-MacOutlook/14.5.3.150624
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [10.94.250.30]
Content-Type: text/plain; charset="iso-8859-1"
Content-ID: <1430FAA412BE884E81DB4D16342902EF@marvell.com>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:, , definitions=2015-09-08_09:, , signatures=0
X-Proofpoint-Spam-Details: rule=inbound_notspam policy=inbound score=0 kscore.is_bulkscore=0 kscore.compositescore=1 compositescore=0.9 suspectscore=0 malwarescore=0 phishscore=0 bulkscore=0 kscore.is_spamscore=0 rbsscore=0.9 spamscore=0 urlsuspectscore=0.9 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1507310000 definitions=main-1509080257
Archived-At: <http://mailarchive.ietf.org/arch/msg/saag/41SLGlsj3iJ5yVGJpiAf8zehbMU>
Subject: Re: [saag] [pkix] (it updates RFC 2585) New Version Notification for draft-seantek-certfrag-02.txt
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 08 Sep 2015 18:33:23 -0000

>Sean has asked me if I'd be ok with AD sponsoring this one. While it
>seems reasonable as a thing one might want to do, I haven't seen that
>it is something anyone else wants to use so I'm not convinced for now.

The application and semantics of this RFC is unclear.  The only text
describing a use case is:
	"For example, a user agent may wish to draw
	attention to the "notAfter" time for an
	expired certificate.=B2


This seems broken in that the semantics of any one field needs to include
a notion of the validity of the certificate.

	"A URI that identifies a certificate will likely be used by an
	application or user for some security-related service, such as to
	retrieve the certificate as part of a validation procedure.  When a
	fragment identifies a part of a certificate, the application will
	define the behavioral semantics. "

>
>If you would use this or especially if you would implement this, please
>speak up now. If you think doing this is a bad plan, now is also a
>fine time to speak up.
>
>My plan is to decide in a couple of weeks (Sep 19th). The default if we
>get silence is that I'd not be sponsoring this one. If the response is
>that a bunch of folks would use or implement,

>=20
Not interested and usage appears to be potentially problematic.

Paul

>I'd be fine with AD
>sponsoring it.
>
>Thanks,
>S.
>
>On 13/11/14 05:23, Sean Leonard wrote:
>> draft-seantek-certfrag-02 has been posted.
>>=20
>> Among other nits, I think that this draft needs to be Standards Track
>>with IETF Consensus because it updates RFC 2585, which is Standards
>>Track, and application/pkix-cert and application/pkix-crl are in the
>>standards tree [RFC 6838].
>>=20
>> (Thanks Sean T.)
>>=20
>> Sean
>>=20
>> Begin forwarded message:
>>=20
>>> From: internet-drafts@ietf.org
>>> Subject: New Version Notification for draft-seantek-certfrag-02.txt
>>> Date: November 12, 2014 at 7:15:00 PM HST
>>=20
>> A new version of I-D, draft-seantek-certfrag-02.txt
>> has been successfully submitted by Sean Leonard and posted to the
>> IETF repository.
>>=20
>> Name:		draft-seantek-certfrag
>> Revision:	02
>> Title:		URI Fragment Identifiers for the application/pkix-cert Media
>>Type
>> Document date:	2014-11-12
>> Group:		Individual Submission
>> Pages:		4
>> URL:           =20
>>http://www.ietf.org/internet-drafts/draft-seantek-certfrag-02.txt
>> Status:         https://datatracker.ietf.org/doc/draft-seantek-certfrag/
>> Htmlized:       http://tools.ietf.org/html/draft-seantek-certfrag-02
>> Diff:          =20
>>http://www.ietf.org/rfcdiff?url2=3Ddraft-seantek-certfrag-02
>>=20
>> Abstract:
>>   This memo describes Uniform Resource Identifier (URI) fragment
>>   identifiers for PKIX certificates, which are identified with the
>>   Internet media type application/pkix-cert.
>>=20
>>=20
>> The IETF Secretariat
>>=20
>>=20
>>=20
>> _______________________________________________
>> pkix mailing list
>> pkix@ietf.org
>> https://www.ietf.org/mailman/listinfo/pkix
>>=20
>
>_______________________________________________
>saag mailing list
>saag@ietf.org
>https://www.ietf.org/mailman/listinfo/saag


From nobody Wed Sep  9 15:34:29 2015
Return-Path: <dev+ietf@seantek.com>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 991D41B3570; Wed,  9 Sep 2015 15:34:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.601
X-Spam-Level: 
X-Spam-Status: No, score=-2.601 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id puAi4V5f_Vit; Wed,  9 Sep 2015 15:34:26 -0700 (PDT)
Received: from mxout-08.mxes.net (mxout-08.mxes.net [216.86.168.183]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1ACE31B35C4; Wed,  9 Sep 2015 15:34:26 -0700 (PDT)
Received: from smize.t-mobile.com (unknown [162.248.119.213]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by smtp.mxes.net (Postfix) with ESMTPSA id 9B69F509BB; Wed,  9 Sep 2015 18:34:23 -0400 (EDT)
Content-Type: multipart/signed; boundary="Apple-Mail=_94E96916-09B6-4E6C-81C0-2DB42CD2DB32"; protocol="application/pkcs7-signature"; micalg=sha1
Mime-Version: 1.0 (Mac OS X Mail 7.3 \(1878.6\))
From: Sean Leonard <dev+ietf@seantek.com>
In-Reply-To: <D2147567.77C32%paul@marvell.com>
Date: Wed, 9 Sep 2015 15:33:47 -0700
Message-Id: <860D66D4-6D96-4BAA-9869-ED5091CB4DB3@seantek.com>
References: <20141113051500.12824.67140.idtracker@ietfa.amsl.com> <8FF19ABF-17F7-4A83-ABF9-DF84C93528A8@seantek.com> <55EAFAE2.9040107@cs.tcd.ie> <D2147567.77C32%paul@marvell.com>
To: Paul Lambert <paul@marvell.com>
X-Mailer: Apple Mail (2.1878.6)
Archived-At: <http://mailarchive.ietf.org/arch/msg/saag/ShvrkYGAY7mQJ3tRpSyOL7BD6Ck>
Cc: "pkix@ietf.org" <pkix@ietf.org>, "saag@ietf.org" <saag@ietf.org>
Subject: Re: [saag] [pkix] (it updates RFC 2585) New Version Notification for draft-seantek-certfrag-02.txt
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 09 Sep 2015 22:34:27 -0000

--Apple-Mail=_94E96916-09B6-4E6C-81C0-2DB42CD2DB32
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
	charset=windows-1252

Hello:

On Sep 8, 2015, at 11:32 AM, Paul Lambert <paul@marvell.com> wrote:

>=20
>=20
>=20
>> Sean has asked me if I'd be ok with AD sponsoring this one. While it
>> seems reasonable as a thing one might want to do, I haven't seen that
>> it is something anyone else wants to use so I'm not convinced for =
now.
>=20
> The application and semantics of this RFC is unclear.  The only text
> describing a use case is:
> 	"For example, a user agent may wish to draw
> 	attention to the "notAfter" time for an
> 	expired certificate.=B2
>=20
>=20
> This seems broken in that the semantics of any one field needs to =
include
> a notion of the validity of the certificate.

Not really, or at least, that was not the intent. notAfter is just a =
field in the certificate. The purpose of the example was to motivate a =
use case, namely, if the certificate is expired in some validation =
context, the user agent can generate a URI like:

view-source://internal/checkcert?cert=3Dfoo#na

so that the modular certificate viewing component can highlight that =
particular data field.

An equally potent example could be given if the certificate is valid, to =
highlight when the certificate expires. Yet another example could be =
given is nobody has done a validation check; the user agent just wants =
to point out the notAfter time.

To reduce confusion, I can change that sentence to:
=93For example, a user agent may wish to draw attention to the =
"notAfter" field of a certificate.=94

-Sean


--Apple-Mail=_94E96916-09B6-4E6C-81C0-2DB42CD2DB32
Content-Disposition: attachment;
	filename=smime.p7s
Content-Type: application/pkcs7-signature;
	name=smime.p7s
Content-Transfer-Encoding: base64

MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIJ9jCCBK8w
ggOXoAMCAQICEQDgI8sVEoNTia1hbnpUZ2shMA0GCSqGSIb3DQEBCwUAMG8xCzAJBgNVBAYTAlNF
MRQwEgYDVQQKEwtBZGRUcnVzdCBBQjEmMCQGA1UECxMdQWRkVHJ1c3QgRXh0ZXJuYWwgVFRQIE5l
dHdvcmsxIjAgBgNVBAMTGUFkZFRydXN0IEV4dGVybmFsIENBIFJvb3QwHhcNMTQxMjIyMDAwMDAw
WhcNMjAwNTMwMTA0ODM4WjCBmzELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hl
c3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxQTA/BgNV
BAMTOENPTU9ETyBTSEEtMjU2IENsaWVudCBBdXRoZW50aWNhdGlvbiBhbmQgU2VjdXJlIEVtYWls
IENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAibEN2npTGU5wUh28VqYGJre4SeCW
51Gr8fBaE0kVo7SMG2C8elFCp3mMpCLfF2FOkdV2IwoU00oCf7YdCYBupQQ92bq7Fv6hh6kuQ1JD
FnyvMlDIpk9a6QjYz5MlnHuI6DBk5qT4VoD9KiQUMxeZrETlaYujRgZLwjPU6UCfBrCxrJNAubUI
kzqcKlOjENs9IGE8VQOO2U52JQIhKfqjfHF2T+7hX4Hp+1SA28N7NVK3hN4iPSwwLTF/Wb1SN7Az
aS1D6/rWpfGXd2dRjNnuJ+u8pQc4doykqTj/34z1A6xJvsr3c5k6DzKrnJU6Ez0ORjpXdGFQvsZA
P8vk4p+iIQIDAQABo4IBFzCCARMwHwYDVR0jBBgwFoAUrb2YejS0Jvf6xCZU7wO94CTLVBowHQYD
VR0OBBYEFJJha4LhoqCqT+xn8cKj97SAAMHsMA4GA1UdDwEB/wQEAwIBhjASBgNVHRMBAf8ECDAG
AQH/AgEAMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDBDARBgNVHSAECjAIMAYGBFUdIAAw
RAYDVR0fBD0wOzA5oDegNYYzaHR0cDovL2NybC51c2VydHJ1c3QuY29tL0FkZFRydXN0RXh0ZXJu
YWxDQVJvb3QuY3JsMDUGCCsGAQUFBwEBBCkwJzAlBggrBgEFBQcwAYYZaHR0cDovL29jc3AudXNl
cnRydXN0LmNvbTANBgkqhkiG9w0BAQsFAAOCAQEAGypurFXBOquIxdjtzVXzqmthK8AJECOZD8Vm
am+x9bS1d14PAmEA330F/hKzpICAAPz7HVtqcgIKQbwFusFY1SbC6tVNhPv+gpjPWBvjImOcUvi7
BTarfVil3qs7Y+Xa1XPv7OD7e+Kj//BCI5zKto1NPuRLGAOyqC3U2LtCS5BphRDbpjc06HvgARCl
nMo6x59PiDRuimXQGoq7qdzKyjbR9PzCZCk1r9axp3ER0gNDsY8+muyeMlP0dpLKhjQHuSzK5hxK
2JkNwYbikJL7WkJqIyEQ6WXH9dW7fuqMhSACYurROgcsWcWZM/I4ieW26RZ6H3kU9koQGib6fIr7
mzCCBT8wggQnoAMCAQICEBpCSs8n+cQbczyWKtueyecwDQYJKoZIhvcNAQELBQAwgZsxCzAJBgNV
BAYTAkdCMRswGQYDVQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAOBgNVBAcTB1NhbGZvcmQxGjAY
BgNVBAoTEUNPTU9ETyBDQSBMaW1pdGVkMUEwPwYDVQQDEzhDT01PRE8gU0hBLTI1NiBDbGllbnQg
QXV0aGVudGljYXRpb24gYW5kIFNlY3VyZSBFbWFpbCBDQTAeFw0xNTAyMDIwMDAwMDBaFw0xNjAy
MDIyMzU5NTlaMCUxIzAhBgkqhkiG9w0BCQEWFGRlditpZXRmQHNlYW50ZWsuY29tMIIBIjANBgkq
hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz4n20qAOzUtC1oNz5zgTny0JRBE1mJZszV2s6EurahKP
vku7E+utnLhcaNahAWr2oZgeCK9uhEqijaC4qLZHnGt/+lnbsQtjmMJrcFCzhDZjDOJdYzmuS2cU
vZqY7YwzCG6jSfs4gwNh+29MS6faY6ucncbnfO9rBB0xu5GIdI3BzsPNYnACNlBYU7w4X4GA0/Mw
NAabNhDgxU2Tw1fl5w1Vt+6xRTXBk6V93LyVZN9wBIOpr2MuhoCJLHZrLirv/mbQE5ao4pkJLR/s
yYhS1Ko4MSiJmR3ugKPkxEo6DZkuJrfck36hLmtMo3yuzi7hkXmDzPKkdLlNj+Xek1GWtwIDAQAB
o4IB8jCCAe4wHwYDVR0jBBgwFoAUkmFrguGioKpP7GfxwqP3tIAAwewwHQYDVR0OBBYEFBpm5d7y
8PBT6NqnIVbfNK8hbpPGMA4GA1UdDwEB/wQEAwIFoDAMBgNVHRMBAf8EAjAAMCAGA1UdJQQZMBcG
CCsGAQUFBwMEBgsrBgEEAbIxAQMFAjARBglghkgBhvhCAQEEBAMCBSAwRgYDVR0gBD8wPTA7Bgwr
BgEEAbIxAQIBAQEwKzApBggrBgEFBQcCARYdaHR0cHM6Ly9zZWN1cmUuY29tb2RvLm5ldC9DUFMw
XQYDVR0fBFYwVDBSoFCgToZMaHR0cDovL2NybC5jb21vZG9jYS5jb20vQ09NT0RPU0hBMjU2Q2xp
ZW50QXV0aGVudGljYXRpb25hbmRTZWN1cmVFbWFpbENBLmNybDCBkAYIKwYBBQUHAQEEgYMwgYAw
WAYIKwYBBQUHMAKGTGh0dHA6Ly9jcnQuY29tb2RvY2EuY29tL0NPTU9ET1NIQTI1NkNsaWVudEF1
dGhlbnRpY2F0aW9uYW5kU2VjdXJlRW1haWxDQS5jcnQwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3Nw
LmNvbW9kb2NhLmNvbTAfBgNVHREEGDAWgRRkZXYraWV0ZkBzZWFudGVrLmNvbTANBgkqhkiG9w0B
AQsFAAOCAQEAeIf/Nevvv10ssk0unrJb9FC8lJi41sSpq5AFYtmC8IXwUmNxL7L5uE3tGlNJVoTK
ZvGeklYWDRCzq6zqte221TowXYmFO7G27rJZbQRjLzQoY63rMlFPFrjqQCEA6rDgo9DlFO9/81P7
ZC7xvZ52WH7e3p/yJNA4Av8E0eeavhC+l+cwtrw0wCp3gUs5xJT0koGVvli2wR18zecG3ib3ml+G
nDDv2AH7OhcyhVoj6V9AeGQa2HqaVpOQVRUNPamqr3xeARKk5sUSeBvxlF+0FWhl+AnhqNdxmeEp
qpgSvbcS1jbTsqApvgsBcDzjC09wV8mtBoMCtqlHvF3YY2z55jGCA8MwggO/AgEBMIGwMIGbMQsw
CQYDVQQGEwJHQjEbMBkGA1UECBMSR3JlYXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHEwdTYWxmb3Jk
MRowGAYDVQQKExFDT01PRE8gQ0EgTGltaXRlZDFBMD8GA1UEAxM4Q09NT0RPIFNIQS0yNTYgQ2xp
ZW50IEF1dGhlbnRpY2F0aW9uIGFuZCBTZWN1cmUgRW1haWwgQ0ECEBpCSs8n+cQbczyWKtueyecw
CQYFKw4DAhoFAKCCAecwGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG9w0BCQUxDxcN
MTUwOTA5MjIzNDIzWjAjBgkqhkiG9w0BCQQxFgQUMqo5/59UzYycoHGhD4l6dnb2EIswgcEGCSsG
AQQBgjcQBDGBszCBsDCBmzELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3Rl
cjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxQTA/BgNVBAMT
OENPTU9ETyBTSEEtMjU2IENsaWVudCBBdXRoZW50aWNhdGlvbiBhbmQgU2VjdXJlIEVtYWlsIENB
AhAaQkrPJ/nEG3M8lirbnsnnMIHDBgsqhkiG9w0BCRACCzGBs6CBsDCBmzELMAkGA1UEBhMCR0Ix
GzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgGA1UEChMR
Q09NT0RPIENBIExpbWl0ZWQxQTA/BgNVBAMTOENPTU9ETyBTSEEtMjU2IENsaWVudCBBdXRoZW50
aWNhdGlvbiBhbmQgU2VjdXJlIEVtYWlsIENBAhAaQkrPJ/nEG3M8lirbnsnnMA0GCSqGSIb3DQEB
AQUABIIBAAtXRuPWpOVd5JWI7kmCwFJgEc/mGFeyRCCDLYLZfUG0GqsHOZuKwYJDHJQYC5pt8147
e8RiaeG/IRBslnGiRFnIvPuBe/I37oK2ep0Jbtbk7Cbkp8KcHI05MBC3xN1whTw+pkeu/MzodflG
A2x+hVuWGoUA5glNGnSBRPvWfaBcNcuL9Zv3EH0zFxT8lgx4DFwtX6Gx3KIMtelogOkk654XCMPT
Ney+43aLWk7cg7KFWhkhsMIGO6M6qtSmM+rqOwzrarD4KQgi/IVc77MCdB4SPxBlccrHKkzc/sGX
vxfYVi6zpC9DDrch+tj7SWe3FZltzfZUfPu0u9I9NI14bC4AAAAAAAA=

--Apple-Mail=_94E96916-09B6-4E6C-81C0-2DB42CD2DB32--


From nobody Fri Sep 11 06:48:35 2015
Return-Path: <henry.story@bblfish.net>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7D50E1B4BAE for <saag@ietfa.amsl.com>; Fri, 11 Sep 2015 06:48:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level: 
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KU7gBh98MPfU for <saag@ietfa.amsl.com>; Fri, 11 Sep 2015 06:48:31 -0700 (PDT)
Received: from mail-wi0-f177.google.com (mail-wi0-f177.google.com [209.85.212.177]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 816FD1B4BAC for <saag@ietf.org>; Fri, 11 Sep 2015 06:48:31 -0700 (PDT)
Received: by wiclk2 with SMTP id lk2so59106279wic.1 for <saag@ietf.org>; Fri, 11 Sep 2015 06:48:30 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:content-type:mime-version:subject:from :in-reply-to:date:content-transfer-encoding:message-id:references:to; bh=L/pcHSIzmIzsk7Ydl4go+hFChL47amWkQJGmdrVWMDg=; b=RA1lvEAmwC80TynmbN3rHRusxzwleOyjnciEZzDWNfYCyuNQ6lJGeGwoEHmCLc0wfj RIq3//5fRieBDxd61QIgIn+LUGT8euSU8ZUJVHRyQmhndk5fc0xyOZzP/6a+VlmwcCX+ PDgCJlS4CtvwPOmz0MAQnhNfPpY2yrBaX0bffwS6KrfDu04Z7ga1tiHNG6WRcqQeLKdU g+VxoVimY4zmVNUhg/7BntZEuatbTT918Gjb8RPoQp/0/6/kz2+gGxOilpCIWull6WhW U5ePsoEQw3Z8WZVgiMmztGRBPiM6LvZqHxku/caf1gCm7Yko9R+DIf+r4tO/1+MTYuxa 1Bqw==
X-Gm-Message-State: ALoCoQlKxNXb/JFexWEJUvIqagvedTbpA/igfwdY17yy0dPsDDuLysn+GUfacKBFUJg7HsfBuep6
X-Received: by 10.194.62.137 with SMTP id y9mr12572074wjr.136.1441979310010; Fri, 11 Sep 2015 06:48:30 -0700 (PDT)
Received: from [192.168.0.2] (cpc2-popl3-2-0-cust563.13-2.cable.virginm.net. [86.21.242.52]) by smtp.gmail.com with ESMTPSA id cx3sm475034wjc.27.2015.09.11.06.48.28 for <saag@ietf.org> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Fri, 11 Sep 2015 06:48:28 -0700 (PDT)
Content-Type: text/plain; charset=utf-8
Mime-Version: 1.0 (Mac OS X Mail 8.2 \(2104\))
From: "henry.story@bblfish.net" <henry.story@bblfish.net>
In-Reply-To: <CACvaWva99wWUzZgaWmagef5CXocTY-3PVt2oqQqzaKC38SSUuQ@mail.gmail.com>
Date: Fri, 11 Sep 2015 14:48:27 +0100
Content-Transfer-Encoding: quoted-printable
Message-Id: <238226EB-D111-4480-B0E9-DE2359F4D061@bblfish.net>
References: <CACvaWva3G=RWC+_Nz_7oi6RHSd6KQfAkmpFUQ-fe-fnESfeEuw@mail.gmail.com> <36e564df-28db-4ce7-b44d-fb9f2a5e4511@chromium.org> <3f3ffe38-a4a0-45b8-a797-f1b1ae265a88@chromium.org> <CACvaWva99wWUzZgaWmagef5CXocTY-3PVt2oqQqzaKC38SSUuQ@mail.gmail.com>
To: saag@ietf.org
X-Mailer: Apple Mail (2.2104)
Archived-At: <http://mailarchive.ietf.org/arch/msg/saag/bsw-7xDZixzbQTWGBGr_mD1WLf4>
Subject: [saag] Linkeability, SO & certificates Re: (Pre-)Intent to Deprecate: <keygen> element and application/x-x509-*-cert MIME handling
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 11 Sep 2015 13:48:34 -0000

Thanks Ryan for bringing up below what I think are the three underlying =
reasons=20
for the move to deprecate <keygen> in html by relating in a very strong =
way:

1. Same Origin Policy to Linkability,=20
2. Linkability to loss of Privacy,=20
3. certificates to loss of Privacy

These are high level Architectural  statements, that need to be made =
explicit, as they affect many other groups in the web, so I am also =
CCing this to the TAG, and to the SAAG at the IETF as they are working =
on both TLS 3 and a number of client side certificate technologies.

What would be nice would be if we could have actual documents from the =
W3C and SAAG  that
clarified where these concepts actually are applicable and what the =
limitations of them are.

As background for people new to this thread, this follows up on a =
request by the HTML5 WG to deprecate <keygen> =
https://github.com/whatwg/html/issues/67 . The main discussion actually =
seems to be occuring on the blink-dev chrome list for some reason and it =
was brought up by Tim Berners Lee for discussion on the W3C TAG=20
  https://lists.w3.org/Archives/Public/www-tag/2015Sep/

> On 11 Sep 2015, at 01:32, 'Ryan Sleevi' via blink-dev =
<blink-dev@chromium.org> wrote in an
> e-mail that is archived =
https://groups.google.com/a/chromium.org/d/msg/blink-dev/pX5NbX0Xack/y5R4K=
y9KAQAJ
>=20
>> On Thu, Sep 10, 2015 at 11:30 AM, <helpcrypto@gmail.com> wrote:
>> WebCrypto Discovery API should be able to find keys there too. ie: =
Firefox has to give access to NSS/softoken/pkcs11 and Chrome/IE to =
windows  keystore/keychain on OSX
> IE does not grant such access - it's never implemented <keygen>. The =
ActiveX object it does provide allows for full system modification, so =
that's hardly a good model.

What you mean is that it can add client certificates to the keystore, as =
implementations of <keygen> can, and have, right? It can't also launch =
programs in user or root mode, edit files, etc.... Because that's a bit =
what it sounds like when you say "full system modification". ( many =
people in the web thought the ActiveX idea  was not a good idea as it =
bound the web to particular binary implementations, nevertheless I =
suppose no serious security leaks persist with this feature, or else it =
would have been removed a long time ago, especially as Microsoft is =
keeping it for enterprise customers ).=20

The major difference betweent the ActiveX control and keygen, is that =
the ActiveX control
requires JS to be used. (more of that below)

>=20
> And there are zero plans for WebCrypto to do this (it's deliberately =
out of scope of the charter), and I/royal we remain opposed to on =
numerous grounds (security and privacy being foremost). The Same Origin =
Policy is a critical piece of the Web.

The Same Origin Policy has always been used with respect to JavaScript =
especially when JS from one origin then connects to other origins to get =
information.  As JS is non declarative and a turing complete language it =
is quite clear why these restrictions apply: The JS can actually do =
things in place of the user. It is procedural code, meaning that an =
extra agency is added to the web page.

On the other hand the web itself is built on Linkeability between pages =
from different origins: that is what makes the web the web. This form of =
linkeability comes historically and conceptually before the non =
linkeability of JS. So linkeability is more essential to the web than JS =
non linkeability.

As a result non linkeability and same origin policy cannot be invoked =
without careful attention to the circumstances in which they apply.

What is the difference between the two? The declarative nature of the =
web-without-JS means that most of the actions in the web remain under =
the user control. What the User Agent (UA) does is on the whole very =
limited: it fetches and displays documents. It is up to the user to =
decide which link she clicks, what he bookmarks, what forms he submits, =
what document she saves to her local file system. When you add JS to the =
mix, you add the agency of the JS to the mix, which can now also now =
follow links, click form elements, etc... So instead of 2 agents ( the =
UA and the user ) you suddenly have n agents to deal with: the User, the =
UA,  the JS agent for each of n-2 origins ( and here it is clear that =
bunching all the JS on one origin together gives a really vague concept =
of code identity ).

As it happens the <keygen> element that is being put up for deprecation =
is part of the html-non-JS web, and works on clients that have JS =
disabled.=20
Client certificate authentication as used by TLS is also declarative: =
the browser chrome gives the (human) user the ability to choose what =
certificate to use, and to cancel the authentication request if desired.
In none of these cases is the user out of control ( in a privacy =
respecting browser - and more can be done in many browsers to improve =
the user control ).

There is no reason that this TLS client certificate authentication =
feature can't be improved to work better with HTTP2.0 aka SPDY see the =
HTTP WG thread:
=E2=80=A2 starting: =
https://lists.w3.org/Archives/Public/ietf-http-wg/2015AprJun/0558.html
=E2=80=A2 most recent: =
https://lists.w3.org/Archives/Public/ietf-http-wg/2015JulSep/0310.html

>=20
> BTW: couple of questions about FIDO:
>=20
> - If I create keys for foo.com using a U2F compliant USB device =
(yubikey) on my PC and then I want to login using my mobile...shall I =
generate another keypair? can't I use one for all? (reverse question may =
apply)
>=20
> Yes. =
https://fidoalliance.org/wp-content/uploads/html/fido-appid-and-facets-v1.=
0-ps-20141208.html
>=20
> - could a FIDO key be used for many domains (like eID, allowing me to =
auth/sign on different domains)
>=20
> No. And it's the fact that it explicitly lacks that property that =
makes FIDO viable for the Web, without being a security (due to forgery =
of shared-key attacks) or privacy (due to linkability) nightmare.=20

What is the forgery of shared-key attacks? ( a detailed pointer would be =
nice )=20
Is that due to the MD5 weakness in the  Signed Public Key and Challenge =
( SPKAC ) format used by <keygen> at present, which allows the UA's =
keychain to sign the public key with the private key, allowing the =
server to verify  that the certificate request comes from an agent that =
is actually in possession of the private key? I tried to consider what =
could
be done with such an attack in the thread
 =
https://groups.google.com/a/chromium.org/d/msg/blink-dev/pX5NbX0Xack/dn_7R=
guGAAAJ
As far as we can see not that much can be done with it, especially if =
one considers how
certificates are actually used.=20

But of course it is easy to imagine improving keygen so that this =
weakness does not arise, for example by extending it with=20

<keygen keytype=3D"rsa" signature=3D"sha1 sha2" signedpk=3D"jose">

JOSE is a format that is being developed by the IETF =
https://tools.ietf.org/wg/jose/
and so are X509 Certificates.

Given that it is so easy to see how keygen could be extended to allow =
for different certificate formats to be used, your argument cannot be =
that it is just X509 that is
problematic, but that any certificate format is a privacy problem.

If so this needs to be brought to the attention of the IETF SAAG, as =
they are investing
time working on this.

As you have been singing the praises of the FIDO alliance spec, I'd like =
to note that it is difficult to see how FIDO actually would work without =
certificates. It requires them for TLS verification of servers.

Also as OpenID, OAuth and SAML which are designed to fit on top of FIDO =
as seen here

=
https://fidoalliance.org/wp-content/uploads/html/fido-uaf-overview-v1.0-ps=
-20141208.html#relationship-to-other-technologies

require some form globally known relation between public key and global =
identifier to be available. Otherwise how would attribute exchange work? =
If the Relying Party has no way to
know who the Identity provider is, why should it even trust the Identity =
Provider?=20

So Server Certificates are good, but client certificates are bad =
aparently. What is the principled argument that allows one to make this =
distinction?

Henry


Social Web Architect
http://bblfish.net/


From nobody Fri Sep 11 08:02:15 2015
Return-Path: <henry.story@gmail.com>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2C88D1B32E3 for <saag@ietfa.amsl.com>; Fri, 11 Sep 2015 02:59:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.101
X-Spam-Level: 
X-Spam-Status: No, score=-0.101 tagged_above=-999 required=5 tests=[BAYES_40=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PdVOESsGWFi8 for <saag@ietfa.amsl.com>; Fri, 11 Sep 2015 02:59:18 -0700 (PDT)
Received: from mail-wi0-x230.google.com (mail-wi0-x230.google.com [IPv6:2a00:1450:400c:c05::230]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 24EFA1ACE06 for <saag@ietf.org>; Fri, 11 Sep 2015 02:59:18 -0700 (PDT)
Received: by wiclk2 with SMTP id lk2so58118408wic.0 for <saag@ietf.org>; Fri, 11 Sep 2015 02:59:16 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;  h=content-type:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=mzA09DACNgyjtwfwD+x6ni8ftvqoWL3fdnsuMOtQNVE=; b=eDMv51lfAvUs61lWJ6qcE0cWCI8c87CVznJn9ORKZtXroJMXyhesX8Ucm0tXNEhFnn uJrm298Z5A+MN0CRS8m6/2BMK86/Ahs1mNJ7oFF6uCPiooLWSWRd0tCTYu64forQE69+ qzWDqj9/xi2RXsiM6wB/n2xrFYimjk5/622TeG7Sqlrv+IhAdHcI2ty+JPwI1gSg+n+J bG40WcqJVuRepR+M8K5Sy8WyvsTWwrgr+BzeN35YYD1A3w8oXbLX871zVxUZt5djglrY RWh0Z6E12DTlmIxuVGzTn0Tgnr1L/YKG8ZMgNPkGmAw3nmp2xPpPvaJ1udamB0BYtikR 9tfA==
X-Received: by 10.194.238.39 with SMTP id vh7mr77159021wjc.109.1441965556670;  Fri, 11 Sep 2015 02:59:16 -0700 (PDT)
Received: from [192.168.0.2] (cpc2-popl3-2-0-cust563.13-2.cable.virginm.net. [86.21.242.52]) by smtp.gmail.com with ESMTPSA id gk9sm13841303wib.9.2015.09.11.02.59.14 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Fri, 11 Sep 2015 02:59:14 -0700 (PDT)
Content-Type: text/plain; charset=utf-8
Mime-Version: 1.0 (Mac OS X Mail 8.2 \(2104\))
From: Henry Story <henry.story@gmail.com>
In-Reply-To: <CACvaWva99wWUzZgaWmagef5CXocTY-3PVt2oqQqzaKC38SSUuQ@mail.gmail.com>
Date: Fri, 11 Sep 2015 10:59:13 +0100
Content-Transfer-Encoding: quoted-printable
Message-Id: <C723153A-E477-4195-A0EC-5E70D8E72F8D@gmail.com>
References: <CACvaWva3G=RWC+_Nz_7oi6RHSd6KQfAkmpFUQ-fe-fnESfeEuw@mail.gmail.com> <36e564df-28db-4ce7-b44d-fb9f2a5e4511@chromium.org> <3f3ffe38-a4a0-45b8-a797-f1b1ae265a88@chromium.org> <CACvaWva99wWUzZgaWmagef5CXocTY-3PVt2oqQqzaKC38SSUuQ@mail.gmail.com>
To: Ryan Sleevi <sleevi@google.com>
X-Mailer: Apple Mail (2.2104)
Archived-At: <http://mailarchive.ietf.org/arch/msg/saag/I8si2os62yO28BY2antE7RtjG4g>
X-Mailman-Approved-At: Fri, 11 Sep 2015 08:02:13 -0700
Cc: helpcrypto helpcrypto <helpcrypto@gmail.com>, blink-dev <blink-dev@chromium.org>, saag@ietf.org
Subject: [saag] Linkeability, SO & certificates Re: (Pre-)Intent to Deprecate: <keygen> element and application/x-x509-*-cert MIME handling
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 11 Sep 2015 09:59:21 -0000

Thanks Ryan for bringing up below what I think are the three underlying =
reasons=20
for the move to deprecate <keygen> in html by relating in a very strong =
way:

 1. Same Origin Policy to Linkability,=20
 2. Linkability to loss of Privacy,=20
 3. certificates to loss of Privacy

These are high level Architectural  statements, that need to be made =
explicit, as they affect many other groups in the web, so I am also =
CCing this to the TAG, and to the SAAG at the IETF as they are working =
on both TLS 3 and a number of client side certificate technologies.

What would be nice would be if we could have actual documents from the =
W3C and SAAG  that
clarified where these concepts actually are applicable and what the =
limitations of them are.

As background for people new to this thread, this follows up on a =
request by the HTML5 WG to deprecate <keygen> =
https://github.com/whatwg/html/issues/67 . The main discussion actually =
seems to be occuring on the blink-dev chrome list for some reason and it =
was brought up by Tim Berners Lee for discussion on the W3C TAG.

> On 11 Sep 2015, at 01:32, 'Ryan Sleevi' via blink-dev =
<blink-dev@chromium.org> wrote in an
> e-mail that is archived =
https://groups.google.com/a/chromium.org/d/msg/blink-dev/pX5NbX0Xack/y5R4K=
y9KAQAJ
>=20
>> On Thu, Sep 10, 2015 at 11:30 AM, <helpcrypto@gmail.com> wrote:
>> WebCrypto Discovery API should be able to find keys there too. ie: =
Firefox has to give access to NSS/softoken/pkcs11 and Chrome/IE to =
windows  keystore/keychain on OSX
> IE does not grant such access - it's never implemented <keygen>. The =
ActiveX object it does provide allows for full system modification, so =
that's hardly a good model.

What you mean is that it can add client certificates to the keystore, as =
implementations of <keygen> can, and have, right? It can't also launch =
programs in user or root mode, edit files, etc.... Because that's a bit =
what it sounds like when you say "full system modification". ( many =
people in the web thought the ActiveX idea  was not a good idea as it =
bound the web to particular binary implementations, nevertheless I =
suppose no serious security leaks persist with this feature, or else it =
would have been removed a long time ago, especially as Microsoft is =
keeping it for enterprise customers ).=20

The major difference betweent the ActiveX control and keygen, is that =
the ActiveX control
requires JS to be used. (more of that below)

>=20
> And there are zero plans for WebCrypto to do this (it's deliberately =
out of scope of the charter), and I/royal we remain opposed to on =
numerous grounds (security and privacy being foremost). The Same Origin =
Policy is a critical piece of the Web.

The Same Origin Policy has always been used with respect to JavaScript =
especially when JS from one origin then connects to other origins to get =
information.  As JS is non declarative and a turing complete language it =
is quite clear why these restrictions apply: The JS can actually do =
things in place of the user. It is procedural code, meaning that an =
extra agency is added to the web page.

On the other hand the web itself is built on Linkeability between pages =
from different origins: that is what makes the web the web. This form of =
linkeability comes historically and conceptually before the non =
linkeability of JS. So linkeability is more essential to the web than JS =
non linkeability.

As a result non linkeability and same origin policy cannot be invoked =
without careful attention to the circumstances in which they apply.

What is the difference between the two? The declarative nature of the =
web-without-JS means that most of the actions in the web remain under =
the user control. What the User Agent (UA) does is on the whole very =
limited: it fetches and displays documents. It is up to the user to =
decide which link she clicks, what he bookmarks, what forms he submits, =
what document she saves to her local file system. When you add JS to the =
mix, you add the agency of the JS to the mix, which can now also now =
follow links, click form elements, etc... So instead of 2 agents ( the =
UA and the user ) you suddenly have n agents to deal with: the User, the =
UA,  the JS agent for each of n-2 origins ( and here it is clear that =
bunching all the JS on one origin together gives a really vague concept =
of code identity ).

As it happens the <keygen> element that is being put up for deprecation =
is part of the html-non-JS web, and works on clients that have JS =
disabled.=20
Client certificate authentication as used by TLS is also declarative: =
the browser chrome gives the (human) user the ability to choose what =
certificate to use, and to cancel the authentication request if desired.
In none of these cases is the user out of control ( in a privacy =
respecting browser - and more can be done in many browsers to improve =
the user control ).
=20
There is no reason that this TLS client certificate authentication =
feature can't be improved to work better with HTTP2.0 aka SPDY see the =
HTTP WG thread:
  =E2=80=A2 starting: =
https://lists.w3.org/Archives/Public/ietf-http-wg/2015AprJun/0558.html
  =E2=80=A2 most recent: =
https://lists.w3.org/Archives/Public/ietf-http-wg/2015JulSep/0310.html

>=20
> BTW: couple of questions about FIDO:
>=20
>  - If I create keys for foo.com using a U2F compliant USB device =
(yubikey) on my PC and then I want to login using my mobile...shall I =
generate another keypair? can't I use one for all? (reverse question may =
apply)
>=20
> Yes. =
https://fidoalliance.org/wp-content/uploads/html/fido-appid-and-facets-v1.=
0-ps-20141208.html
> =20
>  - could a FIDO key be used for many domains (like eID, allowing me to =
auth/sign on different domains)
>=20
> No. And it's the fact that it explicitly lacks that property that =
makes FIDO viable for the Web, without being a security (due to forgery =
of shared-key attacks) or privacy (due to linkability) nightmare.=20

What is the forgery of shared-key attacks? ( a detailed pointer would be =
nice )=20
Is that due to the MD5 weakness in the  Signed Public Key and Challenge =
( SPKAC ) format used by <keygen> at present, which allows the UA's =
keychain to sign the public key with the private key, allowing the =
server to verify  that the certificate request comes from an agent that =
is actually in possession of the private key? I tried to consider what =
could
be done with such an attack in the thread
   =
https://groups.google.com/a/chromium.org/d/msg/blink-dev/pX5NbX0Xack/dn_7R=
guGAAAJ
As far as we can see not that much can be done with it, especially if =
one considers how
certificates are actually used.=20

But of course it is easy to imagine improving keygen so that this =
weakness does not arise, for example by extending it with=20

 <keygen keytype=3D"rsa" signature=3D"sha1 sha2" signedpk=3D"jose">

JOSE is a format that is being developed by the IETF =
https://tools.ietf.org/wg/jose/
and so are X509 Certificates.

Given that it is so easy to see how keygen could be extended to allow =
for different certificate formats to be used, your argument cannot be =
that it is just X509 that is
problematic, but that any certificate format is a privacy problem.

If so this needs to be brought to the attention of the IETF SAAG, as =
they are investing
time working on this.

As you have been singing the praises of the FIDO alliance spec, I'd like =
to note that it is difficult to see how FIDO actually would work without =
certificates. It requires them for TLS verification of servers.

Also as OpenID, OAuth and SAML which are designed to fit on top of FIDO =
as seen here

=
https://fidoalliance.org/wp-content/uploads/html/fido-uaf-overview-v1.0-ps=
-20141208.html#relationship-to-other-technologies

require some form globally known relation between public key and global =
identifier to be available. Otherwise how would attribute exchange work? =
If the Relying Party has no way to
know who the Identity provider is, why should it even trust the Identity =
Provider?=20

So Server Certificates are good, but client certificates are bad =
aparently. What is the principled argument that allows one to make this =
distinction?

Henry


Social Web Architect
http://bblfish.net/


From nobody Sun Sep 13 07:06:41 2015
Return-Path: <sarath.ginjupalli89@gmail.com>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8CA5D1AD079 for <saag@ietfa.amsl.com>; Sun, 13 Sep 2015 07:06:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.749
X-Spam-Level: 
X-Spam-Status: No, score=-1.749 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id F67nzGvUXls0 for <saag@ietfa.amsl.com>; Sun, 13 Sep 2015 07:06:38 -0700 (PDT)
Received: from mail-qg0-x230.google.com (mail-qg0-x230.google.com [IPv6:2607:f8b0:400d:c04::230]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 541381AD06D for <saag@ietf.org>; Sun, 13 Sep 2015 07:06:38 -0700 (PDT)
Received: by qgx61 with SMTP id 61so97072687qgx.3 for <saag@ietf.org>; Sun, 13 Sep 2015 07:06:37 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;  h=mime-version:date:message-id:subject:from:to:content-type; bh=R/1L7hZi3FFeuKidsyyRFqAkNO4veuSsUytxW47vz94=; b=cvLYYr2Sf/JuWV57jl8Vfo3nWRy6DfsYd3/QjU0txy7zGFH1V0LWThkxg1gUVb6Oah UemJHmQ0PGm8ScXDTQGVfVAv3isAm68QHn2lJcDSPG/uGgHRkAI3E1IEHOUCI3axbGfO /dPTmoShHl5RduqrEA6NUflmSm1WowrTLYASMMWLWcyGJV/IcVMl2tV0d5r82gXAECVw bDB2/mhumEHAOBVdYPQIht1SRHiuTEpK3H3j9Zki46ffKLF3vcgbqsI7gojjqnn8RPXt SrBX1fXxE6sRs20KfgL4KVOu7qfe+sFdhfDWFl6BjvK/7W4bg41WQzX0y9XYE1hUpHjJ DQJA==
MIME-Version: 1.0
X-Received: by 10.140.133.196 with SMTP id 187mr15297820qhf.2.1442153197532; Sun, 13 Sep 2015 07:06:37 -0700 (PDT)
Received: by 10.140.84.243 with HTTP; Sun, 13 Sep 2015 07:06:37 -0700 (PDT)
Date: Sun, 13 Sep 2015 19:36:37 +0530
Message-ID: <CANNyqrz39FYmqU__7X_4__1pDk1AWuu1raXZreakhGCasiRvzg@mail.gmail.com>
From: Sarat G <sarath.ginjupalli89@gmail.com>
To: saag@ietf.org
Content-Type: multipart/alternative; boundary=001a1136f9840cfd23051fa17526
Archived-At: <http://mailarchive.ietf.org/arch/msg/saag/v17-PHyd1bJ5xhdwzSPHa2W3MfM>
Subject: [saag] How the cipher negotiation in snmpv3 will happen?
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 13 Sep 2015 14:06:39 -0000

--001a1136f9840cfd23051fa17526
Content-Type: text/plain; charset=UTF-8

Hi,
I'm working on snmpv3. In the RFC and internet I haven't seen any
documentation regarding how the encryption and hashing algorithms exchanged
between the entities. I wonder will there be any cipher negotiation happens
in SNMPv3 or both parties should agree upon a specific set of algorithms
prior to the communication and use them?
Please apologize and discard if this is not right platform to post this
question.
Thank you.
Regards,
Sarat G

--001a1136f9840cfd23051fa17526
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr"><span style=3D"font-size:12.8px">Hi,</span><div style=3D"f=
ont-size:12.8px"><span style=3D"font-family:&#39;Helvetica Neue&#39;,Helvet=
ica,Arial,sans-serif;font-size:15px;line-height:19.5px">I&#39;m working on =
snmpv3. In the RFC and internet I haven&#39;t seen any documentation regard=
ing how the encryption and hashing algorithms exchanged between the entitie=
s. I wonder will there be any cipher negotiation happens in SNMPv3 or both =
parties should agree upon a specific set of algorithms prior to the communi=
cation and use them?</span></div><div style=3D"font-size:12.8px"><span styl=
e=3D"font-family:&#39;Helvetica Neue&#39;,Helvetica,Arial,sans-serif;font-s=
ize:15px;line-height:19.5px">Please apologize and discard if this is not ri=
ght platform to post this question.</span></div><div style=3D"font-size:12.=
8px"><span style=3D"font-size:15px;line-height:19.5px;font-family:&#39;Helv=
etica Neue&#39;,Helvetica,Arial,sans-serif">Thank you.</span><br></div><div=
>Regards,<br></div><div><div class=3D"gmail_signature">Sarat G<br><div><br>=
</div><div><br></div></div></div>
</div>

--001a1136f9840cfd23051fa17526--


From nobody Sun Sep 13 07:23:50 2015
Return-Path: <j.schoenwaelder@jacobs-university.de>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BE9CC1B2CD0 for <saag@ietfa.amsl.com>; Sun, 13 Sep 2015 07:23:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.539
X-Spam-Level: 
X-Spam-Status: No, score=0.539 tagged_above=-999 required=5 tests=[BAYES_40=-0.001, HELO_EQ_DE=0.35, RCVD_IN_DNSWL_MED=-2.3, T_RP_MATCHES_RCVD=-0.01, URIBL_DBL_ABUSE_BOTCC=2.5] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QbgySUPplXyp for <saag@ietfa.amsl.com>; Sun, 13 Sep 2015 07:23:48 -0700 (PDT)
Received: from atlas3.jacobs-university.de (atlas3.jacobs-university.de [212.201.44.18]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0C8A11AD218 for <saag@ietf.org>; Sun, 13 Sep 2015 07:23:48 -0700 (PDT)
Received: from localhost (demetrius5.irc-it.jacobs-university.de [10.70.0.222]) by atlas3.jacobs-university.de (Postfix) with ESMTP id 5A1B52E3D; Sun, 13 Sep 2015 16:23:46 +0200 (CEST)
X-Virus-Scanned: amavisd-new at jacobs-university.de
Received: from atlas3.jacobs-university.de ([10.70.0.220]) by localhost (demetrius5.jacobs-university.de [10.70.0.222]) (amavisd-new, port 10030) with ESMTP id 4dMd5Odabvkp; Sun, 13 Sep 2015 16:23:46 +0200 (CEST)
Received: from hermes.jacobs-university.de (hermes.jacobs-university.de [212.201.44.23]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "hermes.jacobs-university.de", Issuer "Jacobs University CA - G01" (verified OK)) by atlas3.jacobs-university.de (Postfix) with ESMTPS; Sun, 13 Sep 2015 16:23:46 +0200 (CEST)
Received: from localhost (demetrius3.jacobs-university.de [212.201.44.48]) by hermes.jacobs-university.de (Postfix) with ESMTP id DCA772004E; Sun, 13 Sep 2015 16:23:45 +0200 (CEST)
X-Virus-Scanned: amavisd-new at jacobs-university.de
Received: from hermes.jacobs-university.de ([212.201.44.23]) by localhost (demetrius3.jacobs-university.de [212.201.44.32]) (amavisd-new, port 10024) with ESMTP id sauAeQlt4OVF; Sun, 13 Sep 2015 16:23:45 +0200 (CEST)
Received: from elstar.local (elstar.jacobs.jacobs-university.de [10.50.231.133]) by hermes.jacobs-university.de (Postfix) with ESMTP id 80C0E20048; Sun, 13 Sep 2015 16:23:43 +0200 (CEST)
Received: by elstar.local (Postfix, from userid 501) id F0D1E3707B3C; Sun, 13 Sep 2015 16:23:39 +0200 (CEST)
Date: Sun, 13 Sep 2015 16:23:39 +0200
From: Juergen Schoenwaelder <j.schoenwaelder@jacobs-university.de>
To: Sarat G <sarath.ginjupalli89@gmail.com>
Message-ID: <20150913142339.GA44966@elstar.local>
Mail-Followup-To: Sarat G <sarath.ginjupalli89@gmail.com>, saag@ietf.org
References: <CANNyqrz39FYmqU__7X_4__1pDk1AWuu1raXZreakhGCasiRvzg@mail.gmail.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <CANNyqrz39FYmqU__7X_4__1pDk1AWuu1raXZreakhGCasiRvzg@mail.gmail.com>
User-Agent: Mutt/1.4.2.3i
Archived-At: <http://mailarchive.ietf.org/arch/msg/saag/UfugWcqmNEdtAYmQDbU5kM0F0uQ>
Cc: saag@ietf.org
Subject: Re: [saag] How the cipher negotiation in snmpv3 will happen?
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: Juergen Schoenwaelder <j.schoenwaelder@jacobs-university.de>
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 13 Sep 2015 14:23:49 -0000

On Sun, Sep 13, 2015 at 07:36:37PM +0530, Sarat G wrote:
> Hi,
> I'm working on snmpv3. In the RFC and internet I haven't seen any
> documentation regarding how the encryption and hashing algorithms exchanged
> between the entities. I wonder will there be any cipher negotiation happens
> in SNMPv3 or both parties should agree upon a specific set of algorithms
> prior to the communication and use them?
> Please apologize and discard if this is not right platform to post this
> question.

The SNMPv3 security algorithms are pre-configured and not negotiated,
except when you use SNMP over TLS or SNMP over SSH.

/js

-- 
Juergen Schoenwaelder           Jacobs University Bremen gGmbH
Phone: +49 421 200 3587         Campus Ring 1 | 28759 Bremen | Germany
Fax:   +49 421 200 3103         <http://www.jacobs-university.de/>


From nobody Sun Sep 13 08:56:31 2015
Return-Path: <noloader@gmail.com>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A4F751B40C9 for <saag@ietfa.amsl.com>; Sun, 13 Sep 2015 08:56:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.7
X-Spam-Level: 
X-Spam-Status: No, score=0.7 tagged_above=-999 required=5 tests=[BAYES_50=0.8,  DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RYDZ90-xuDNR for <saag@ietfa.amsl.com>; Sun, 13 Sep 2015 08:56:29 -0700 (PDT)
Received: from mail-ig0-x22c.google.com (mail-ig0-x22c.google.com [IPv6:2607:f8b0:4001:c05::22c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 06A121B40BB for <saag@ietf.org>; Sun, 13 Sep 2015 08:56:29 -0700 (PDT)
Received: by igcrk20 with SMTP id rk20so72052912igc.1 for <saag@ietf.org>; Sun, 13 Sep 2015 08:56:28 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;  h=mime-version:reply-to:in-reply-to:references:date:message-id :subject:from:to:content-type; bh=ye7nvK6Y87QnhFUY2xFtpRsTWY42fIlxz+BGF+bz+jI=; b=Zhd48ajHWQeN5ifje9eE7f/+zbbyLqtMh524m+x8M/6D3Yel/tG1L57GOHCe3+j2TT fvdehM0Fe+dZsGEycM9GwD+5vo6jZJK8mAKJWEpt6v57j4YC/5KnNzVxru+zvrILPvh5 md6ofY5MpeghOzAzIaHDHQb4drEcvnLoG3BVJRe9RxBvflG8uqCuVzSDnEXRcpf/Aew/ Htj48dlJGGSQJsk9xAh6t7leHYz3u+jpJkvvbFEO2ebnm8UmvQZFu2LfeEeD7ZSgI5Uv SQ4uUlau+y7pO7kDVXPmLofKs9jW19+O8mlT3XgJ6ikpZgAeNKajsaYcWfxrNB3M/Mud SsIQ==
MIME-Version: 1.0
X-Received: by 10.50.61.243 with SMTP id t19mr11127322igr.22.1442159788359; Sun, 13 Sep 2015 08:56:28 -0700 (PDT)
Received: by 10.36.123.131 with HTTP; Sun, 13 Sep 2015 08:56:28 -0700 (PDT)
In-Reply-To: <55CE5A40.3090804@cs.tcd.ie>
References: <55CE5A40.3090804@cs.tcd.ie>
Date: Sun, 13 Sep 2015 11:56:28 -0400
Message-ID: <CAH8yC8n3Fmy7LxXPh6gDJv75-EhHu0Ac1R0wLsHetOQSTTg+BQ@mail.gmail.com>
From: Jeffrey Walton <noloader@gmail.com>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>, "saag@ietf.org" <saag@ietf.org>
Content-Type: text/plain; charset=UTF-8
Archived-At: <http://mailarchive.ietf.org/arch/msg/saag/jtCu55OsL4ua-d3DKe6cK-7CF9k>
Subject: Re: [saag] NIST requests comments on using ISO/IEC 19790:2012 as the U.S. Federal Standard for cryptographic modules
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: noloader@gmail.com
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 13 Sep 2015 15:56:30 -0000

> As an FYI, those of you who are interested in cryptographic
> module APIs would probably be interested in this. [1] (partly
> copied below.)
>
> I'm told the ISO spec is behind a paywall, but haven't gone
> to look and see if there's a version freely available, so
> it's hard to know what kind of change this might represent.
> If someone has more info on that it might be useful to
> share that here.
>
Sorry to dig up an old thread. I just came across an example that
might help with some concerns:
http://luca-giuzzi.unibs.it/corsi/Support/papers-cryptography/1619-2007-NIST-Submission.pdf.

It appears the IEEE prepared the document to avoid the Paywall
problems like the ISO/IEC suffers (or more correctly, users suffer).

The document used to be available at
http://grouper.ieee.org/groups/1619tmp/1619-2007-NIST-Submission.pdf,
but it appears the IEEE webmaster broke the links. Luckily its still
available in Italy.

Jeff


From nobody Mon Sep 14 07:50:34 2015
Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6874D1B4833 for <saag@ietfa.amsl.com>; Mon, 14 Sep 2015 07:50:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.311
X-Spam-Level: 
X-Spam-Status: No, score=-4.311 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PH7PeEbeeenq for <saag@ietfa.amsl.com>; Mon, 14 Sep 2015 07:50:30 -0700 (PDT)
Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 46F5A1B3BAF for <saag@ietf.org>; Mon, 14 Sep 2015 07:50:30 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id 3EB68BE35 for <saag@ietf.org>; Mon, 14 Sep 2015 15:50:28 +0100 (IST)
Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id C3hGBaKW6hVe for <saag@ietf.org>; Mon, 14 Sep 2015 15:50:28 +0100 (IST)
Received: from [134.226.36.180] (stephen-think.dsg.cs.tcd.ie [134.226.36.180]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id 11588BDCF for <saag@ietf.org>; Mon, 14 Sep 2015 15:50:28 +0100 (IST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cs.tcd.ie; s=mail; t=1442242228; bh=bgxyGRSBeKtbar7SROfxQAAIS8y+ZyFQMVwv9s3rHFk=; h=Subject:References:To:From:Date:In-Reply-To:From; b=x/xuT2vVhn57+p8E87E9rcAQoutQvNmIjzlbyOp/B0qTefgIwWiYdwaJ9yHjwAcO6 Ab1sae9vw5LD4BPd4ujS3lLnAoqGoX1M7OnkhDXDHgOw0XZbH3rqruYpJVTMbg9S86 4lHBsb4aTCeVpcLKLzm606sOi/K5pZOzyoVfOduk=
References: <BN3PR09MB05785CD1CEA251B7AB38C0F6E65D0@BN3PR09MB0578.namprd09.prod.outlook.com>
To: "saag@ietf.org" <saag@ietf.org>
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Openpgp: id=D66EA7906F0B897FB2E97D582F3C8736805F8DA2; url=
X-Forwarded-Message-Id: <BN3PR09MB05785CD1CEA251B7AB38C0F6E65D0@BN3PR09MB0578.namprd09.prod.outlook.com>
Message-ID: <55F6DEB3.9020706@cs.tcd.ie>
Date: Mon, 14 Sep 2015 15:50:27 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.2.0
MIME-Version: 1.0
In-Reply-To: <BN3PR09MB05785CD1CEA251B7AB38C0F6E65D0@BN3PR09MB0578.namprd09.prod.outlook.com>
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/saag/V5MP35CbqCLmJcDeqKLBt2XdybU>
Subject: [saag] Fwd: Request for Comments: NIST SP 800-57 Part 1 (Rev 4): Recommendation for Key Management: Part 1: General
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 14 Sep 2015 14:50:32 -0000

FYI


-------- Forwarded Message --------
Subject: Request for Comments:  NIST SP 800-57 Part 1 (Rev 4):
Recommendation for Key Management: Part 1: General
Date: Mon, 14 Sep 2015 13:57:11 +0000
From: Caswell, Sara J. <sara.caswell@nist.gov>
To: stephen.farrell@cs.tcd.ie <stephen.farrell@cs.tcd.ie>

NIST requests comments on a revision of Special Publication (SP) 800-57,
Part 1, Recommendation for Key Management, Part 1 (Rev. 4). This
Recommendation provides general guidance and best practices for the
management of cryptographic keying material. A list of changes is
provided in Appendix D of the document.

Please send comments to
keymanagement@nist.gov<mailto:keymanagement@nist.gov?subject=Comments%20on%20SP%20800-57,%20Part%201>
by October 31, 2015.

Details and a link to Draft SP 800-57 Part 1 Revision 4 can be found on
the NIST CSRC Draft publications page at:
http://csrc.nist.gov/publications/PubsDrafts.html#800-57pt1r4<http://links.govdelivery.com/track?type=click&enid=ZWFzPTEmbWFpbGluZ2lkPTIwMTUwOTEwLjQ4OTY5MDExJm1lc3NhZ2VpZD1NREItUFJELUJVTC0yMDE1MDkxMC40ODk2OTAxMSZkYXRhYmFzZWlkPTEwMDEmc2VyaWFsPTE3MTg2MjE4JmVtYWlsaWQ9c2FyYS5jYXN3ZWxsQG5pc3QuZ292JnVzZXJpZD1zYXJhLmNhc3dlbGxAbmlzdC5nb3YmZmw9JmV4dHJhPU11bHRpdmFyaWF0ZUlkPSYmJg==&&&100&&&http://csrc.nist.gov/publications/PubsDrafts.html#800-57pt1r4>





From nobody Fri Sep 18 02:47:18 2015
Return-Path: <prvs=6968fd24f=abhijan.bhattacharyya@tcs.com>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6CFAF1ACE31 for <saag@ietfa.amsl.com>; Fri, 18 Sep 2015 02:47:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.31
X-Spam-Level: 
X-Spam-Status: No, score=-2.31 tagged_above=-999 required=5 tests=[BAYES_20=-0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id k79imKkmeJxH for <saag@ietfa.amsl.com>; Fri, 18 Sep 2015 02:47:13 -0700 (PDT)
Received: from inkolg01.tcs.com (inkolg01.tcs.com [121.241.215.10]) by ietfa.amsl.com (Postfix) with ESMTP id 0578C1ACE2D for <saag@ietf.org>; Fri, 18 Sep 2015 02:46:56 -0700 (PDT)
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A2CfBAAV2vtV/wQXEqzNBgICAQI
X-IPAS-Result: A2CfBAAV2vtV/wQXEqzNBgICAQI
X-IronPort-AV: E=Sophos;i="5.17,552,1437417000";  d="jpg'145?scan'145,208,145";a="7901437"
In-Reply-To: <55F6DEB3.9020706@cs.tcd.ie>
References: <BN3PR09MB05785CD1CEA251B7AB38C0F6E65D0@BN3PR09MB0578.namprd09.prod.outlook.com> <55F6DEB3.9020706@cs.tcd.ie>
To: "saag@ietf.org" <saag@ietf.org>
MIME-Version: 1.0
Importance: High
X-KeepSent: BF224EDF:9A8FB1F7-65257EC4:002DC81C; type=4; name=$KeepSent
X-Mailer: IBM Notes Release 9.0 March 08, 2013
Message-ID: <OFBF224EDF.9A8FB1F7-ON65257EC4.002DC81C-65257EC4.0035B906@tcs.com>
From: Abhijan Bhattacharyya <abhijan.bhattacharyya@tcs.com>
Date: Fri, 18 Sep 2015 15:16:48 +0530
X-MIMETrack: Serialize by Router on INKOLM102/TCS(Release 9.0.1FP4|June  07, 2015) at 09/18/2015 15:16:50
Content-Type: multipart/mixed; boundary="=_mixed 0035B28665257EC4_="
Archived-At: <http://mailarchive.ietf.org/arch/msg/saag/g5kVLr-ooSZ79rPnUIcvQTvo2yI>
Subject: [saag] draft-bhattacharyya-dice-less-on-coap-00
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 18 Sep 2015 09:47:16 -0000

--=_mixed 0035B28665257EC4_=
Content-Type: multipart/alternative; boundary="=_alternative 0035B28765257EC4_="


--=_alternative 0035B28765257EC4_=
Content-Type: text/plain; charset="US-ASCII"

Dear Saag ML,
May I please seek your attention to the following experimental draft:
https://tools.ietf.org/html/draft-bhattacharyya-dice-less-on-coap-00. 
The draft is due to expire in October, 2015.
The draft was originally submitted in Dice. However it seems, dice is not 
chartered to discuss this kind of draft. So, would highly appreciate if 
experts in the Saag ML spare some time to judge the proposed approach on 
the basis of its merit and share there views.

Specifically, this draft tries to channel-secure the communication between 
Constrained Application layer Protocol (CoAP) end-points. The key driving 
factor behind this draft was that we had a feeling that the session 
establishment in DTLS, even with pre-shared-key, might be bit too heavy 
for very much bandwidth constrained environments. However, ones the 
channel is established DTLS-PSK provides a very robust yet 
resource-efficient mechanism to keep the channel secure.

So, the basic idea is:
Leverage the lightweight yet reliable nature of CoAP and push the 
responsibility for session establishment to the application layer. That 
way the application layer has more control on the exchanges, which is 
desirable for constrained networks.

Once the session is established transfer the control to the transport 
layer which for channel security. This will completely re-use the 
channel-security provided by DTLS-PSK (thus getting all sorts of 
reliability and protection from replay attack, etc. ). An interface layer 
would map the <Server_write_key, Client_write_key, Server_IV, Client_IV> 
tuple  available from the session establishment process at the application 
layer to the DTLS session parameters.

Since CoAP already mandated DTLS for secure exchanges, the intention was 
to create a solution which will not be disruptive, rather will be able to 
co-exist with legacy DTLS implementation. The implementers will be able to 
mostly reuse modules from a standard DTLS implementation and can quickly 
build a system. Only the session establishment part of the DTLS protocol 
needs to be switched.

There can be many engineering issues to be solved. However, before 
proceeding we need to validate the basic approach and the usefulness of 
the proposal from experts. Any review comment is highly appreciated. The 
draft contains the experimental results in the form of tables. A snapshot 
of the graphs of the results from the original paper is also attached.

The R&D behind this draft was published as a paper in  "Workshop on 
Pervasive Internet of Things and Smart Cities (PITSaC-2015)" in 
conjunction with "Advanced Information Networking and Applications 
(AINA-2015)", Gwangju, Korea, March, 2015 . 
The original paper can be found here:  
http://ieeexplore.ieee.org/xpl/articleDetails.jsp?arnumber=7096256
Some figures from the paper has been attached with this mail as ready 
references.

Awaiting your responses please.


                    

Regards
Abhijan Bhattacharyya
Associate Consultant
Scientist, Innovation Lab, Kolkata, India
Tata Consultancy Services
Mailto: abhijan.bhattacharyya@tcs.com
Website: http://www.tcs.com
____________________________________________
Experience certainty.   IT Services
                        Business Solutions
                        Consulting
____________________________________________




From:   Stephen Farrell <stephen.farrell@cs.tcd.ie>
To:     "saag@ietf.org" <saag@ietf.org>
Date:   09/14/2015 08:21 PM
Subject:        [saag] Fwd: Request for Comments: NIST SP 800-57 Part 1 
(Rev 4): Recommendation for Key Management: Part 1: General
Sent by:        "saag" <saag-bounces@ietf.org>




FYI


-------- Forwarded Message --------
Subject: Request for Comments:  NIST SP 800-57 Part 1 (Rev 4):
Recommendation for Key Management: Part 1: General
Date: Mon, 14 Sep 2015 13:57:11 +0000
From: Caswell, Sara J. <sara.caswell@nist.gov>
To: stephen.farrell@cs.tcd.ie <stephen.farrell@cs.tcd.ie>

NIST requests comments on a revision of Special Publication (SP) 800-57,
Part 1, Recommendation for Key Management, Part 1 (Rev. 4). This
Recommendation provides general guidance and best practices for the
management of cryptographic keying material. A list of changes is
provided in Appendix D of the document.

Please send comments to
keymanagement@nist.gov<
mailto:keymanagement@nist.gov?subject=Comments%20on%20SP%20800-57,%20Part%201
>
by October 31, 2015.

Details and a link to Draft SP 800-57 Part 1 Revision 4 can be found on
the NIST CSRC Draft publications page at:
http://csrc.nist.gov/publications/PubsDrafts.html#800-57pt1r4<
http://links.govdelivery.com/track?type=click&enid=ZWFzPTEmbWFpbGluZ2lkPTIwMTUwOTEwLjQ4OTY5MDExJm1lc3NhZ2VpZD1NREItUFJELUJVTC0yMDE1MDkxMC40ODk2OTAxMSZkYXRhYmFzZWlkPTEwMDEmc2VyaWFsPTE3MTg2MjE4JmVtYWlsaWQ9c2FyYS5jYXN3ZWxsQG5pc3QuZ292JnVzZXJpZD1zYXJhLmNhc3dlbGxAbmlzdC5nb3YmZmw9JmV4dHJhPU11bHRpdmFyaWF0ZUlkPSYmJg==&&&100&&&http://csrc.nist.gov/publications/PubsDrafts.html#800-57pt1r4
>




_______________________________________________
saag mailing list
saag@ietf.org
https://www.ietf.org/mailman/listinfo/saag

=====-----=====-----=====
Notice: The information contained in this e-mail
message and/or attachments to it may contain 
confidential or privileged information. If you are 
not the intended recipient, any dissemination, use, 
review, distribution, printing or copying of the 
information contained in this e-mail message 
and/or attachments to it are strictly prohibited. If 
you have received this communication in error, 
please notify us by reply e-mail or telephone and 
immediately and permanently delete the message 
and any attachments. Thank you



--=_alternative 0035B28765257EC4_=
Content-Type: text/html; charset="US-ASCII"

<font size=3 face="sans-serif">Dear Saag ML,</font>
<br><font size=3 face="sans-serif">May I please seek your attention to
the following experimental draft:</font>
<br><a href="https://tools.ietf.org/html/draft-bhattacharyya-dice-less-on-coap-00"><font size=3 color=blue face="sans-serif">https://tools.ietf.org/html/draft-bhattacharyya-dice-less-on-coap-00</font></a><font size=3 face="sans-serif">.
</font>
<br><font size=3 face="sans-serif">The draft is due to expire in October,
2015.</font>
<br><font size=3 face="sans-serif">The draft was originally submitted in
Dice. However it seems, dice is not chartered to discuss this kind of draft.
So, would highly appreciate if experts in the Saag ML spare some time to
judge the proposed approach on the basis of its merit and share there views.</font>
<br>
<br><font size=3 face="sans-serif">Specifically, this draft tries to channel-secure
the communication between Constrained Application layer Protocol (CoAP)
end-points. The key driving factor behind this draft was that we had a
feeling that the session establishment in DTLS, even with pre-shared-key,
might be bit too heavy for very much bandwidth constrained environments.
However, ones the channel is established DTLS-PSK provides a very robust
yet resource-efficient mechanism to keep the channel secure.</font>
<br>
<br><font size=3 face="sans-serif">So, the basic idea is:</font>
<ol>
<li value=1><font size=3 face="sans-serif">Leverage the lightweight yet
reliable nature of CoAP and push the responsibility for session establishment
to the application layer. That way the application layer has more control
on the exchanges, which is desirable for constrained networks.</font>
<li value=2>
<li value=2><font size=3 face="sans-serif">Once the session is established
transfer the control to the transport layer which for channel security.
This will completely re-use the channel-security provided by DTLS-PSK (thus
getting all sorts of reliability and protection from replay attack, etc.
). An interface layer would map the <i>&lt;Server_write_key, Client_write_key,
Server_IV, Client_IV&gt;</i> &nbsp;tuple &nbsp;available from the session
establishment process at the application layer to the DTLS session parameters.</font>
<li value=3>
<li value=3><font size=3 face="sans-serif">Since CoAP already mandated
DTLS for secure exchanges, the intention was to create a solution which
will not be disruptive, rather will be able to co-exist with legacy DTLS
implementation. The implementers will be able to mostly reuse modules from
a standard DTLS implementation and can quickly build a system. Only the
session establishment part of the DTLS protocol needs to be switched.</font></ol>
<br><font size=3 face="sans-serif">There can be many engineering issues
to be solved. However, before proceeding we need to validate the basic
approach and the usefulness of the proposal from experts. Any review comment
is highly appreciated. The draft contains the experimental results in the
form of tables. A snapshot of the graphs of the results from the original
paper is also attached.</font>
<br>
<br><font size=3 face="sans-serif">The R&amp;D behind this draft was published
as a paper in </font><font size=3>&nbsp;</font><font size=3 face="sans-serif">&quot;Workshop
on Pervasive Internet of Things and Smart Cities (PITSaC-2015)&quot; in
conjunction with &quot;Advanced Information Networking and Applications
(AINA-2015)&quot;, Gwangju, Korea, March, 2015 . </font>
<br><font size=3 face="sans-serif">The original paper can be found here:
&nbsp;</font><a href="http://ieeexplore.ieee.org/xpl/articleDetails.jsp?arnumber=7096256"><font size=3 color=blue face="sans-serif">http://ieeexplore.ieee.org/xpl/articleDetails.jsp?arnumber=7096256</font></a>
<br><font size=3 face="sans-serif">Some figures from the paper has been
attached with this mail as ready references.</font>
<br>
<br><font size=3 face="sans-serif">Awaiting your responses please.</font>
<br>
<ol>
<li value=1></ol><font size=2 face="sans-serif">&nbsp; &nbsp; &nbsp; &nbsp;
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; </font>
<br>
<br><font size=2 face="sans-serif">Regards<br>
Abhijan Bhattacharyya<br>
Associate Consultant<br>
Scientist, Innovation Lab, Kolkata, India<br>
Tata Consultancy Services<br>
Mailto: abhijan.bhattacharyya@tcs.com<br>
Website: </font><a href=http://www.tcs.com/><font size=2 face="sans-serif">http://www.tcs.com</font></a><font size=2 face="sans-serif"><br>
____________________________________________<br>
Experience certainty. &nbsp; &nbsp; &nbsp; &nbsp;IT Services<br>
 &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;
&nbsp; &nbsp; &nbsp; &nbsp;Business Solutions<br>
 &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;
&nbsp; &nbsp; &nbsp; &nbsp;Consulting<br>
____________________________________________<br>
</font>
<br>
<br>
<br>
<br><font size=1 color=#5f5f5f face="sans-serif">From: &nbsp; &nbsp; &nbsp;
&nbsp;</font><font size=1 face="sans-serif">Stephen Farrell &lt;stephen.farrell@cs.tcd.ie&gt;</font>
<br><font size=1 color=#5f5f5f face="sans-serif">To: &nbsp; &nbsp; &nbsp;
&nbsp;</font><font size=1 face="sans-serif">&quot;saag@ietf.org&quot;
&lt;saag@ietf.org&gt;</font>
<br><font size=1 color=#5f5f5f face="sans-serif">Date: &nbsp; &nbsp; &nbsp;
&nbsp;</font><font size=1 face="sans-serif">09/14/2015 08:21 PM</font>
<br><font size=1 color=#5f5f5f face="sans-serif">Subject: &nbsp; &nbsp;
&nbsp; &nbsp;</font><font size=1 face="sans-serif">[saag] Fwd:
Request for Comments: NIST SP 800-57 Part 1 (Rev 4): Recommendation for
Key Management: Part 1: General</font>
<br><font size=1 color=#5f5f5f face="sans-serif">Sent by: &nbsp; &nbsp;
&nbsp; &nbsp;</font><font size=1 face="sans-serif">&quot;saag&quot;
&lt;saag-bounces@ietf.org&gt;</font>
<br>
<hr noshade>
<br>
<br>
<br><tt><font size=2><br>
FYI<br>
<br>
<br>
-------- Forwarded Message --------<br>
Subject: Request for Comments: &nbsp;NIST SP 800-57 Part 1 (Rev 4):<br>
Recommendation for Key Management: Part 1: General<br>
Date: Mon, 14 Sep 2015 13:57:11 +0000<br>
From: Caswell, Sara J. &lt;sara.caswell@nist.gov&gt;<br>
To: stephen.farrell@cs.tcd.ie &lt;stephen.farrell@cs.tcd.ie&gt;<br>
<br>
NIST requests comments on a revision of Special Publication (SP) 800-57,<br>
Part 1, Recommendation for Key Management, Part 1 (Rev. 4). This<br>
Recommendation provides general guidance and best practices for the<br>
management of cryptographic keying material. A list of changes is<br>
provided in Appendix D of the document.<br>
<br>
Please send comments to<br>
keymanagement@nist.gov&lt;</font></tt><a href="mailto:keymanagement@nist.gov?subject=Comments%20on%20SP%20800-57,%20Part%201"><tt><font size=2>mailto:keymanagement@nist.gov?subject=Comments%20on%20SP%20800-57,%20Part%201</font></tt></a><tt><font size=2>&gt;<br>
by October 31, 2015.<br>
<br>
Details and a link to Draft SP 800-57 Part 1 Revision 4 can be found on<br>
the NIST CSRC Draft publications page at:<br>
</font></tt><a href="http://csrc.nist.gov/publications/PubsDrafts.html#800-57pt1r4"><tt><font size=2>http://csrc.nist.gov/publications/PubsDrafts.html#800-57pt1r4</font></tt></a><tt><font size=2>&lt;</font></tt><a href="http://links.govdelivery.com/track?type=click&amp;enid=ZWFzPTEmbWFpbGluZ2lkPTIwMTUwOTEwLjQ4OTY5MDExJm1lc3NhZ2VpZD1NREItUFJELUJVTC0yMDE1MDkxMC40ODk2OTAxMSZkYXRhYmFzZWlkPTEwMDEmc2VyaWFsPTE3MTg2MjE4JmVtYWlsaWQ9c2FyYS5jYXN3ZWxsQG5pc3QuZ292JnVzZXJpZD1zYXJhLmNhc3dlbGxAbmlzdC5nb3YmZmw9JmV4dHJhPU11bHRpdmFyaWF0ZUlkPSYmJg==&amp;&amp;&amp;100&amp;&amp;&amp;http://csrc.nist.gov/publications/PubsDrafts.html#800-57pt1r4"><tt><font size=2>http://links.govdelivery.com/track?type=click&amp;enid=ZWFzPTEmbWFpbGluZ2lkPTIwMTUwOTEwLjQ4OTY5MDExJm1lc3NhZ2VpZD1NREItUFJELUJVTC0yMDE1MDkxMC40ODk2OTAxMSZkYXRhYmFzZWlkPTEwMDEmc2VyaWFsPTE3MTg2MjE4JmVtYWlsaWQ9c2FyYS5jYXN3ZWxsQG5pc3QuZ292JnVzZXJpZD1zYXJhLmNhc3dlbGxAbmlzdC5nb3YmZmw9JmV4dHJhPU11bHRpdmFyaWF0ZUlkPSYmJg==&amp;&amp;&amp;100&amp;&amp
 ;&amp;http://csrc.nist.gov/publications/PubsDrafts.html#800-57pt1r4</font></tt></a><tt><font size=2>&gt;<br>
<br>
<br>
<br>
<br>
_______________________________________________<br>
saag mailing list<br>
saag@ietf.org<br>
</font></tt><a href=https://www.ietf.org/mailman/listinfo/saag><tt><font size=2>https://www.ietf.org/mailman/listinfo/saag</font></tt></a><tt><font size=2><br>
</font></tt>
<br><p>=====-----=====-----=====<br>
Notice: The information contained in this e-mail<br>
message and/or attachments to it may contain <br>
confidential or privileged information. If you are <br>
not the intended recipient, any dissemination, use, <br>
review, distribution, printing or copying of the <br>
information contained in this e-mail message <br>
and/or attachments to it are strictly prohibited. If <br>
you have received this communication in error, <br>
please notify us by reply e-mail or telephone and <br>
immediately and permanently delete the message <br>
and any attachments. Thank you</p>

<p></p>
--=_alternative 0035B28765257EC4_=--
--=_mixed 0035B28665257EC4_=
Content-Type: image/jpeg; name="3_results.jpg"
Content-Disposition: attachment; filename="3_results.jpg"
Content-Transfer-Encoding: base64

/9j/4AAQSkZJRgABAQEAYABgAAD/2wBDAAIBAQIBAQICAgICAgICAwUDAwMDAwYEBAMFBwYHBwcG
BwcICQsJCAgKCAcHCg0KCgsMDAwMBwkODw0MDgsMDAz/2wBDAQICAgMDAwYDAwYMCAcIDAwMDAwM
DAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAz/wAARCAJ6AZIDASIA
AhEBAxEB/8QAHwAAAQUBAQEBAQEAAAAAAAAAAAECAwQFBgcICQoL/8QAtRAAAgEDAwIEAwUFBAQA
AAF9AQIDAAQRBRIhMUEGE1FhByJxFDKBkaEII0KxwRVS0fAkM2JyggkKFhcYGRolJicoKSo0NTY3
ODk6Q0RFRkdISUpTVFVWV1hZWmNkZWZnaGlqc3R1dnd4eXqDhIWGh4iJipKTlJWWl5iZmqKjpKWm
p6ipqrKztLW2t7i5usLDxMXGx8jJytLT1NXW19jZ2uHi4+Tl5ufo6erx8vP09fb3+Pn6/8QAHwEA
AwEBAQEBAQEBAQAAAAAAAAECAwQFBgcICQoL/8QAtREAAgECBAQDBAcFBAQAAQJ3AAECAxEEBSEx
BhJBUQdhcRMiMoEIFEKRobHBCSMzUvAVYnLRChYkNOEl8RcYGRomJygpKjU2Nzg5OkNERUZHSElK
U1RVVldYWVpjZGVmZ2hpanN0dXZ3eHl6goOEhYaHiImKkpOUlZaXmJmaoqOkpaanqKmqsrO0tba3
uLm6wsPExcbHyMnK0tPU1dbX2Nna4uPk5ebn6Onq8vP09fb3+Pn6/9oADAMBAAIRAxEAPwD9/KKK
KAPDP26P2sfEP7K2i/D1PCvg/RvGmv8AxD8Vnwxa2ureIZdDs7XbpWpak87zx2l25wmnMgQQ8tKC
WUA58l/4b1/aF/6Id8Gv/Dval/8AM5W1/wAFTv8Akav2Zf8Asqtx/wCod4nrCoAf/wAN6/tC/wDR
Dvg1/wCHe1L/AOZyj/hvX9oX/oh3wa/8O9qX/wAzleJftQ/Frx/8P/ib8OtN8G6LPqmna1eOusuN
OkmjjjE9pGq+cuVjbZNM21guVjeTzAITFNo/safEfxl8UfhEup+OLK4sNaZrbzIptMk09kkfT7Sa
5jEUnzbYruW6hBOTiEAsxBZgD1z/AIb1/aF/6Id8Gv8Aw72pf/M5R/w3r+0L/wBEO+DX/h3tS/8A
mcqhcahcxTMqWE0qg8MJEAb8zmmf2pd/9A2f/v7H/wDFUAaX/Dev7Qv/AEQ74Nf+He1L/wCZyj/h
vX9oX/oh3wa/8O9qX/zOVm/2pd/9A2f/AL+x/wDxVH9qXf8A0DZ/+/sf/wAVQBpf8N6/tC/9EO+D
X/h3tS/+Zyj/AIb1/aF/6Id8Gv8Aw72pf/M5Wb/al3/0DZ/+/sf/AMVR/al3/wBA2f8A7+x//FUA
aX/Dev7Qv/RDvg1/4d7Uv/mco/4b1/aF/wCiHfBr/wAO9qX/AMzlZv8Aal3/ANA2f/v7H/8AFUf2
pd/9A2f/AL+x/wDxVAGl/wAN6/tC/wDRDvg1/wCHe1L/AOZyj/hvX9oX/oh3wa/8O9qX/wAzlZv9
qXf/AEDZ/wDv7H/8VR/al3/0DZ/+/sf/AMVQBpf8N6/tC/8ARDvg1/4d7Uv/AJnKP+G9f2hf+iHf
Br/w72pf/M5Wb/al3/0DZ/8Av7H/APFUf2pd/wDQNn/7+x//ABVAGl/w3r+0L/0Q74Nf+He1L/5n
KP8AhvX9oX/oh3wa/wDDval/8zlZv9qXf/QNn/7+x/8AxVH9qXf/AEDZ/wDv7H/8VQBpf8N6/tC/
9EO+DX/h3tS/+Zyj/hvX9oX/AKId8Gv/AA72pf8AzOVm/wBqXf8A0DZ/+/sf/wAVR/al3/0DZ/8A
v7H/APFUAaX/AA3r+0L/ANEO+DX/AId7Uv8A5nKP+G9f2hf+iHfBr/w72pf/ADOVm/2pd/8AQNn/
AO/sf/xVH9qXf/QNn/7+x/8AxVAGl/w3r+0L/wBEO+DX/h3tS/8Amco/4b1/aF/6Id8Gv/Dval/8
zlZv9qXf/QNn/wC/sf8A8VR/al3/ANA2f/v7H/8AFUAaX/Dev7Qv/RDvg1/4d7Uv/mco/wCG9f2h
f+iHfBr/AMO9qX/zOVm/2pd/9A2f/v7H/wDFUf2pd/8AQNn/AO/sf/xVAGl/w3r+0L/0Q74Nf+He
1L/5nKP+G9f2hf8Aoh3wa/8ADval/wDM5Wb/AGpd/wDQNn/7+x//ABVH9qXf/QNn/wC/sf8A8VQB
pf8ADev7Qv8A0Q74Nf8Ah3tS/wDmco/4b1/aF/6Id8Gv/Dval/8AM5Wb/al3/wBA2f8A7+x//FUf
2pd/9A2f/v7H/wDFUAaX/Dev7Qv/AEQ74Nf+He1L/wCZyj/hvX9oX/oh3wa/8O9qX/zOVm/2pd/9
A2f/AL+x/wDxVH9qXf8A0DZ/+/sf/wAVQBpf8N6/tC/9EO+DX/h3tS/+Zyj/AIb1/aF/6Id8Gv8A
w72pf/M5Wb/al3/0DZ/+/sf/AMVR/al3/wBA2f8A7+x//FUAaX/Dev7Qv/RDvg1/4d7Uv/mco/4b
1/aF/wCiHfBr/wAO9qX/AMzlZv8Aal3/ANA2f/v7H/8AFUf2pd/9A2f/AL+x/wDxVAGl/wAN6/tC
/wDRDvg1/wCHe1L/AOZyj/hvX9oX/oh3wa/8O9qX/wAzlZv9qXf/AEDZ/wDv7H/8VR/al3/0DZ/+
/sf/AMVQBpf8N6/tC/8ARDvg1/4d7Uv/AJnKP+G9f2hf+iHfBr/w72pf/M5Wb/al3/0DZ/8Av7H/
APFVwP7Q/hzXPHvhCy0/SbTxHZ6jc6hBCt5putSWBsIWcefOxhmQOUhEhRZA6GUxgqQTQB6h/wAN
6/tC/wDRDvg1/wCHe1L/AOZyj/hvX9oX/oh3wa/8O9qX/wAzlfPvwd1T4n6B8bvFk/iXQ9b1LRb6
7uEt5Q4WO1jN/sslhU3rxOgtHDyulvCymP5jKxO3zPx9bfHq0tNfufCOieK7myOtyXmkadqeoESX
LC1Hk28r/bxNDam4DeZKJihO0rbCMMrgH2d/w3r+0L/0Q74Nf+He1L/5nKP+G9f2hf8Aoh3wa/8A
Dval/wDM5XybrWi/Ey1+JGrPLpXxE1bwpPrD3Gpmy1SWyvvIY3Zjt7T/AImBRoUka1y8Edu/lxAN
5hZwE163+Pcb6bP4T0m+PjRPCsNrqr+I9XMOhS6iUtFedDHJPGGUC4KrFaAmQEu5Q7WAPrP/AIb1
/aF/6Id8Gv8Aw72pf/M5VLUv+Clfxk8C614WfxX8FvhnZ6Dr3ivQvDF1daT8UL6/vLP+1NVtNNSd
IJNCgSXy3u1coZo8qpAYHFfM3wo8DfFfX/C/wun8bWXinSNc8N6PLN4kfTfFk13/AGu8QMdvbMN0
ELTTeY80shhyphSMPhgwmg0nxLo/wo0OPxEdaaN/jh4Dk0k6o8rT/Yz4q8P4GJri4mUCUTDEkzEk
FgERkjQA/W2iiigAooooAKKKKAPkz/gqd/yNX7Mv/ZVbj/1DvE9YVbv/AAVO/wCRq/Zl/wCyq3H/
AKh3iesKgAorjPjB8Urz4XnQWt9Kg1Ya1qUen+T9saG55BkkeJBEyyGO3juJirMmRCQDkisn9lj9
ohP2mvhjF4lj0o6Qky2kqQfahc5jutPtL+I7wqjcIruNWABAZWALDBIB6TRVWfV4reVkZbosvXbb
SMPzC4NN/t2D+5e/+Ac3/wATQBcoqn/bsH9y9/8AAOb/AOJo/t2D+5e/+Ac3/wATQB8pf8FmPjD8
c/gp+zLouqfAGz1y98YT+IYba6TS9BTWZhZm3nZyYmikCrvWP59owcDPODwH7JX7YfxS0H9nb4G+
KP2hNXv/AAlq+s+KdZsfEj61pcejB7dLK9a0WWIRoEBkSEqQo3EDk5r7s/t2D+5e/wDgHN/8TR/b
sH9y9/8AAOb/AOJrodaLpKHLr30737X8t9jNQak5XPkDU/2mI/FPxB+IEOmfEXRraZRJd6P/AMVP
dNItibC3nWVLCK0ceUyO7eersyKxkCkptrD1L9oJpNG0XUovFw0/wg1zf28sE/jfVm07W7gx2Zhl
s9eFoZz5J89DbSKiySTPgt5JUfbf9uwf3L3/AMA5v/iaP7dg/uXv/gHN/wDE1zmh418UvjJqvgz9
nDwPrUOpz+CINXNnFqus+IrFr6bQIGtJJPMuUBQGR5khgLOVAe4yRnC1xfw//aQ+KOvePvD1zqn9
j2+hNc6HpuoaYuiTwXNzJf2MkktyJXlJhVJREyxNGWVS6OdxDL9M/wBuwf3L3/wDm/8AiaP7dg/u
Xv8A4Bzf/E0AeIfGv4h6V4e+OVzp/jjxT4i8K6RNp9l/wiy6bc3NuupXbST/AGkL5AP2icYtx5Dh
wFIYId7GvPLD9rbx3q2m+I9Kmuo9T8S67/xK7DSdK0V9PvvCWpS3Dolo8l1II7iVbQSXO8mNCLKR
x+7miFfWX9uwf3L3/wAA5v8A4mj+3YP7l7/4Bzf/ABNAHyn4K8a/Fn4qazbeHng8Q6B4u8KaebC+
efU7eK3hukuAYb64WLzY7kTWjQStFGWAaR48qQWH1xVP+3YP7l7/AOAc3/xNH9uwf3L3/wAA5v8A
4mgD58/4KD/Ez4o/DmDwi3w3Gu4vHuxqTaboq6mw2iHygwaGTYDmTHAzg+lYMXxr1Cy8EfC2f4pe
MfEPgufXNJ1h7mdIv7Pu7rUI7u0W1j8lYvmkMLzFYvLIbk7TivqH+3YP7l7/AOAc3/xNH9uwf3L3
/wAA5v8A4msY0mqjnzaPp93nbp26s7auKhLDxoqCTXXS71k+1+tt3oloeHfDbQ/EmvfEH4dXWva7
4xhuNU8N3uq6laPcvaxTXNvPpqQtJbgBYi8c0rPCAo3OwK/LgeWaj+2NoXjz4L/DXUY/iPod9JFo
0cPiK0bxLeaFLLqb29uyM13aQSFZlZbkC2fYspkJ58nFfYn9uwf3L3/wDm/+Jo/t2D+5e/8AgHN/
8TWxxHkHxA+IPiq6/Z6luLLQfEmjyzafpb21xc3sSalI80lsJIZAOYpwJHRmIADAkdq8g8SeOfF3
wj+JlrpnjbxJdapdX6x3Hh/w9aeKbu11qGP7TN8kYhtFt9VmZPLBSVgIhGAWYOZm+vv7dg/uXv8A
4Bzf/E0f27B/cvf/AADm/wDiaAPC/gv8SfFOsfHC5tPF17rFhozalrNj4YSOFWs9aki1G+D/AGiY
JuSWG3ijWKBiqskbygzNxB9AVT/t2D+5e/8AgHN/8TR/bsH9y9/8A5v/AImgC5RVP+3YP7l7/wCA
c3/xNH9uwf3L3/wDm/8AiaALlFU/7dg/uXv/AIBzf/E0f27B/cvf/AOb/wCJoAuUVT/t2D+5e/8A
gHN/8TR/bsH9y9/8A5v/AImgC5RVP+3YP7l7/wCAc3/xNH9uwf3L3/wDm/8AiaALlFU/7dg/uXv/
AIBzf/E0f27B/cvf/AOb/wCJoAuUVT/t2D+5e/8AgHN/8TR/bsH9y9/8A5v/AImgC5RVP+3YP7l7
/wCAc3/xNH9uwf3L3/wDm/8AiaALlfAf7QH/AAUB+JfgL42+KtE0zUdMh0/SdSmtbdG09HZURiBl
jyTxX3h/bsH9y9/8A5v/AImvyi/armE/7SnjpxvAbWrkjcpU/wCsPY8isZq80vJ/odtCfJRnNJXv
FapPdS7p9kd9/wAPLviz/wBBXSv/AAWRV6V+yD+3P8Q/i9+0X4c8N67f6dcaXqhuROkdikT/ACWs
0qkMOR8yL+Ga+OK9j/4J+3C2v7YXgx3EhAa9+4jOf+PC57AE0qkFFJpvddX3XmaUMRKcnGSjbll9
mP8AK/I/UWvNP2p/+RV8Cf8AZVfh/wD+pjo1d+NdhJA2XvP/AE6S/wDxNcB+1P8A8ir4E/7Kr8P/
AP1MdGrc84/RuiiigAooooAKKKKAPkz/AIKnf8jV+zL/ANlVuP8A1DvE9eGxftofD+z+NniP4fa3
rK+FPE3h3yJFi17bp8OsQTRoy3FlJIQtzGGby2KElJFKsBlSfcv+Cp3/ACNX7Mv/AGVW4/8AUO8T
1+b3xM+Ivwa0D4yfHXxn440DwZ4m+J3h7xRZaHoXh/xlqUd5qFxai2sPLXTbSZD5CTvJK8fkoxkk
3Mz4O2MA+/brSrW+u7W4ntoJriyZnt5HjDPAzKULITypKsVJHUEjoar+G/Cml+DdPNppGm2GlWrO
ZTDZ26QRlz1baoAycDn2rz/4zftR6T8GPir4T8KX1rcS3Hii2ub37SFkMNrFDcWdrg+XG5Mkk9/b
ogbanLbnX5Q0v7K37RA/aa+GEXiQaQdFEy2kq2/2sXX7u60+0v4iXCqNwjvEVgAQGVsFhgkA9Koq
pPrttbTNG7S7kODiF2H5gYpn/CSWn96f/wAB5P8A4mgC9RVH/hJLT+9P/wCA8n/xNH/CSWn96f8A
8B5P/iaAL1FUf+EktP70/wD4Dyf/ABNH/CSWn96f/wAB5P8A4mgC9RVH/hJLT+9P/wCA8n/xNH/C
SWn96f8A8B5P/iaAL1FUf+EktP70/wD4Dyf/ABNH/CSWn96f/wAB5P8A4mgC9RVH/hJLT+9P/wCA
8n/xNH/CSWn96f8A8B5P/iaAL1FUf+EktP70/wD4Dyf/ABNH/CSWn96f/wAB5P8A4mgC9RVH/hJL
T+9P/wCA8n/xNH/CSWn96f8A8B5P/iaAL1FUf+EktP70/wD4Dyf/ABNH/CSWn96f/wAB5P8A4mgC
9RVH/hJLT+9P/wCA8n/xNH/CSWn96f8A8B5P/iaAL1FUf+EktP70/wD4Dyf/ABNH/CSWn96f/wAB
5P8A4mgC9RVH/hJLT+9P/wCA8n/xNH/CSWn96f8A8B5P/iaAL1FUf+EktP70/wD4Dyf/ABNH/CSW
n96f/wAB5P8A4mgC9RVH/hJLT+9P/wCA8n/xNH/CSWn96f8A8B5P/iaAL1FUf+EktP70/wD4Dyf/
ABNH/CSWn96f/wAB5P8A4mgC9RVH/hJLT+9P/wCA8n/xNH/CSWn96f8A8B5P/iaAL1FUf+EktP70
/wD4Dyf/ABNH/CSWn96f/wAB5P8A4mgC9RVH/hJLT+9P/wCA8n/xNH/CSWn96f8A8B5P/iaAL1fk
x+1j/wAnM+PP+w3c/wDow1+rP/CSWn96f/wHk/8Aia/KT9qqdbn9pPx1IpJV9auSMgg/6w9jWUv4
i9H+h1Q/3ef+KP5SOAr2f/gnp/yeP4L/AN69/wDSC5rxivY/+Cf10ln+2D4MkkLbVa9zhSx/48Ln
sOaK3wr1X5oMJ8b/AMMv/SWfqLXmn7U//Iq+BP8Asqvw/wD/AFMdGrvR4jtSQN0+T/0wk/8Aia4L
9qf/AJFXwJ/2VX4f/wDqY6NWpyn6N0UUUAFFFFABRRRQB8mf8FTv+Rq/Zl/7Krcf+od4nr8r/wBt
P45eKZP+CnWm6D4a8Y2fhex8PT2jazrmvfD601BdLjeOJ1tNMnFnJczysGZ2dpUjjMm3dxgfqh/w
VO/5Gr9mX/sqtx/6h3ievza+Nq/tT+MP2o/izp/wwS01zwOl/Poy3LeM2sp9BnutO0CXKQHlHtxb
zSIqkBv7UlOQSdwB99at4X03X7uyuL/TrG9uNNl860knt0le1k/vxlgSjcDkYNHh7wvpnhGwa10r
TrHTLZnMphtLdIIy56ttUAZPc9TXGfGj47SfBzxN4YtZ9Av73SNdmaK81hSwtNIbzreKJJSqMfMm
a4xGDtVjEwLAkZd+zf8AtBWP7Sfw+XxFp+m6jpUEht3SC9MZlMVxZ297A52MygtBdQllydrblycb
iAd/RWdd+LtNsLl4ZryKOWM4ZSTkVF/wnWkf8/8AB+ZoA1qKyf8AhOtI/wCf+D8zR/wnWkf8/wDB
+ZoA1qKyf+E60j/n/g/M0f8ACdaR/wA/8H5mgDWorJ/4TrSP+f8Ag/M0f8J1pH/P/B+ZoA1qKyf+
E60j/n/g/M0f8J1pH/P/AAfmaANaisn/AITrSP8An/g/M0f8J1pH/P8AwfmaANaisn/hOtI/5/4P
zNH/AAnWkf8AP/B+ZoA1qKyf+E60j/n/AIPzNH/CdaR/z/wfmaANaisn/hOtI/5/4PzNH/CdaR/z
/wAH5mgDWorJ/wCE60j/AJ/4PzNH/CdaR/z/AMH5mgDWorJ/4TrSP+f+D8zR/wAJ1pH/AD/wfmaA
Naisn/hOtI/5/wCD8zR/wnWkf8/8H5mgDWorJ/4TrSP+f+D8zR/wnWkf8/8AB+ZoA1qKyf8AhOtI
/wCf+D8zR/wnWkf8/wDB+ZoA1qKyf+E60j/n/g/M18p23xn+MfiiL4pw6lb654d1dp7D/hD4rcWT
6dbPK00Gxp0WV5YEBhnndlDDDhdg2oQD7Corwb4tfGSbwtpfgzR9O8SeMLnWLTVLSz1PVLXw7Lc2
13FEIJLqW5CWrjbLEzKph2r5shG5fKcx5/7Kvxa8c6r8VfiHZ+OLwSaDplwkGk3cgkjjupftN3vM
KPZWzLGIRa9HuUJ+7M/zEgH0TRWT/wAJ1pH/AD/wfmaP+E60j/n/AIPzNAGtRWT/AMJ1pH/P/B+Z
o/4TrSP+f+D8zQBrV+TH7WP/ACcz48/7Ddz/AOjDX6o/8J1pH/P/AAfma/Kr9qa7jvv2kfHM0TiS
OTWrkqw6EeYayl/EXo/0OqH+7z/xR/KRwVez/wDBPT/k8fwX/vXv/pBc14xXsP7AeoQ6Z+174Nnu
JFiiRrzLN0GbG4FFb4V6r80GE+N/4Zf+ks/UevNP2p/+RV8Cf9lV+H//AKmOjV2w8caSxA+3wEn3
NcT+1P8A8ir4E/7Kr8P/AP1MdGrU5T9G6KKKACiiigAooooA+TP+Cp3/ACNX7Mv/AGVW4/8AUO8T
1+Wv7R2vfAjwR+3L400nUvDfxQ+KvxU8YeMNMAtfDmoanomleHJp9OsILS0u7hLyG0Z3Fu02/azF
ZdhBEdfqV/wVO/5Gr9mX/sqtx/6h3ievzX/4KS/F/wCBTfFDXtNn+GPi3Ufjb4ektW0nxDpPhrUL
Yi92RSWznUbTYXWMOv3nZVIIxwRQB96eJPAOj+ML2xuNUsYr2TTpFmgEhJRXV1kViudrFXRHXcDt
ZFYYIBqPwB8NtA+Fehf2X4c0ix0XTwwYW9pEI41wixqABwAsccaKBwqRooAVQBhfGD9oTw78Er3R
bXWJZ5LvXLuK2hgtlV5IkkmjhNw4LDEKySxqzDJzIoAJOKb+z38f9K/aP8BJ4h0iy1XT7WQW7LFq
CRpMUuLO3vYWxG7jDQXUJxnIJIIBFAHdUVUuPEFhazNHLfWkciHDK8yqw+oJpn/CUaZ/0EbH/wAC
E/xoAvUVR/4SjTP+gjY/+BCf40f8JRpn/QRsf/AhP8aAL1FUf+Eo0z/oI2P/AIEJ/jR/wlGmf9BG
x/8AAhP8aAL1FUf+Eo0z/oI2P/gQn+NH/CUaZ/0EbH/wIT/GgC9RVH/hKNM/6CNj/wCBCf40f8JR
pn/QRsf/AAIT/GgC9RVH/hKNM/6CNj/4EJ/jR/wlGmf9BGx/8CE/xoAvUVR/4SjTP+gjY/8AgQn+
NH/CUaZ/0EbH/wACE/xoAvUVR/4SjTP+gjY/+BCf40f8JRpn/QRsf/AhP8aAL1FUf+Eo0z/oI2P/
AIEJ/jR/wlGmf9BGx/8AAhP8aAL1FUf+Eo0z/oI2P/gQn+NH/CUaZ/0EbH/wIT/GgC9RVH/hKNM/
6CNj/wCBCf40f8JRpn/QRsf/AAIT/GgC9RVH/hKNM/6CNj/4EJ/jR/wlGmf9BGx/8CE/xoAvUVR/
4SjTP+gjY/8AgQn+NH/CUaZ/0EbH/wACE/xoAvUVR/4SjTP+gjY/+BCf40f8JRpn/QRsf/AhP8aA
LOoXBtLCeUDLRRs4B6HAzX5xaT/wVo+LWq6Va3X9n/D2P7TEku3+y7s7dyg4z9r561+heteKNNOj
3Y/tGxJML/8ALdP7p96/F3wj/wAippf/AF6Rf+gCuarBTqKLbtZ7Nrt2aPWwlZ0cJOpGMW+aK1jG
WlpPTmTtsj6f/wCHrPxa/wCfL4e/+Cq7/wDkuva/2Ev22vG37SHxZ1LQfE9r4YitLXSJL+J9Ms54
JN6zQx4YyTSAqRKegByBzXwNX0x/wSp1CDTv2i9Ye4nhgVvDlwAZHCAn7Va8c0nQjC0ot7r7TfXz
YQx063NTnGFmpbQgnom1qoprVdz9EKKo/wDCUaZ/0EbH/wACE/xo/wCEo0z/AKCNj/4EJ/jXUeSX
qKo/8JRpn/QRsf8AwIT/ABo/4SjTP+gjY/8AgQn+NAF6vyY/ax/5OZ8ef9hu5/8ARhr9Wf8AhKNM
/wCgjY/+BCf41+Un7VU6XX7SfjqSN1kR9auSrKQVI8w9CKyl/EXo/wBDqh/u8/8AFH8pHAV7P/wT
0/5PH8F/717/AOkFzXjFex/8E/ruKx/bB8GSzyxwxq17lnYKo/0C57mit8K9V+aDCfG/8Mv/AEln
6i15p+1P/wAir4E/7Kr8P/8A1MdGrvR4o00kD+0bEk/9N0/xrgv2p/8AkVfAn/ZVfh//AOpjo1an
Kfo3RRRQAUUUUAFFFFAHyZ/wVO/5Gr9mX/sqtx/6h3ievC/jt+1h4T+GGm3GnWvjn4Y2HjKS/TS7
LTvEniSLToprv9xI9uxG6QSiC4jcIELHzYsgBwa90/4Knf8AI1fsy/8AZVbj/wBQ7xPX5PfthfB/
wtD+2lq3h/xf4qsfAvgfxD4h/tf+0PFvgu7l3XV7DYreJpGqh/sKiYWkCFrlRNA4fyxjGQD9KfGf
w30L4hxWqa3pVnqX2K5gvIGlTLxSwzJNGwYcjEkaHGcHGCCCQaXwj+DHhr4E+Fm0Twrpv9l6Y0vn
CD7RLOFOxI1VTIzFUSOOONEBCRpGiKFVQA/4j/FXTPhYmmy6st2lrqd5FYi4jjDRQSSyJFHvyQeX
kUfKGIAZiAqMwrfBb43aD8ffB6674dlu5dPfySjXFu0Dsk1tDdQvtbkB7e4hkGcECQBgrBlAB11F
VJ9fsbWZo5b20jkThlaZVYfUE0z/AISfTf8AoI2P/f8AT/GgC9RVH/hJ9N/6CNj/AN/0/wAaP+En
03/oI2P/AH/T/GgC9RVH/hJ9N/6CNj/3/T/Gj/hJ9N/6CNj/AN/0/wAaAL1FUf8AhJ9N/wCgjY/9
/wBP8aP+En03/oI2P/f9P8aAL1FUf+En03/oI2P/AH/T/Gj/AISfTf8AoI2P/f8AT/GgC9RVH/hJ
9N/6CNj/AN/0/wAaP+En03/oI2P/AH/T/GgC9RXLfEr4jp4U8A6vqWl3fhmfULG2eaBNW1cafYlg
M5mnVJTFGOpYRuQB0NeN/Db9u+78afE3wd4d1Pw3YaANYsvN1e5uLy9aO0uXW5MENs32IRyCRbbz
M3L2r7JY8Rs+YwAfRtFfO3jT/gpN4F8B/Gnxj4Wvrm0Nr4N0eG9nuk1CAT3l3JOkX2SKF2XgedBm
Z2WIGQgsojdl9N+Afx50343fBLwn4vM+lWMniTSrfUJbSHUortLOSSMM8IlXAfYxZCwAyVPA6UAd
5RVH/hJ9N/6CNj/3/T/Gj/hJ9N/6CNj/AN/0/wAaAL1FUf8AhJ9N/wCgjY/9/wBP8aP+En03/oI2
P/f9P8aALd1cpZ20k0rbY4VLucE4AGSePauEj/ak+H73Njbv4o0+C71Cc20VtcB4LhXDRKfMjdQ8
Q3TwDc4VSZ4uf3iZ6bXfEtk+iXiw65p+nzNA4jumljcWzbTiQqxwdp5weDivnbUv2XfBvjKLSJPE
/wASNJ1bVbW7kn1TVLS6On3euwvJaytBOY7nYyM9rGGUqUCBVjSLYpEynFbuxpGlOfwxb+R79qfx
e8M6P8RrHwhc63YxeJtRhFxBpxkzO0bCUqxA+6GEE+3djd5Eu3OxsWPh98RNI+Kfhe31rQrmS90y
7AaCdreWATKQGDqJFUspBBDAYIPBNeOa/wDCLwt4k/aN0n4lXXxJ01tW0i3NrBCstqqRRqbzy1Qh
sgFLwrIG3b/JjI8s7s9d+zN4D8L/AAJ+HLeH9G8QaPeWKXTzxw2ckcNnYBlUeTBEHfyo/l3bdxy7
u3G7AFUi9Exyo1Iq8otfI9Qoqj/wk+m/9BGx/wC/6f40f8JPpv8A0EbH/v8Ap/jVGReoqj/wk+m/
9BGx/wC/6f40f8JPpv8A0EbH/v8Ap/jQBLrX/IGu/wDri/8A6Ca/E/wj/wAippf/AF6Rf+gCv2i1
rxNpp0e7H9oWJJhf/lun90+9fi74R/5FTS/+vSL/ANAFYv8Air0f5o9CH+4z/wAcfymaNfT3/BJ3
/k47Wf8AsW7j/wBKrSvmGvpj/glTqEGnftF6w9xPFAreHLgAyOFBP2q145qqu3zX5oxwnxv/AAy/
9JZ+iFFUf+En03/oI2P/AH/T/Gs3xl4+0/QPCGq3ya1oFlJZ2ks63GoXapaQFUJDzMCCIwRliCMA
GtDlOgor5b8Aft763rXjbwpo/iDSvD+iQ6iS2oXy3Esqzxz6jcWWntBFw8XnrAszCXLQ+dGjryzp
e+LX7fkfgfx/4o0/Tv7AuNP0bT3TTZZZmca1qP2H7asayo2yOLyyg3MCHYOAykKHAPpavyY/ax/5
OZ8ef9hu5/8ARhr7K8A/8FD4/E3xA+HPhW60+A6l4n1PU7LWb+KC4hsLFLY6glv5TOuDNM9krNEW
Pkozbm5jL/Gf7VU6XP7SnjqSN1kR9auSrKQQf3h6EVlL+IvR/odUP93n/ij+UjgK9n/4J6f8nj+C
/wDevf8A0gua8Yr2P/gn9dxWX7YPgyWaWOKNWvcs7BVH+gXPc0VvhXqvzQYT43/hl/6Sz9Ra80/a
n/5FXwJ/2VX4f/8AqY6NXfDxNppIH9oWRJ/6bp/jXA/tT/8AIq+BP+yq/D//ANTHRq1OU/Ruiiig
AooooAKKKKAPkz/gqd/yNX7Mv/ZVbj/1DvE9flT+258U/hT4y/4KAyeDdR8GeKvjL8Q9O17SdOsN
K8TeK49O8K+Fbm8hhMEltYq/mXCkYklcwSAM20yLlQP1W/4Knf8AI1fsy/8AZVbj/wBQ7xPXlHxf
/Zj+Hvx9nsp/Gfgzw74ivNMdZLK8vLJGvLFlbcGhnAEkRB5yjA0AbXjr4Y6T8SDZLq63lxBYzxXK
2y3ksVvLJFNHNGZI1YK+2SJGG4HpjoSDV+D/AMFvDvwI8JjQ/DFnNY6apj2xyXUtyyiK3itol3Ss
zbUgghjAzwsY75Jl8f8AxTsPhrcaf/advqAs7+4itmvo4Q1taPLNHBEJWJBG+WVFG0HGSxwoLCn8
D/jpoH7Qngtdf8OPeSadIYihurZreRkmtobqF9rchXguIZBnBAkAYKwKgA7DaDyQCaNg9B+VLRQA
mweg/KjYPQflS0UAJsHoPyo2D0H5UtFACbB6D8qNg9B+VLRQAmweg/KjYPQflS0UAJsHoPyo2D0H
5UtFAHm/7VfjPwT4I+Dl5J8QNPbVfDV/PDaTWi2/n+c5cOg25HRkDZyMFRXznaftM/szWV5p9yng
e5NzpVjLptpM+jo8kFvL5wkiDNITtIubgdeBPIBgMc+gf8FVv+TXYv8AsOWf/s9fnXWHvSm1zWt6
HoSVOlRpycFJyu9W+jt0a7H6AaP/AMFDvgt4fvbS5stI1u2uLGwTS7eSPS0DQ2qkFYQd/CAgHHtX
uX7PXxG8NfFT4T6XqnhK2ltNAiDWVrBJAITAsLGLYFBOANuBz0r8ja/Sb/gmJ/yaNpP/AGEL/wD9
KZKPejNJu979iG6c6UpKCi1bZv8AVs+gdg9B+VGweg/Klorc4hNg9B+VGweg/KlooA81/bGjVv2U
fiMCoIPh29BBHX9y1fkx/ZFp/wA+tv8A9+l/wr9af2xP+TUviN/2Lt7/AOiWr8n6xcIyqO6vov1O
32s44ePK2vel+USt/ZFp/wA+tv8A9+l/wr7l/wCCPFtHb+FfH6xxoi/2hanCqAP9S1fEdfb/APwR
+/5Fjx//ANhC0/8ARLVnVhFTptLr/wC2s2w1apKjXUpN+6uv9+B9kbB6D8qNg9B+VLRXUeYJsHoP
yo2D0H5UtFAFXWkH9jXfA/1L9v8AZNfih4R/5FTS/wDr0i/9AFfthrX/ACBrv/ri/wD6Ca/E/wAI
/wDIqaX/ANekX/oArF/xV6P80ehD/cZ/44/lM0a+nf8Agk8M/tHaznn/AIpu4/8ASq0r5ir6e/4J
O/8AJx2s/wDYt3H/AKVWlVV2+a/NGOE+N/4Zf+ks/QnYPQflVPxF4a07xfoN5pWrafZappmowtb3
dndwJPb3UTDDRujAqykEggggg1dorQ5T8vo/+C8P7Gvwl8QWum6f8Mtc0q58HXd1Dp50/wAGabCu
myOSk7W5WYeX5mCGK4LDrmoLL/g4K/Y001ozb/DfxHbmLSToKGPwdpyFNOOc2QxPxb8n919znpX4
e/GD/krXin/sL3f/AKOeudrpqyjGbiorR+f+ZnFNxTv+X+R/S/8A8E+v+CrnwE/bZ+Itr8Nfhh4X
1zRJ/C2mS6xY293oVrY2NhFGywN5AilYRti5K4VR8ruM8kH5l/aw4/aZ8eD/AKjdz/6MNfL3/Brb
/wApFNf/AOxGvv8A0ssa+of2sf8Ak5nx5/2G7n/0Ya5q1vaQaVrp/mjspN/V6if80fykefV7P/wT
1Gf2x/BYPPzXv/pBc14xXs//AAT0/wCTx/Bf+9e/+kFzWVb4V6r80VhPjf8Ahl/6Sz9QNg9B+Vea
/tT/APIq+BP+yq/D/wD9THRq9LrzT9qf/kVfAn/ZVfh//wCpjo1anKfo3RRRQAUUUUAFFFFAHyZ/
wVO/5Gr9mX/sqtx/6h3iesKt3/gqd/yNX7Mv/ZVbj/1DvE9YVAHL+OvhDpHxG8SaFqmpvqTy+HpX
mtYI72SO1d3ABaSEHy5DtBUFgSqu4BAdst+D/wAF/D3wI8JjQ/DNnNZacrRlY5bqW5ZRHBFbxqGk
Zm2pDBDGozwsa+5Op4l8c6V4Ou9Mg1O8S0k1i4NpaB1YiWQRvIVyBhfkjc5bA465xVL4XfFzw98a
PDQ1jwzqS6pprFAJhDJEG3wxzowDqpKvFLFIrAYZZFYEgg0AbFx4fsLqZpJbK0lkc5ZnhVmP1JFM
/wCEX0z/AKB1j/4Dp/hV6igCj/wi+mf9A6x/8B0/wo/4RfTP+gdY/wDgOn+FXqKAKP8Awi+mf9A6
x/8AAdP8KP8AhF9M/wCgdY/+A6f4VeooAo/8Ivpn/QOsf/AdP8KP+EX0z/oHWP8A4Dp/hV6igCj/
AMIvpn/QOsf/AAHT/Cj/AIRfTP8AoHWP/gOn+FXqKAKP/CL6Z/0DrH/wHT/Cj/hF9M/6B1j/AOA6
f4VeooA+Yf8AgqXodlYfsxxSQWdrDINbtBujiVW/j7gV+etfop/wVW/5Ndi/7Dln/wCz1+ddYw+O
Xy/I78T/ALvR9H/6Uwr9HP8AgmdoVlffsmaVLPZ2s0jahfZZ4VZj/pL9yK/OOv0m/wCCYn/Jo2k/
9hC//wDSmSif8SPzMqX8Gp8vzPdP+EX0z/oHWP8A4Dp/hR/wi+mf9A6x/wDAdP8ACr1FbHKUf+EX
0z/oHWP/AIDp/hR/wi+mf9A6x/8AAdP8K4/4a/tM+D/izZ+JbvRNVhurHwpI8d/c70KIE37nwGLh
R5b4LKu4LldykE4x/bH8JxWRmmtvEdtJCss93BLpcizWFrFFbTSXco/hhWO7t2JBLfvMbcq4UAd+
1/4c0+3/AGV/iHIlhZo6eHr1lZYFBU+S3IOK/Kyv1g/bE/5NS+I3/Yu3v/olq/J+s1/Efov1Oqf+
7w/xS/KIV9r/APBIvSLTUfDfj1ri1t7hlv7UAyRq5A8lvUV8UV9v/wDBH7/kWPH/AP2ELT/0S1RW
+On6/wDtsjXCfwq/+Ff+lwPrv/hF9M/6B1j/AOA6f4Uf8Ivpn/QOsf8AwHT/AAq9XK/HXxxd/DH4
I+MvEthHBNfeHtDvdTt0nUtE8kNu8ihgCCVLKMgEHHcV0xi5SUV1OBuyufK/hXQPE0n7O4s7j/hZ
mr+MrLxhrMWk3uo6PqNneX9l9vZrV5vIhhtkDW7wFDcRi2UCRSnyuq+l/HhLnxF4z8OzeDNF8TJr
tlqP2eSGTTNStNPmijuGSRnYqtkYyEclpgzSRlDCQzI1fkX/AMRUXx//AOhR+E//AILb/wD+S6P+
IqL4/wD/AEKPwn/8Ft//APJdXyR/mX4/5E8z7P8AD/M/XT9h7RvEl1+zxdJ4+0rUH8QxBDc3mr2E
lrc3c72UD3H7mRmWNY52ljHkYgbyy0ahTz+ZvhH/AJFTS/8Ar0i/9AFfZn/BFz/gpf45/wCClHwk
+JGr+ONK8L6XceF7uC0tV0W3nhSRJYZHYv5sshJyoxgivjPwj/yKml/9ekX/AKAK56keWsl5fnZn
o05XwE3/AH4/lM0a+mP+CVOnwaj+0XrCXEENwq+HLggSIHAP2q155r5nr6e/4JO/8nHaz/2Ldx/6
VWlKrt81+aMsJ8b/AMMv/SWffn/CL6Z/0DrH/wAB0/wo/wCEX0z/AKB1j/4Dp/hV6itDlP49fi8N
vxZ8UAcAavdgAdv3z1ztdF8YP+SteKf+wvd/+jnrna1r/wASXqyKfwL0P0f/AODXmxh1D/gofr8d
xDFOg8D3x2yIGGftllzg19SftVQJa/tJ+Oo40WNE1q5CqoCqP3h6AV8wf8Gtv/KRTX/+xGvv/Syx
r6h/ax/5OZ8ef9hu5/8ARhrKt8dP/C//AEo66X+71P8AFH8pHn1ex/8ABP60ivv2wfBkU8cc0bNe
5V1DKf8AQLnsa8cr2f8A4J6f8nj+C/8Aevf/AEguayrfCvVfmisJ8b/wy/8ASWfpmPDGmgg/2dY5
H/TBP8K4L9qf/kVfAn/ZVfh//wCpjo1el15p+1P/AMir4E/7Kr8P/wD1MdGrU5T9G6KKKACiiigA
ooooA+TP+Cp3/I1fsy/9lVuP/UO8T1hVu/8ABU7/AJGr9mX/ALKrcf8AqHeJ6wqAOc+IXw0tfiQ+
jfbLy/t49GvhfrFbmMLct5bxlJN6MdhSRwdhU88EECs74EfAjRv2ePBC6Boc2oz2SeQqteyrLKqQ
WkFnCmVVchILaFMkZO3LFmJJ7QnaCSelY3gT4jaD8UNEOp+HNY07XNPEnlfabKdZoi21WGGUkEFW
VgRwVdWGQQSAWLvwhpd/cvNPYWssshyztGCzGuW0rxL4C1v4jX/hK1bS5vEWmRGa5sxbkMiqIS2G
K7WKi4gLBSSomjyBuXPdV5If2c9d0/4sav4k0zxhb2ltcGafTLGXRhMdPuLg232qR5fNBmVltsIm
1NhlYkuAgUAteKfjF8KPBmo63Zahqvh9L7w5Pb2up2sUZnuLOW4ieaGNo41Zt7RI8m0DIRSxwvNL
qHxj+EemR+IHk1/wg/8AwisVlNq6wzxzPp4vSVsxIqZIecjEaY3OWXaDuXPIXv7CkfhrxbqfiHwR
4rvfDuuXl1BqEMuo27axBHcj+0lnleN5UMnmx6nMAN67GRTlhlKz/FX7Bup+IrHxBpEXjays/Dl7
o2haVpdovh4SXNodIuBcWz3UxnxdK7mQSKqQsUZQroU3EA9q8J2HhXx14Z0/WtHg0vUdL1SBLq0u
YY1aOeNxlWB9CDWF4L8e/DP4jaVrd/oOqeF9Xs/Dc0kGpz2ssckdi8YJcSEcAAA89PlPoa2vgn8M
x8G/hPoPhYajc6t/Ylott9rnUK82Oc4H3VGcKCSQoALMQWPmPw2/Zr+IPwr0aWHTPHfhlryK1tdD
sp5PDMm2HSbO3vFs43X7X890s9yryTAqjpEUESFt4ANnT/2hvgtqsehNb+KPBso8TXTWOmATxg3k
6yJEY1B53eZJGmDj5pEHVhltx+0Z8ErPwfP4hm8W+B4tDtdTGjzX73cS28N2Y/N8lnPCnywXyeNo
3ZxzXJaL+yp8ULzw/oOm+I/iF4M1FYfEUPiDX7uy8L3tpd63JDJBJEdx1F41b9zsIeOSEIIgkUfl
JjN1n9kv4yeKfhdrWh6z8Rvhrq2oeJ9R87XrifwTerba3Y+QYvsU0SamGWPAQYieNWRWVlYySM4B
9EL4H0VlBGm2JB5BES4NMuvA+lLaymLS9OMoUlA8YVC2OMkA4Ga09MgktdNt4pjCZo41VzDGY4iw
AB2qSdq56DJwO5rwz/goD+3x8Pf2AfhdpuufEmx1vUdE8TXraMkGnWMd4ZGaF3ZZEkdFKFEYHrnO
MVUYuTshSkkrsu/DbxVe+LfgLrfibU9D8EaVc2Ely1jqTzONG1GzjAZdQDMokSArvPP3hHvVijq1
cX4Y+Puvz+KfBtnr3w78NaNDqrWFvq8T3MgvInvp9QitpreNoxlCLKOVo5dsipcsG2tCyt8oL/wX
w/YpTwvJoY+F+tDRZgyvp48E6aLVwzRMwMfnbSC1vATxyYYz/AuLek/8HB37G+gappd9Y/DzxJZX
2hqyadcQeD9PjlsFYuWELLMDGCZJCQpGfMb+8c6exl3X3r/Mn2i8/uZ9Q/8ABUbwvp2lfsywzW1l
bQSjW7QB0jCnB31+fVfd/wC3h8VtM+On7AXhXxpoq3aaR4rudL1ayW6QRzrDNG0iB1BIDbWGQCee
5r4Qrlimqk0+j/Q9HENPD0Wuz/8ASmFfov8A8E0/Cum6p+yfpU9zY2s8zahfAu8YLHFy461+dFfp
N/wTE/5NG0n/ALCF/wD+lMlTP+JH5mdL+DU+X5ntv/CC6N/0DLL/AL9CsD4l6z4B+DPhGfX/ABbd
+HPDeiWrIk1/qUkdtbxs7BVBd8AEsQBzyTXaV8N/8HGH/KKbxv8A9hHSv/S6GuujFSmlLY45tpaH
ReHPi5+yX4Zg1eGH4yeAJYdXit7No5fE1ky29lDLLIllHjBEOZ5lO7c5WQjf8q7cv/hMf2R5LExT
/G/wfdTTiWC8uZfFdiZdQtZYreGS0lwAvlNHaQLlAsnyE79zuW/mporXnw38kv8AwJf/ACJNqndf
d/wT+q741+LfAHxk/Yw+IPiHwVqPhvxJpaaJfxJf6VNFcwiVIWyodCRuGRxnIzX5q163/wAEYv8A
lAz45/66a/8A+ilrySuarFRrNR2tF/fdnZdvDQv/ADS/KIV9p/8ABJHw9Y6z4c8evd2kFy6X9qFM
iBiB5Lcc18WV9v8A/BH7/kWPH/8A2ELT/wBEtXPW+On6/wDtsjfCfwq/+Ff+lwPrT/hBdG/6Bll/
36Fee/tbeCtIg/ZU+JsiadZq6eE9VZWEQBBFnLzXq9eeftd/8mn/ABQ/7FLVf/SOWu2h/Fj6r8zz
p/Cz+RaiiisSj9qv+DWLQLLWP2fvjS93awXDR6rZhTIgYr/o0vTNcR4R/wCRU0v/AK9Iv/QBXoX/
AAaof8m9/Gz/ALCtn/6TS1574R/5FTS/+vSL/wBAFGI/jr/CvyR3Uv8AcJ/44/lM0a+lf+CV+kWu
s/tE6vHd28VyieHLhgsihgD9qteea+aq+nv+CTv/ACcdrP8A2Ldx/wClVpWdXb5r80Z4T43/AIZf
+ks+9f8AhBdG/wCgZZf9+hR/wgujf9Ayy/79CtWitDlP49Pi6oT4seKFHAXVrsAen75656ui+MH/
ACVrxT/2F7v/ANHPXO1rX/iS9WRT+Beh+jn/AAa/aXbav/wUM16K6gjuIx4IvWCyKGGftdlzX1L+
1Nax2P7SPjmGFFjij1q5CoowFHmHgV8xf8Gtv/KRTX/+xGvv/Syxr6h/ax/5OZ8ef9hu5/8ARhrK
t8dP/C//AEo66X+71P8AFH8pHn1ew/sB6fDqn7X3g2C5iSeJ2vMo67lOLG4PSvHq9n/4J6f8nj+C
/wDevf8A0guayrfCvVfmisJ8b/wy/wDSWfpYPA2jqQf7Mssj/pkK4n9qf/kVfAn/AGVX4f8A/qY6
NXpdeaftT/8AIq+BP+yq/D//ANTHRq1OU/RuiiigAooooAKKKKAPkz/gqd/yNX7Mv/ZVbj/1DvE9
YVbv/BU7/kav2Zf+yq3H/qHeJ6wqAIr6yj1Kymtpl3w3CNG65I3KRgj8jXBfs0fs9Wf7NHw5Tw5Z
arf6xDELaNLi7WNZfLtrG2sYVOwAFhBaRbjgbn3EBQQo9CooAqz6JbXMrSPGWduSd7D+tcx41/Z6
8DfEm+huvEXhPQddubePyopb+zS5eNMk7QXBIGSTgetdjRVRnKLvF2YpJPRo80/4Y0+E3/RN/BX/
AIKIP/iao67+y78FPCcME2p+Cfh5psdxMsEL3Wn20KySnJVFLAZY4OAOTg16zXIfF/4Rw/FzSYbO
a/ubBFS4t5mhRHMsE8Lwyp8wO1ir8MOVIHBGQdfrVb+d/eyfZQ7L7it4xg+HmpXy6fr9x4YmubOe
OAW19dxGSGWVS0abXbId1UlRjLBSRnFT/wDDPXgf/oVND/8AARP8K4bX/wBizTvEXjC+1qbxDqy3
OpR3EFwiww7GhuoTHdIMrkF87lbOYyABlSVPtVcsqUJO7in8jrhiq0I8sJtLybOO/wCGevA//Qqa
H/4CJ/hW/ZeEdO02zit7e1SCCBBHHHGxVI1AwAADwAO1aVFEacY/CkiauIq1FapJv1bZS/4R60/5
5H/vtv8AGua+Jv7PHgX416Tb2HjHwj4f8V2NpN9ogt9YsY72KGTaV3qsoYBsEjI5wTXZUVpexizx
j/h3L8AP+iLfC7/wmbP/AON1W1j/AIJ/fs6eHtNlvdQ+EHwlsbOAAyT3Hh6xiijBOASzIAOSBz61
7hWP4+8IRePfCF9pE/kiO9QLulhEqoQwYNtyOQQCCCCCAQQRRdgcvrng/wCGWleFrbw1qVt4QtdG
0qzjubfS7h4Y7aztUIjjkWJjtSJThVYAKDgCktP2Zfhlf2sU8HgzwnPBOgkjkjsImSRSMhgQMEEc
5FYXiH9km28SeI9O1W48S6zLeaNHafYpJUjkZZrZ0aOaViMykhcMCQG3E8NgjvfhH8NNP+C/wr8N
+D9Je5k0vwtpltpNo9w4eZooIljQuQACxVRkgAZ6AdKlpN3aK55JWTMP/hlr4cf9CP4X/wDBdF/h
XReHPhtoPg7SksNJ0q00yyjZmWC1TyYlLHJIVcDJJJPvW3RRypbIHOTVrlL/AIR60/55H/vtv8ax
vH3wY8J/FbwxPonijw9pPiPR7llaWx1O3W7tpSrBlLRyZUkMARkcEZrpqKq5J4x/w7l+AH/RFvhd
/wCEzZ//ABuq+q/8E+/2dtCsJLu++D/wms7aLG+afw7ZRxpkgDLFABkkD6kV7fWH8TPBf/CxvAGr
aCbprJdWt2tmnWMSNErcEhTxnGcZ6Hmi7A5Pw18N/hP8M/h5q2haRpngjQPCtjK8Wp2Fotva2FvJ
JgOs0a4RWbIBDAE5FJo/7Pvwn8QtcrYeFvBd81lKYLgW9rBKYJAASj7c7WwRweeap6n+y7FqFvra
J4h1CBtbuUuGYW8LeVsvpr5FAIwQJrmcc9UZR1XcdT4Afs66V+zvoc2m6TeX93aeWltbi6ZWaCBJ
JpEjLADeQ08vznkgqD0yZaT1ZSk0rJkn/DLXw4/6Efwv/wCC6L/Ctrwp8IPC/gOKePRNC03SEumD
zLZwiASkDALbcZIHHNdHRRyrewc8rWuUv+EetP8Ankf++2/xqDVPBWla5plzY3tlFeWd5E0E8E2Z
Ipo2BVkZTwykEgg8EGtSiquSeMf8O5fgB/0Rb4Xf+EzZ/wDxuorz/gnj+z3p1pLcXHwb+FMEECGS
SSTw3ZIkagZLElMAAckmvbKr6vZNqWk3Vskgie4heNXKbwhKkZK98Z6d6LsDzj4RfDD4PfCzRtSj
8CaT4C8Pafc28eo366EltawyQtHujnl8nAKGM5V24KnIOKh8OfBX4L+I7gWekaB8P7+aKLzBBZw2
0rJGMDdtXOF5Az05FZHgf9iuy8CeDbXRLTxNrC2tr4Th8IkRxxxrdwxQQwJczpgrJcrHAiq+BtVp
FwQwC9J8Kf2dLf4X+N9Q10avd6hcajNf3ckckKRos97JbSXDDHO3daxbFJJUF8s2RtUknqylJpWT
Lf8Awy18OP8AoR/C/wD4Lov8K0vC/wAC/B3gjUHu9G8NaNpV1JGYWmtLZYZGQkEqSuDglQceoHpX
V0UuVdg55dyl/wAI9af88j/323+NH/CPWn/PI/8Afbf41dopknjl3/wTv+At/dSzz/Br4YzTzuZJ
JH8N2jM7E5LEmPJJPOaj/wCHcvwA/wCiLfC7/wAJmz/+N17PRTcmFkeP/CT4C/An4ZeK47zwL4Y+
Geg65qCTWUc2h2tpbXVyqFXliDRAMwUqrMozjAJHArTn+GHwi8XeIQ0mleBtT1XVLiZRkW81xdzR
jdKO7O6g5YckZ5xWZov7JUek/E5vGL+JdRuPEE8xnuJ2togtyyi5WDcuOPLS6kQYIyqRA/c+Y8Cf
sdaT4D8faf4hh1nVLi4svJVopFjEcyQWotbYHCgqUjGWKkb25IAwoUtdxqTWx0f/AAy18OP+hH8L
/wDgui/wq5oP7Pfgbwrq0OoaZ4T0HT763z5VxbWaRSx5UqcMoBGVJHHYmuxopcq7D55dymPD9oCD
5RyP9tv8a4D9qf8A5FXwJ/2VX4f/APqY6NXpdeaftT/8ir4E/wCyq/D/AP8AUx0amSfo3RRRQAUU
UUAFFFFAHyZ/wVO/5Gr9mX/sqtx/6h3iesKvor9pT9lDwR+1x4b0TSvHFlrV1b+G9VGt6XNpPiDU
dCvLG8FtcWvmpc2E8EwzBdXEZXftZZTkHjHln/Dov4Mf89fjN/4ejxn/APLWgDiKK7f/AIdF/Bj/
AJ6/Gb/w9HjP/wCWtH/Dov4Mf89fjN/4ejxn/wDLWgDiKK7f/h0X8GP+evxm/wDD0eM//lrR/wAO
i/gx/wA9fjN/4ejxn/8ALWgDiKK7f/h0X8GP+evxm/8AD0eM/wD5a0f8Oi/gx/z1+M3/AIejxn/8
taAOIort/wDh0X8GP+evxm/8PR4z/wDlrR/w6L+DH/PX4zf+Ho8Z/wDy1oA4iiu3/wCHRfwY/wCe
vxm/8PR4z/8AlrR/w6L+DH/PX4zf+Ho8Z/8Ay1oA4iiu3/4dF/Bj/nr8Zv8Aw9HjP/5a0f8ADov4
Mf8APX4zf+Ho8Z//AC1oA4iiu3/4dF/Bj/nr8Zv/AA9HjP8A+WtH/Dov4Mf89fjN/wCHo8Z//LWg
DiKK7f8A4dF/Bj/nr8Zv/D0eM/8A5a0f8Oi/gx/z1+M3/h6PGf8A8taAOIr8+5vjV8b9f/4KNfFG
30rxHrFn8Mvhd4q0iXXJ7y602LQtL0I6Ol1fRvE8Zu5JnYlkeNgqcliAMH9O/wDh0X8GP+evxm/8
PR4z/wDlrR/w6L+DH/PX4zf+Ho8Z/wDy1oA/G/wh/wAFA/2lb2x+KFxYabr9/ffE3wbd+MvhRban
o0USW3k3mXtrMAZuWXTLm2uFEu4tJHjaclW6T4jftneMNH0f4ey/s1/EDxl8cdT1vUtStbmw8TRJ
DDc3EWg3lx5SyvbQlmjeNZzArf6yJYtyb8D9bP8Ah0X8GP8Anr8Zv/D0eM//AJa0f8Oi/gx/z1+M
3/h6PGf/AMtaAPxw+NH/AAUK1vTfin8GLfw38aLpvBPiTwDaalc6jrOqwaJcanfnUZoLh5Aun3I+
0LsZGt1EaqUIDcc/WX7PGmeLZf8AgoB8WNA1P4mePNa8OeA9P0O/07S717I20z6hFqHnLKUtldlQ
wxlAGUgryWHFfX/iT/gmz+z34R8XaDoGoat8YYda8TvKmmWS/GbxrJNdeUm+V9q6mSsaLjdI2EUu
gJBdQV8Tf8E1v2fPBniXQtI1XVvjBYX/AImmkttLSb4z+NVS8mRN5iV/7U2eYUDMEJDMEcqDtbAN
/wDB+Xf8D8/fFf8AwUA1bw947/ai+HOl+K7e++L+lXlz/wAK28NyWwluZVTw/bXSrCgTEv7/AO0O
FckswK8jArwqT9sD4n6t8PPHFx8MvjL4n1Hwlp/w6s7vXPGXi7QXdfCnittQgjktAI7TfGXt3kEk
axSrb5WQlQpJ/ZT/AIdF/Bj/AJ6/Gb/w9HjP/wCWtH/Dov4Mf89fjN/4ejxn/wDLWgR+H/if9v74
q2n7JPhjxIvjXV9MVPFOq20ou9clMXjaGKztPK/srVE0/KokzS4hmTMkjSAO6xFE+xPj38aPFk37
KH7M6y6t4s8C3PxN8VeGtF8TXd7KsWtWcM9pLPJBLLGkYjnmnhigZ0SPmZsKmdo+/P8Ah0X8GP8A
nr8Zv/D0eM//AJa1keNv+CJf7PXxL0VdN8R6T8T/ABBp6TxXS2upfFzxfdwLNE4eOQJJqZXejgMr
YypAIwaAPzx/aH1n9pz4T/tG+KxomrW+taJ4xF8nhi1hvElksbFLeykeRLTyPkuLVYr8rK0jrNNe
2iMrDhUT9tzxf8f/APgn/qnxRiguPCHiDwN4t0+30mfR9QuJdL8VqbmyjMQ82OMzwym5ktXVlOJo
2KsCox+k3/Dov4Mf89fjN/4ejxn/APLWsrxV/wAEUf2ffHcNjHrml/FHWU0y8i1GzW++Lvi+4W1u
om3RTxh9TOyVDyrjDKeQRQBztFdv/wAOi/gx/wA9fjN/4ejxn/8ALWj/AIdF/Bj/AJ6/Gb/w9HjP
/wCWtAHEUV2//Dov4Mf89fjN/wCHo8Z//LWj/h0X8GP+evxm/wDD0eM//lrQBxFFdv8A8Oi/gx/z
1+M3/h6PGf8A8taP+HRfwY/56/Gb/wAPR4z/APlrQBxFFdv/AMOi/gx/z1+M3/h6PGf/AMtaP+HR
fwY/56/Gb/w9HjP/AOWtAHEUV2//AA6L+DH/AD1+M3/h6PGf/wAtaP8Ah0X8GP8Anr8Zv/D0eM//
AJa0AcRRXb/8Oi/gx/z1+M3/AIejxn/8taP+HRfwY/56/Gb/AMPR4z/+WtAHEUV2/wDw6L+DH/PX
4zf+Ho8Z/wDy1o/4dF/Bj/nr8Zv/AA9HjP8A+WtAHEV5p+1P/wAir4E/7Kr8P/8A1MdGr6C/4dF/
Bj/nr8Zv/D0eM/8A5a1NpH/BJb4K6R4k0XVWtPiZqdx4f1Wy1uyh1b4q+KtUs1vLO5juraV7a51G
SGXy54YpAsiMu5BkGgD6TooooAKKKKACiiigAor8lPCP/BXH9qHxL8M/AXiXzfhXcWvinwhpHjLW
5tO+GF5PaeE7TUYy0ZmebxRDLOFKTZ8iF22QsxRcqp+hP+F7ftT/APRQ/gB/4arV/wD5o6APueiv
gf8A4X/+17/bVxH/AMJt+zf/AGcqxmCf/hW+tefIxb94Gj/t7aoVeVIdtx4ITrUWjftBfthz34XU
fGX7NVramEsZLf4d63PIJd5AXY2uoNpTDbt2QxK7SBuIB9+0V8Mf8L2/an/6KH8AP/DVav8A/NHR
/wAL2/an/wCih/AD/wANVq//AM0dAH3PRXwx/wAL2/an/wCih/AD/wANVq//AM0deZ/HT/gp18Xf
2afF3hTQfHPxu/Zz8Pav44uDa6HbTfCTXZG1CUPFGVUp4gYD5pox8xA+ce+AD9M6K/PTU/20/wBo
TQdHgv8AUfiz+zrptpdajLpUUl18LNXiWS5jlkiZBnxH/eifnphc9Kr+Gv27Pjt4x8QQaTpfxn/Z
qv8AU7mMzR20Pww1ZpGjBfD4/wCEj4VvLkKk8OI2K5CkgA/ROivzhuf+Cg3xrs7uS3l+Nv7NCTxX
LWjofhhq+5ZFOGz/AMVH90HOW+6MHng4n1b9uf8AaI0bX9VsZfiR8CWj0AhNWvE+EestaaVIYBcC
OaQeI/lYwsj9wBJHkgugYA/Reivziv8A9vf9oG2vIbe3+J3wE1Ka70yDV7UWfwm1eRbuCadbeIo/
/CSBSWkdQMkdcnAya6Xwl+0/+03438M2Or6f8RvgHJZ6hEJoi/wn1hGwexU+I8gjoQe4oA++KK+G
P+F7ftT/APRQ/gB/4arV/wD5o6peIv2l/wBprwloN5qmpfEv9n21sNPha4uJn+FOsFYo1GWY48R5
wAKAPvSivzbf/goN8f7jw/Zatp3xK+BmtaXewXN39qsPhDrMywwWzok0jL/wkYchWkUYVWY5OAQD
U3gX9vD9pDx/4/1nw3a+OfgpBqOhSvBctP8ACXVBEXWG0nKqy+Jm3fub61cHpiXGdysAAfo9RX51
aJ+27+0nr3wzvPFsPjv4JLo1rYtqUcj/AAj1YNeW3k+cssX/ABUuGDJ0BIIPBCmsbw5/wUe+Pniu
1vrmy+IvwTltdJkuLfUZz8HdaEenXEEssUsE3/FR5VlkhlXdgoSvDHIyAfpdRXwB4D/aw/aV+Jfh
a11vRviV8AbvSb8F7S6Hwo1gR3keSFmjJ8R/NG4G5HHDqQy5UgnY/wCF7ftT/wDRQ/gB/wCGq1f/
AOaOgDp/i9rWv+G/2qv2ir6Cy8Vaprtt8I9Om8HWehypHqNyiyap9qSwMiSItybj7NkmN8E22Ubh
T87/AA+fx/pX7D3x80jxPJ8Sri5g8VaBffDKXxbBrpvPtNxDpb2kcE+tM13IyalvV1dlKt5n7qFC
I19E8ReK/wBorxX4t0PXr/xl+z1PrXhp5W029Hwr1mOe1EqbJUDL4kBMbgLuRsqxRCQSqkHibxX+
0V4z8S6Fq+q+Mv2er+/8MzSXOlvN8K9ZZLOZ02GVU/4STZ5gQsocgsodwpG5s3SnyO9t0l6JT57r
+9tr0d31snVtNNfPzvyqO/ZW08naz5U3+gce7y13fexz9aWvhj/he37U/wD0UP4Af+Gq1f8A+aOj
/he37U//AEUP4Af+Gq1f/wCaOoEtFY+56K+GP+F7ftT/APRQ/gB/4arV/wD5o6P+F7ftT/8ARQ/g
B/4arV//AJo6APueivhj/he37U//AEUP4Af+Gq1f/wCaOj/he37U/wD0UP4Af+Gq1f8A+aOgD7no
r4Y/4Xt+1P8A9FD+AH/hqtX/APmjo/4Xt+1P/wBFD+AH/hqtX/8AmjoA+56K+GP+F7ftT/8ARQ/g
B/4arV//AJo6P+F7ftT/APRQ/gB/4arV/wD5o6APueivhj/he37U/wD0UP4Af+Gq1f8A+aOj/he3
7U//AEUP4Af+Gq1f/wCaOgD7nor4Y/4Xt+1P/wBFD+AH/hqtX/8Amjo/4Xt+1P8A9FD+AH/hqtX/
APmjoA+56K+GP+F7ftT/APRQ/gB/4arV/wD5o6P+F7ftT/8ARQ/gB/4arV//AJo6APueivhj/he3
7U//AEUP4Af+Gq1f/wCaOj/he37U/wD0UP4Af+Gq1f8A+aOgD7nor4Y/4Xt+1P8A9FD+AH/hqtX/
APmjo/4Xt+1P/wBFD+AH/hqtX/8AmjoA+56K+GP+F7ftT/8ARQ/gB/4arV//AJo6P+F7ftT/APRQ
/gB/4arV/wD5o6APueivE/8Agnn8evFX7SX7Ltn4n8bHw+/ieHxF4j0C8l0SxmsbC4/szXtQ0yOW
OCaeeSPzI7RHKtM+GZsHGAPbKACiiigAooooA/Avwb4ZsdW/Z8/Zxubj4Qan471CP4UeE0sNWt/D
R1GCBhp90/lTT+U2wJcLZ/LuXat1I/bNfpJX5Xa7rJ8O/Af9lGyvWt00jxx8PvA+kLPPomp3U9nd
wxO0RsZLaNopLhkuJv3MhTY0VvMSQmD9hftE/ty6t8HP2ofA3w2h8IyWNl4v1awsf+Er1vz4dIl8
52L21s8UTpJdFU8tElki/eTRkB1zQB9H0V5J4t+IXjnS/jLq+mW9q58OwSaE9jcRaDcziRZZ7ldS
ieVWIJSJIHWRQAhlVSGwxFD9nzx/8T/E/jGOHxlpyWVibKQsi6RJbAuHUrL5rSMoOWki8nG4iIS5
2uBQB7VRVaa+milZVs7iQDoytGAfzYGm/wBoz/8APhdf99x//FUAW6+d/wBtH/gmt4M/bk+KXwy8
W+KNZ8UaZqHwrvnv9Li0uaCOG5dpreUiYSROSu62QfKVOC3PQj33+0Z/+fC6/wC+4/8A4qj+0Z/+
fC6/77j/APiqAPNPGP7M3/Cbxpa6he6Ff6ZbX17eW9rfaJ9qAF5JK8yybptrkGU7CFXbgZDVH8Pv
2V4PAPxHs/EUOo2avalgYbTTRa5j8uVEtlYSNttgZWlMWCDNmTIztr0/+0Z/+fC6/wC+4/8A4qj+
0Z/+fC6/77j/APiqAPNtP/Zght7jUXuNannW68NzeFbdVtwn2ezZsoWyx3SrlgWG1SMYRcc2vFH7
PT6v4o1y/wBP1yXTIfEV9a6tfQC33+ZeW0MUUMgZXUbdsEG8MGZhEoDphdvf/wBoz/8APhdf99x/
/FUf2jP/AM+F1/33H/8AFUAeIn9gnRpNW0m+l1/VpprDU1vrmJ0ja21CIqTLayIRkwvMxl2kkBsE
hiNx9z0/T4NJsILS1ghtra2jWKGGJAkcSKMKqqOAABgAcCov7Rn/AOfC6/77j/8AiqP7Rn/58Lr/
AL7j/wDiqALdY/xB8F23xH8Dav4fvZZ4bTWbSWzmeEgSIkilSVJBGcHjINXf7Rn/AOfC6/77j/8A
iqP7Rn/58Lr/AL7j/wDiqAPKtE/ZIt/Bfw807wzoPiC/s7C1stQ06aa4iE11JBeSRSSGN0MYjkUx
AKxVgM8qa2dG+Acvg/4k654m0TV4Le61/UGvJ4LuxM8MSNY6ZZmNAkkZB26ZEwYkgGRxtPGO8/tG
f/nwuv8AvuP/AOKo/tGf/nwuv++4/wD4qgDzTRv2TtCg8IeINN1C20O5m1+1ktXltdHjt44S8LRP
OEZnJndXPmSbvn2oCBjmv8Sv2O/D/wASvEWm3Eq6dp2naTFJFBaWmmRozRyW09u9s7k7WtSs7SGE
IAZVVixwVPqf9oz/APPhdf8Afcf/AMVR/aM//Phdf99x/wDxVAGd8OfA0Pw28KQ6LazyTWNnJL9k
V1A+zQtIzpAoHASMNsQAAKiqoHFblVP7Rn/58Lr/AL7j/wDiqP7Rn/58Lr/vuP8A+KoAt0VU/tGf
/nwuv++4/wD4qj+0Z/8Anwuv++4//iqALdFVP7Rn/wCfC6/77j/+Ko/tGf8A58Lr/vuP/wCKoAt0
VU/tGf8A58Lr/vuP/wCKo/tGf/nwuv8AvuP/AOKoAt0VU/tGf/nwuv8AvuP/AOKo/tGf/nwuv++4
/wD4qgC3RVT+0Z/+fC6/77j/APiqP7Rn/wCfC6/77j/+KoAt0VU/tGf/AJ8Lr/vuP/4qj+0Z/wDn
wuv++4//AIqgC3RXJeJvjPpHhCa/iv1vFn02O3luIYoTPMqztIsW1I9zOWMUnCgkBCTgDNUvD37R
vhbxXeWNvp9+lzPqd++m2iBlU3U6QSXDLHkjcvkwyuHGUIRsEkYoA7qiuRT40aS3jP8A4R54tRh1
hpViSCe2aHzmaOeRSjNhXUpbTncpI/dnnOM9H/aM/wDz4XX/AH3H/wDFUAW6Kqf2jP8A8+F1/wB9
x/8AxVH9oz/8+F1/33H/APFUAW6Kqf2jP/z4XX/fcf8A8VR/aM//AD4XX/fcf/xVAHNftBfEuX4N
fA3xd4sgGltP4c0m41GNdSuja2rtFGXCySAMVBIxkA8kCvKrz9urR4fELQ2niPwFqdiutaFpczrq
iwSWh1EyZjGWYSyBRC6kbEZXkAJMTA9t+1L8d734DfBy/wDEVvpBubiCWKKNLh08ol5AuW2tnGCe
nfFfKX/D2HxX/wBCx4e/OT/GgD2yL9uu5sPhv4V1jU9IsrebXvEb6NcSx3KNBHCkUrmaENIPOZpo
vsqKr/PKSU3nZG/rHwM+LA+LWneIJ0vNI1GDRtZl0yK702RZLe5CRROSCskgyrSMhG7OU+ZUbKL8
ef8AD2TxbgD/AIRrw/x/tSf4171+xX+2Bqf7S0WvRX+iQ2txo5iYGzYeWyybuu9gc5Q/mKAPrj/g
kX/yZjL/ANlE8f8A/qZ63X0zXzJ/wSHYv+xa7FSpPxD8fEqcZH/FZ61xxX03QAUUUUAFFFFAH88F
3e6H4S+HH7Het33wz1qfVZvht4S0u2+IzeIdb0/StBjmW3R7V49OZUL4kMrG4eFHQhd77QlfQ/7R
EHjG+/bOsbmx8bfEq08DaX4h8ORatYWB0w6PBcyXVsIrdopv9MkWVmh814WRY1uAdshWQHyPwZ8M
PE/jv4E/szazoniXVNJ0XwZ8LPCWoeI7eD4k614ehe0e0kRC9nZ2M9vJmQBjI8oZ1t3jZVQeZXcf
tMeLV03/AIKY+FNOm+H/AMBdYkuL7ShDr2tahoMXimyZrqw8toIrhxeM0aJf7AilmeeAx4MZDAH3
ZRXj/wASv2ubP4a/FDU/DFxpD3E2mjSpPMW8QNPHffb/ALkeCxdPsDgIcF2kQAgHNHwG/a2tvjn4
mTT4NKhsg9vJLuGopPLuURtnywozFslUeZnAlWSPB27iAewUVWm1aKCVkZbksvXbbSMPzC4NN/tu
H+5ef+Akv/xNAFuiqn9tw/3Lz/wEl/8AiaP7bh/uXn/gJL/8TQBboqp/bcP9y8/8BJf/AImj+24f
7l5/4CS//E0AW6Kqf23D/cvP/ASX/wCJo/tuH+5ef+Akv/xNAFuiqn9tw/3Lz/wEl/8AiaP7bh/u
Xn/gJL/8TQBboqp/bcP9y8/8BJf/AImj+24f7l5/4CS//E0AW6Kqf23D/cvP/ASX/wCJrzT9oHxV
4+0+/wBBfwDb/amYXYvYLqyfyTiLdEzsUz95SiqroS8iEkorigD1aivEPhD8UfHGoyOPEmk+LrY2
+myqvnaRF/psn2x4obgCNQIpDAqyvC0jYEoACmNtzPgL41+Il/4n0tPFUXiN7BtNuxcvd6NDaq8k
d46W9wfKUssk0G1vIH+qUAsxdioAPcqKqf23D/cvP/ASX/4mj+24f7l5/wCAkv8A8TQBboqp/bcP
9y8/8BJf/iaP7bh/uXn/AICS/wDxNAFusT4leMD8Pfh3r2v+TFcf2Jp8995Us/kJL5UbPtL7W2g7
cZ2nHoa0P7bh/uXn/gJL/wDE1wn7R3x6tfgd8KNQ1+TTZ9UMBSNbaSKSFJS7BcFihAHPpQBh6j+1
ktr4r1vTodGtp00bVLDTi7amEmlW5n8kyeX5Zw3PmRoGPmx5bK9KoeGf20YPEnwasPFq6RYo97PC
hsxq4cRpJp/28Df5XM20GIR7QDMCm7HzV4f/AMPbZcg/8K/s8ggj/iadx0P+p7Uf8PbpQCP+Ff2e
C27H9qHrnOf9T1zz9aAPrn4T/EgfFDQb2/RLARWt/NYxy2V79rguPKIVnVyiH725cFRyuQWUqx6i
vA/2P/2z7T9o6bWrM+Hm0K50oRzMluXuUkVyQGysYwcqa9x/tuH+5ef+Akv/AMTQBboqp/bcP9y8
/wDASX/4mj+24f7l5/4CS/8AxNAFuiqn9tw/3Lz/AMBJf/iaP7bh/uXn/gJL/wDE0AeBfH34j/Dj
Rvilq8Ou/EfxH4d1prO0tjb2EcWNPaF5JY54mNs7CUrPKh3My7ZT8oIDDkfB/wAQ/wBnDwLrllqm
m661vqWm3019a3MdvLG8HmwGAxDZEA0YTBwwJLLuYsxYt8zftzXAuv2qvF7jzMG4jxvQof8AUx9i
Aa8moA/QyL4//B7UvFmm39t8R9dh1ZNah1OSfyvMa+ZbdrVbaTzbdglv5cj/ACxeWQ0juGDMzH6b
jkEsaup3KwyCO4r8V2bYpbn5Rnjk1+yHhrW4f+EdsMpeZ+zx/wDLpL/dH+zQBs0VU/tuH+5ef+Ak
v/xNH9tw/wBy8/8AASX/AOJoAt0VU/tuH+5ef+Akv/xNH9tw/wBy8/8AASX/AOJoA8M/4KX/APJq
eqf9flr/AOjVr81a/SH/AIKUarHcfssamirchmvLX71vIg/1o7lQK/N6gAr7O/4JC/8AIR8d/wDX
Oy/nNXxjX2P/AMEj79LPU/HQdZ2LRWR+SF5B1m/ug0Afox/wSL/5Mxl/7KJ4/wD/AFM9br6Zr5k/
4JDyeb+xa7DdhviH4+IyCp/5HPWux5FfTdABRRRQAUUUUAfzq3T6qPAP7Kq2HgTxR4ks/wDhUng5
9Q1TStV1ez0vTkDw7RrcNtG0N3ZAGSRIw3mBo5t6iJi6/ZXxg/Yx13xj+2/4O+McXjrwro+m+FRF
Zro9x4S3XV6shMUiPqEd3C7l/MxEkqSRRyFWEbsOfK/gJ8GL3xz+yH+z7qEXxji8Aafe/DPwjpd3
pDwRMdRdtPmgiVXeZCrTG9dFUKcyQxEZZAKsftj/ALQAtP8AgoB8M/hfDq/jm2utf1rRr+W0vtV0
7SvDc0MFyLnMAktpLu8n3W2DHG6LvMal13YoA+1W0y2a6ac28BnbGZDGN5x0568dvSnQ2MNvIHSG
JHCldyoAcZzj6Z5+tYXxH+K2ifCe00qfXLqS2TWtSh0mzCQvM01zLu8uMBATk7Tj1OAMkgHJ+HH7
RXhf4r6qtnotzfTyMjOHlsZoI8qEYpudQN+ySOTb12OrdDQB3FFJuA4JGaN49RQAtFJvHqKN49RQ
Atee/Gn4v6h8MvEnhiztLG2uoNamkS4lnk2LEFeFcA5GPlleQkBsLC2VCb5Y4P2sPjbd/AD4K6h4
ksLe2u723lhiijnyYyXkC5O0g9Cehr5G/wCHsnjr/oBeF/8Av3P/APHKAPrP4Q/GnVPHmt+HrS8i
07/ia6DdajdeQoV7aeG7jgwNssqtC+99jhiH8osrEHC+n1+fv/D2Tx1/0AvC/wD37n/+OV9B/sOf
tcav+07D4gTWbDTrK40doSn2QOqusgfruY8goaAPf6KTePUUbx6igBaKTePUUbx6igBa/PX9qr9s
v4jeDv2g/FGkaR4im0/TdNuxBBBHBEwUBF5yykkkknk96/QnePUV+Uv7ZZz+1L43PX/iYn/0BaAL
/wDw3d8WP+hvu/8AwGg/+Iqzo37ePxUi1i0aXxVcTxrMheNreHbINwypwmcEccV41U2n/wDIQg/6
6L/OgD9mtIumvdKtpn+/LErnHqRmrFUfDbj/AIR+x5H+oT/0EVd3j1FAC0Um8eoo3j1FAC14H/wU
n/5NZ1X/AK+bf/0ate97x6ivBP8AgpMwP7LOqjOT9pt//Rq0AfmnRRRQB9ff8EiP+R48b/8AXlaf
+hy191V8Kf8ABIlseOfG+T/y5Wn/AKHLX3VvHqKAFopN49RRvHqKAFopN49RRvHqKAPy0/bt/wCT
r/GH/XxF/wCiY68jr1z9uw5/au8YHr/pEf8A6JjryOgBD0Nfs54a/wCRcsP+veP/ANBFfjG3Q1+z
fhpx/wAI5Ycj/j3j/wDQRQBeopN49RRvHqKAFopN49RRvHqKAPAv+Cl//Jqeqf8AX5a/+jVr81a/
Sn/gpcwP7KeqDOT9stf/AEatfmtQAV9nf8Ehf+Qj47/652X85q+Ma+zf+CQzY1Hx3k/8s7L+c1AH
6Jf8Ei/+TMZf+yieP/8A1M9br6Zr5m/4JFn/AIwxl/7KJ4//APUz1uvpmgAooooAKKKKAP52r7X/
AIe2Xwa/Zms/FniLWrHU2+FHhG6s9GgtYZbfVp10zUUtZt7Rl0kiMlzEpD4Et9bSYBhBr6q/aC8a
Pc/tJ2/hS81fwFc2V54m8NX9s2q+JRBqOgywXdvIbeDTmjYyvcYASSNhlrk78CIZ8F+DPj3/AIQ3
w9+zHp+qfHPxP8GtM8SfB3wjHp0Z02xbQvEN1BBI01s13dxusVyY5YQI1ZGdXXBZtoHrfxv8F+Pf
iN+37pdv4WtPCNx4f8M6ppOu+IHMelS6i8YktI0gdJR9pXZH9quRMOMwWyxNvVkAB9ZeM/AGj/EO
ztLfWrGO/hsbpL2FHZgqyoCFY4I3DDMCpyCCQQRWX4J+B3hb4c6ot5oulLYzrE0QKzyumGIydrMV
34VV343BEVM7VCjpdQ1W10mOJ7u5gtlmlSCMyyBA8jsFRBnqzEgADkk4FUtI8caL4gvha2GsaXfX
TQm4ENvdRyyGMOYy+1STtDgrnpuBHWgC3No9pcSM8lrbSO3JZolJP44pv9g2P/Plaf8Aflf8Kt0U
AVP7Bsf+fK0/78r/AIUf2DY/8+Vp/wB+V/wq3RQB88f8FKdItLb9lfU3jtbeN1vbXDLGoI/er3Ar
83q/Sn/gph/yalqn/X7a/wDo5a/NagAr7J/4JIadb3t/44M8EMxVLMAugYjmb1r42r7P/wCCQ3/H
946/3LP+c1AH2d/YNj/z5Wn/AH5X/Cj+wbH/AJ8rT/vyv+FW6KAKn9g2P/Plaf8Aflf8KP7Bsf8A
nytP+/K/4VbooAqf2DY/8+Vp/wB+V/wr8rP2xbdLX9qDxtHGiRouonCqoUD5F7Cv1er8pP2zP+Tp
fG//AGET/wCgJQB5lUtioe+hVgGDOoIPIPNRVNp3/IQg/wCui/zoA/Yrw3oNj/wj9j/oVp/qE/5Y
r/dHtV3+wbH/AJ8rT/vyv+FN8N/8i/Y/9cE/9BFXaAKn9g2P/Plaf9+V/wAKP7Bsf+fK0/78r/hV
uigCp/YNj/z5Wn/flf8ACvBv+CkOj2lv+y7qjx2tujrc2+GWJQR+9XvivoSvA/8AgpP/AMms6r/1
82//AKNWgD806KKKAPrj/gkjp1ve+OvGxmghmK2VoAXQMR88vrX3L/YNj/z5Wn/flf8ACviD/gkR
/wAjx43/AOvK0/8AQ5a+6qAKn9g2P/Plaf8Aflf8KP7Bsf8AnytP+/K/4VbooAqf2DY/8+Vp/wB+
V/wo/sGx/wCfK0/78r/hVuigD8sP25beO1/aq8XpEiRoLiPCqoUD9zH2FeTV65+3b/ydf4w/6+Iv
/RMdeR0AI43IQeQRgg96/ZHw1oNj/wAI7Yf6Faf8e8f/ACxX+6PavxuPQ1+znhr/AJFyw/694/8A
0EUAO/sGx/58rT/vyv8AhR/YNj/z5Wn/AH5X/CrdeVfHz9qOD4A63Bb6h4f1u9tLuCI291aWV1cJ
cXEsxiW3XyYZAXUYkZSQ/l7mVH2kUAelf2DY/wDPlaf9+V/wo/sGx/58rT/vyv8AhXnvhX9qbQ/H
HhDxfrmkW99qFj4Vge7QrE0f9pwKshE0DSBY3jZoZVVldgfLOcHisv4hftf2Pw3+Jtz4YvdC1OW4
t77TLUTxkCNo70XJSY7gCqKbZw0h/cgkKZQyyKgBzP8AwUo0i0tv2WNTkjtbeN1vLXDLGoI/ejuB
X5vV9+/tg/F+x+Of7B9x4j0+3vbOG8vbb/RryCSC4gHnKUEiSKrKzRlH6EEOCrMpDH4CoAK+yP8A
gkfp1ve6n46aaCGZlisgC6BiOZvWvjevs7/gkL/yEfHf/XOy/nNQB+h//BIeMRfsWuigKq/EPx8A
AMAD/hM9a4r6br5m/wCCRf8AyZjL/wBlE8f/APqZ63X0zQAUUUUAFFFFAH8/3w38T/EP4ceC/wBm
PXfAvwyl8SS3Pwf8JWE2vxeDm1eS2i+zTvJbC8N3ELRd32cOEhdily7kkxRoe+/aX1LwP/w97+Hl
t4n0vwV4h8TS2FufD9zq/wAR10uTw2sV5a5WLTEtSZryaW4EkKSzMZxBIq+WIznB+EP7XfxA+Afw
n/ZX8O6DZeEtW8Ma98NPCL3kOo6w1jPas9nLbyM2y0m8uN2ktGWSWSNWe1aNfvuR7v8AEbwd8bLT
9u3RvEOhaFp+tfDlpLS1vXuvEsVrHbWhjKzMtkbV2e4jlImWUTKXCeVhQdwAPbfi78IbT4v2Oiw3
V/qWnPoWqxatbzWUgjlEiJImN2DgFZW6c5x9DznwZ/Zb074K62t3Z6zql8io/wC5uUhAMjRxReZu
RFPEUMa7c7cgtjJJr1CigDNvPCttfXLzPLqQeQ5Ij1G4jUfRVcAfgKibwZZIpJn1YAcknVboAf8A
kStevPv2mV8M+IfhNrHhbxL4xtPBkHiqzlsVu5L6C1lZCAJFTzeGBU7WA52ucFSQQAdK/hvS0YK1
9qIYv5YB1i5BLf3f9Z19qc3hTT1YqbvUwwYLg6vc5yRkD/Wda+dL/wAD/Ca98bR66PiJ8KYryDXb
fXY2jFrGyzRH55WC3IR7iUFg8zoeTlVUgGqvij4dfDDxZ8Tk8U3Pxc8Afam1zTNdlh8yzZGns1kB
ZWM+/exlYK7s5iQKi8KDQBv/APBSPwvbaf8AsualMkuos6XtrgS6hcSp/rR1VnIP4ivznr9H/wDg
orrll4l/Y9vb/Try11Cyurq0eG4tpVlilXzl5VlJBHuK/OCgAr7C/wCCTWgwavqPjdppL1SkdmB5
F5NAOs3UIwB/Gvj2vs//AIJDf8f3jr/cs/5zUAfYf/CFWf8Az21f/wAGt1/8co/4Qqz/AOe2r/8A
g1uv/jla1R3t5Hp9nLcTuI4YEMjueAqgZJ/KgDjPEHiHwl4X1C6srzWtQF9Zi3aa0h1O8nuUFwZB
D+6jdnO8wy4wOfLY9Aabqfibwhoui32o3mt6hbWmmXTWV08mp3imGVVDlSpfdwhD5xjZ8+dvNfG/
xN/4KQ/sRfFOTxZ/anxXt/8AitYLe21hUtL6SK5WBSqMqSW7pHIFIAljCyLsUqytkm9qP/BVT9kC
+0zULaP44yWT6jqM+qPPbabOkkc80PkOyj7GVH7nemSpJ8x3YtIQ4APsrwsmg+NrS4uNL1DVby3t
bmS0eVdSvAhkjO1wrFwHAbI3LkZBGcg1+Y/7X1kmnftOeNYY2mZU1E4Msryv9xerMST+Jr69/Ym/
bk/Zw+J3jbU/Bfwn8e2Gu65rU8uty2SWMtszbY4YWYEwRq21EiGWLSNgsxY5NfJH7Zn/ACdL43/7
CJ/9ASgDzKpLOMTXcSMWw7gHaxU9exHIPuKjqbTv+QhB/wBdF/nQB+v/AIc8FWf/AAj9j++1f/UJ
/wAxW6/uj/ppV3/hCrP/AJ7av/4Nbr/45Vnw3/yL9j/1wT/0EVdoA4P4xanY/CP4aat4ia31/VH0
6IGK0g1a6VriRmCIhYuQil2Xc54RcseAa83sf2ntCPjLS9NvoLq1sdWWy8q/i8Q6hcxxSXPk7baQ
JGfLuB9qsztYhNtwpLrwG4H/AIKuf8FZLD/gmPY+EftXgufxnJ4te5Tyk1EWa26xBOSTG+7dvxjj
GK+Jx/wdSeGB9l/4x9j/ANBnN1bf8T6L/R5SpQyJ/ovyvtZl3DBwxHQ0Afp14x+I48O+IL7TbLSr
7VLm3vNOtrWOPxLd+ZfJeFwHRUD7SnlSOwYhRHG8hYBTXJf8FGvC1tYfsxanMkupM6XNuQJNQuJV
/wBYvVWcg/iK/OzSv+DpPwhoOrXF/Y/s7Wtnf3Zjae5g1uCOaYxxtHGWZbUFisbMi5PCsQMAkV9p
fFb9qCy/bJ/4Jh6V8R7HTpdJh8SrbTtZSS+a1q/mgNHvwu7BBGcDPpQB8S0UUUAfWP8AwSb0GDV/
HnjVppL1SljaAeTeTQD78vUIwB/GvuH/AIQqz/57av8A+DW6/wDjlfFf/BIj/kePG/8A15Wn/oct
fdVAGT/whVn/AM9tX/8ABrdf/HK8i1z4D+Lbb4keKtX03WfEM1jqd7pVxZ203i2+CQxQS2n2iGGL
cYoY3iinLZVpHaY/vApAX2bxJdvYeHr6eM4kht3dT6EKSK/ld13/AIKbftDjW7wL8a/iYiid8Kvi
C5AUbjwBv4FAH9G8vwE8Wn4b+JdMh1HW4tQ1DV5LvSZm8a6oz6dFiEIGlMjOw3iWQx5MeCF2bD5Q
7f4afCnWNB1XxZJ4i8QX+sQ6nrT3ekLFf3cIsLIwQoluQZTyrI5Jz8zMzYXdtX+Yf/h5v+0R/wBF
t+J3/hQ3P/xdfX//AAQu/bv+Mvxc/wCCjPhPw94s+JvjXxNoeo2l6J7DVNWmurdysDMrbHYjcCBg
9qAPqj9t6xTTf2pfF8MbTMq3EeDLM8rf6mP+JySfzrymvXP27f8Ak6/xh/18Rf8AomOvI6AGyp5k
bKScMCDgkH8x0r9hvDXgqz/4R2w/fav/AMe8f/MVuv7o/wCmlfj0ehr9nPDX/IuWH/XvH/6CKAK3
/CFWf/PbV/8Awa3X/wAcr4i/4K5f8FAPAX/BOjWvBx1/4a3fxCvvGVrdQ+Y+tSQPbQQPEfLLOJCy
s0udvABXPOa+86/FT/g7N/5HX4Mf9eeqf+h21ADLn/g5c+HN5DeRTfs/arLHqJ3XaP4tZluT5Zjy
4MPzHYSnOflJHTioo/8Ag5Q+GcMwkX9nnUVkWaK4DDxWQwliXbFJnyfvIpIU9VBwMV+Q1FAH9Ivj
/wCKHh79oz/gltoPxD8PaNeeGrHxI1teppf9oSzR2jtcEOpGQjHduOdoyTnrXx9XvX7N3/KAz4c/
9cYP/Sxq8FoAK+wf+CTOgwavqvjh5pL1SkVmB5N5NAPvTdQjAH8a+Pq+zv8AgkL/AMhHx3/1zsv5
zUAfod/wSDhFt+xU0SlysfxC8fKC7l2IHjLWhyTkk+5OTX05XzN/wSL/AOTMZf8Asonj/wD9TPW6
+maACiiigAooooA/Fn4DfA+31v8AYV+BPi+/+Iup+CvDEvwv8K6V4rsEs7aa212yitY3hhMskbSW
7GS6lQvEQWWYjhgrqv7Q/i/4haV/wUl8I6BpHxG1bTPD+sva3b+G08H69fLeWyXelm7kS9tx9jjR
PJijZ3OyEajP5vEwx5v4B8Sz6T8BP2a7Rtdu7O6vfhT4RXw/5PxDt9AttGvfJHnXd7YSXULX0Mie
SgURXO7yZECLuLH6A8Y/Ce88a/twf8JPP8OPEWst4ZvLOysPEtv45vtJt9OtpI7Wa4T7Cs6xXEfm
IjSKI9kvlIrhilAHuPxe8Bap8QdG0m30rXrvQZdO1qx1KZ4MYvYYJ1ke3fvscDoCMlQDlSwPA/s+
fs/eLPhf4ujvtc1yPVYUtJIS41K6nf5imIvLlGwpuV5vMzvDzMmNign2qigCtNZzSSMy3cyA9FCI
QPzFfjF/wdjGeHWvgpFJdSzx+TqzhWCgKc2gzwB2r9pq/Fv/AIO0P+Ri+Cn/AF76t/6FaUAfjvRR
RQB++v7NAuLj/ggh8OZJLuZ1WOJQhC4AF64AzjOB9a8Or3T9mL/lAN8Ov92P/wBLnrwugAr7J/4J
IW0k+oeOClxJDhLPIVVOeZvUGvjavs//AIJDf8f3jr/cs/5zUAfZ32C4/wCf6f8A74j/APiawPit
Y3A+GPiI/bp+NNuP4I/+ebf7NdVWB8V/+SYeIv8AsG3H/opqAP48qKKKAPun/g3TjeX/AIKbeH1S
V4mOkX3zKAT9xeOQa+5f2xY2i/ah8bK8jSsNROWIAJ+RfTivh3/g3M/5SdeH/wDsEX3/AKAtfcv7
Zn/J0vjf/sIn/wBASgDzKpbEFr6EZIJdeR25qKptO/5CEH/XRf50AfsV4csLj/hH7H/Tp/8AUJ/B
H/dH+zV37Bcf8/0//fEf/wATTfDf/Iv2P/XBP/QRV2gD8Yf+Dr23kgf4QF7iSbLahjcqjHEHoBX4
41+yf/B2P9/4P/72ofygr8bKACv3r/ZJtpR/wQg8EubmQp8p8vauP+Po8Zxn9a/BSv3x/ZK/5QL+
Cf8AgH/pVQB4lRRRQB9cf8EkbeSfx142KXEkOLK0yFVTn55fUGvuX7Bcf8/0/wD3xH/8TXxB/wAE
iP8AkePG/wD15Wn/AKHLX3VQBh+MLC4/4RPU/wDTpz/osv8ABH/cP+zX8fOu/wDIbvO/79//AEI1
/Yj4w/5FPU/+vWX/ANANfx3a7/yG73/ru/8A6EaAKtfav/BvpG83/BUbwMqyNExtr75lAJ/49n9R
XxVX2x/wb2f8pSvA3/Xrff8ApM9AH6C/tyxtF+1V4vV5GlYXEfzMACf3MfpxXk1euft2/wDJ1/jD
/r4i/wDRMdeR0AI4JRhkgkdfSv2R8NWFx/wjth/p0/8Ax7x/wR/3R/s1+Nx6Gv2c8Nf8i5Yf9e8f
/oIoAd9guP8An+n/AO+I/wD4mvxZ/wCDsOCSDxp8GfMnkmzZ6pjcqjHz23oBX7Y1+Kn/AAdm/wDI
6/Bj/rz1T/0O2oA/H6iiigD9+P2bbaUf8EFvhy5uJCnkwfu9q7f+Ptu+M/rXhde9fs3f8oDPhz/1
xg/9LGrwWgAr7I/4JH20k+p+OilxJDiKyyFVTnmb1Br43r7O/wCCQv8AyEfHf/XOy/nNQB+h/wDw
SHUp+xa4Zi5HxD8fAscAn/is9a54r6br5m/4JF/8mYy/9lE8f/8AqZ63X0zQAUUUUAFFFFAH4V/D
L9heD46/s1/stfE7U/ind+DdM8DfDXwwi6XdabYXukyTLawuLiRbxWRZj5ixq+NyYBQqxJPY/tC/
EH482/8AwUq8IaJ4Z1P4kaV8I1m0x9Xey8IWWqaVel5MS2/2hofNgQjHmzmcGMMdkZIzXkXg/wCK
Xiq1+E37Lnw/8N6xqkN/4u+GHgyeygsPEtjY/YDFC/2ia5tZ5Flmt5FaAs0KSsws2iwhkDH7H+In
7A3w++KPx1tfiNqy+Jz4ostQ0/UoWtvEF5bWSyWUkTwhrRJBBIN0S7vMRmIPUYXaAd38YbrWrTTd
DbRJNWjmOt2f2o2MEMwa1Em6dJRIrERtGGXdHhwzIdyjca8y/Zov/i3dePYh46fxB9g/s2Xcl1a6
dHaF/OXaxaBRL9oDeagUHyjbrExBlLk+90UAVppbxZWEcFs6DoWnZSfw2H+dfi9/wdivcP4i+Cvn
xwx4t9WxslL5+a09VGK/aqvxb/4O0P8AkYvgp/176t/6FaUAfjvRRRQB++X7MMlz/wAOD/h2pih8
nbH83mnd/wAfz/w7cfrXiNe6fsxf8oBvh1/ux/8Apc9eF0AFfZH/AASQkuUv/HAhihkBSzzvlKEc
zeimvjevs/8A4JDf8f3jr/cs/wCc1AH2d51//wA+1p/4Et/8brA+K01//wAKw8RZtrT/AJBtx/y8
t/zzb/YrqqwPiv8A8kw8Rf8AYNuP/RTUAfx5UUUUAfdH/Buo0q/8FNvD5iRJH/si+4dyg+4vcA/y
r7m/bFaRv2oPGxlVEc6ichWLAfIvcgfyr4d/4NzP+UnXh/8A7BF9/wCgLX3L+2Z/ydL43/7CJ/8A
QEoA8yqWxJF7CQAWDrgE4B5qKptO/wCQhB/10X+dAH7FeHJr/wD4R+x/0a0/1Cf8vLf3R/0zq751
/wD8+1p/4Et/8bpvhv8A5F+x/wCuCf8AoIq7QB+MH/B169w7/CDz4oY8NqGNkpfPEHqor8cq/ZP/
AIOx/v8Awf8A97UP5QV+NlABX71/skyXP/DiDwSDFD5Py/N5p3Y+1H+Hbj9a/BSv3x/ZK/5QL+Cf
+Af+lVAHiVFFFAH1v/wSSkuU8deNhDFDIDZWmd8pQj55fRTX3N51/wD8+1p/4Et/8br4g/4JEf8A
I8eN/wDrytP/AEOWvuqgDC8YTX//AAiep/6Naf8AHrL/AMvLf3D/ANM6/j613P8Abd5nr57/APoR
r+xHxh/yKep/9esv/oBr+O7Xf+Q3e/8AXd//AEI0AVa+1f8Ag30aVf8AgqN4GMSo7/Zr7h3Kj/j2
fuAf5V8VV9sf8G9n/KUrwN/1633/AKTPQB+gv7crSN+1V4vMqoj/AGiPIRiw/wBTH3IH8q8mr1z9
u3/k6/xh/wBfEX/omOvI6AEcnY2OTjjPAr9kPDU1/wD8I7Yf6Naf8e8f/Ly390f9M6/G89DX7OeG
v+RcsP8Ar3j/APQRQA7zr/8A59rT/wACW/8Ajdfiz/wdhPcP41+DPnxxR4s9UxskL5+e29VGK/bG
vxU/4Ozf+R1+DH/Xnqn/AKHbUAfj9RRRQB+/H7Nslz/w4W+HKmKHyfJg+bzSW/4+2/h24/WvC696
/Zu/5QGfDn/rjB/6WNXgtABX2P8A8Ej5LlNT8dCGKGQGKyyXlKEczeimvjivs7/gkL/yEfHf/XOy
/nNQB+h//BIcsf2LXLgBz8Q/H2QDkA/8JnrXfjNfTdfM3/BIv/kzGX/sonj/AP8AUz1uvpmgAooo
oAKKKKAP51fiJ448M3H7Pv7GvgvxRpviHXhrHgrwZPpNhqN3aaN4TjuytvF9okvvKN5LdplG+zQS
KvlqpYAOSf1arwv9gnwvpnjH/gnF8CbHV9OsdVsn+H3h12t7y3SeIsunW5UlWBGQQCDjgivdKACv
PrL4yXF1+0dd+CWj09IrfTPtyp5rfbnXMf8ApGzG37OWcxBhk+ZGwr0GigCpcaq8EzILO8k2/wAS
Bdp+mWr8zf8Ag4I/4J9/Fz9vTV/hlP8ADTwm+sp4ai1BL/zr62tDEZTblMeZIN2fLbp0xX6e0UAf
zS/8Q+f7V3/ROIP/AAe2H/x6j/iHz/au/wCicQf+D2w/+PV/S1XNfF/xDq3hb4d6he6IkT6pGYo4
Xlspr6O33yojTNBCyySrGrNIURlLBCAy5yAD45+B37I3xD8E/wDBJPwb8KdR8Oyw+NdHVPtVoLqB
40xdNIQJA5U/KR0NeU/8O+vi1/0Kz/8AgZB/8XX134m/aP8AiY9t4SNj4Q/saTWNEtbrVWvNEvtR
XTLudHMo2xNGdtmVQvG2GmFwqo0bRvn2z4b61qHiP4f6JqGqwC21O9sYZrqJYXgVJWQFsRuS6DOc
KxLL0PINAH5sf8O+vi1/0Kz/APgZB/8AF19Lf8E8PgL4w/Z/uPFL+J9DuLQaotsLfy5YpS2wybs4
bj7wr6rooAo/21J/z4X/AP3yn/xVZHj2S617wPrFjbadfPcXllNDECEALMhAGd3HJrpaKAP5pW/4
N8v2rlJH/CuIDj016w/+PUf8Q+f7V3/ROIP/AAe2H/x6v6WqKAPxQ/4Izf8ABJH4+fsg/txaT428
eeCRpfh6z066t5J4tUtLhg7qoUbElLHODzivqf8AaU/Yt+JXxE+O/ifXNL8NyT6dql4Zrd2uoVLL
tUcgvkcg19b658TvF2gfGbX7A2MOoeHbTRGutMt7XRro3E94PK2xyXhk8oby7qsawnAUs0g2lDmf
AX4w+PPHHxBbTPEmj29rpkOmSyLexaLeWK380dwqJcJ5zsIo5UZsW75lQxMxZlZaAPiL/h318Wv+
hWf/AMDIP/i6lsf+CfvxZjvYWbwuwCuCT9sg4Gf9+v08ooAx9G1Gaz0i1hk0++EkUSowwh5Ax/eq
1/bUn/Phf/8AfKf/ABVXqKAPzJ/4OAv2A/iz+3j/AMK6Pw18KPrP/CPNefbhNfW1qY/MEW3HmSDd
naelfm3/AMQ+f7V3/ROIP/B7Yf8Ax6v6WqKAP5pf+IfP9q7/AKJxB/4PbD/49X61fs+/sg/EXwB/
wSg8L/CvVPDskPjPTApuLVbqB40/f78eYH2n5fQ19i/FXxzqPgX/AIR6SxsH1CPUtWWyu1S3lmeO
JoJmDDywQhMqRLvfCAMcnOK8rs/j58Rm8DaJM2k2lzq02p7byZPC+pwwXVv5IlWCOBnMlvK7l7fz
5XaJWhMjJiRI6APj3/h318Wv+hWf/wADIP8A4uj/AId9fFr/AKFZ/wDwMg/+Lr9A/wBnXxz4l8f+
CLi88U2sFrqKXWxBDplxpy+W0MUuzy53dy0byPCzg7XaEsFQHaO+oA+Sf+CeP7PPjP4AeJvE934m
0Ke0i1O2t4oDHNFKWZGkLZAbjhhX1R/bUn/Phf8A/fKf/FVeooAxPEV9PqOgX1vFp98ZZ4HjQEIA
SVIH8Vfzkav/AMG/P7Vlzqt1Inw5gZJJWZT/AG7YcgsSP+W1f0pUUAfzS/8AEPn+1d/0TiD/AMHt
h/8AHq+nf+CP3/BIT9oH9kz9u/wv458ceB10zw7pcF0lxPHqtncMpeFkUBElLHJI7V+3teNa78ZP
G8PxJ0a1tbCyj8PJrWoWOrn+wr+6u5IIvI+zvCwaONFKvK0krbwdgEaOdxAB8z/tWfsb/Ef4n/H7
xFr2j+HJbjTdRlR4Ha5hQsBEinIL5HINed/8O+vi1/0Kz/8AgZB/8XX2Tp/x2+I9x8cI9Dl8PW6+
Hhq9zAbn+wb9Wnt1uEgSJZi/lI6xk3bTsPLkQiJE3q8g94oA/L7/AId8/FpuP+EWbn/p8g/+Lr9K
dE1Gey0a0hk0++EkMKIwwhwQoB/irYooAo/21J/z4X//AHyn/wAVX5lf8HA3/BPb4u/t5+JPhpdf
DTwm+sxeG7e+jvzNf21oYjK0BTAkkG7OxunTFfqHRQB/NL/xD5/tXf8AROIP/B7Yf/HqP+IfP9q7
/onEH/g9sP8A49X9LVcl8VvFmr+FZ/DA0lYpDqeuW9jdxyabPd77d93mEPGyi3KgbxLIGQldm3Mg
ZQD5F+C37JXxC8Hf8El/Bnwq1Dw7LD400eKJbq0FzA8aFbhnIEgcqflPY15L/wAO+vi1/wBCs/8A
4GQf/F19lw/H/wAfn4ZaDff8I4J/EN1rEUV9bLoV9FG9o6yPsRWbMMgZfIM0jGMMvmlQkiLXafs3
fETxR8SfBt/deK9G/si+tL8wQstnNZpeRGCGXcsUxMi+XJLJbsxOJHtnkUKrqoAPgD/h318Wv+hW
f/wMg/8Ai6+lv+Cd/wABPGH7P934qk8T6HcWi6olstv5csUpYoZN2cNx94V9V0UAdr/wSGcy/sWO
xVlLfELx8drdV/4rPWuD719N18zf8Ei/+TMZf+yieP8A/wBTPW6+maACiiigAooooA/Mr/gnL/yj
2+A//ZO/D/8A6bbevZaf8Of+COC/CX4e6D4U8P8A7R37QGn6D4Z0630nTbX7P4Rl+zW0ESxRR730
JnbaiKNzMWOMkk81tf8ADrHVf+jmv2gP/ALwd/8AKGgDCord/wCHWOq/9HNftAf+AXg7/wCUNH/D
rHVf+jmv2gP/AAC8Hf8AyhoAwqK3f+HWOq/9HNftAf8AgF4O/wDlDR/w6x1X/o5r9oD/AMAvB3/y
hoAwqK3f+HWOq/8ARzX7QH/gF4O/+UNH/DrHVf8Ao5r9oD/wC8Hf/KGgDCord/4dY6r/ANHNftAf
+AXg7/5Q0f8ADrHVf+jmv2gP/ALwd/8AKGgDCord/wCHWOq/9HNftAf+AXg7/wCUNH/DrHVf+jmv
2gP/AAC8Hf8AyhoAwqK3f+HWOq/9HNftAf8AgF4O/wDlDR/w6x1X/o5r9oD/AMAvB3/yhoAwqK3f
+HWOq/8ARzX7QH/gF4O/+UNH/DrHVf8Ao5r9oD/wC8Hf/KGgDCord/4dY6r/ANHNftAf+AXg7/5Q
0f8ADrHVf+jmv2gP/ALwd/8AKGgDCord/wCHWOq/9HNftAf+AXg7/wCUNH/DrHVf+jmv2gP/AAC8
Hf8AyhoAwq8M/b8/bIu/2KPhXoniGx8Jv4zvdc1n+x4NPS5uIHZ/sN5djb5FtcyO7G08tVEeMyhm
ZVVjX0h/w6x1X/o5r9oD/wAAvB3/AMoaqan/AMEkp9aubGe8/aN+Ot3Npc/2qzkm0zwZI1pN5bx+
ZGToGUfy5JE3Lg7XYdCQQD4U03/gslaa18WPGngiDwLFbeIvDi6JBYQ33iKOBbm8v7q1sriG72wu
1mtpdXccbuVlLgEqmcKeku/+CnF/onx78a/DfU/A+lReI/AvhWfxXey23iVp7K6hhtXlkhgla0Qy
S+aYUClQQjSyMFMYR/qrV/8AgiHoHiCwltL/AONfxYvrWcXQkhuPDvgeWOQXUolucq3h4g+dKqvJ
n77KGbJGaq2P/BCbwnpcUcdt8X/idbpDGIY1i8MeBUCIIZIAgA8PcKIZZY8dNkjr0YggHgXwn/bS
8d/FHXvhLbH4aaNo9v8AE3Sb7WJ/7Q8Q31reaRDZ3MMcy/Z5tMR5WaK4hkj3GIOSwyF2yPH4y/4K
FzaBJe6fY+D4bvXJfiefhjpUd1rP2WxubgWSXn2q4nEDtAhQuoRY5WLKgGd3y/SXhD/girpPw+st
MttA+Ofxf0S30VJ4tPi0/QfBFslgk7h5liCeHwIxI6qzhcbioJyRWVqv/BBzwdruo63eX3xb+JV7
d+JlC6vPP4W8CSSaqAysBcMfDpMoDKpG/PKg9hQB8dH/AILGXl+3h2fT/hLrU9j4q8NSazpMk15c
BtXvktbuc6bavFZy27ylrUhfMmjkdHDpE+UR/Xvgv+2/J8aPhB4J8QW2gW9lq/i/xW/haXTWubpR
pckInluPN+0WtvMJEgtpT5bQrlyi7tp317Rq3/BCDwhr+rjUL/4ufEu9vxY/2X9pn8L+BZJvsmwx
/Zt7eHSfK2Erszt2nGMVZg/4IeaJYeGtE0ax+O/xr0nSfDd/HqmmWemaZ4NsILG4RmYOiQ6CgGS7
7l+6wdgwIYggHzD8O/8AgqZpuq/Fq08GeNPBWv8AgPWr7XW0SKG7Sedw0s0UFhKwEChY7mY3UYfJ
jDWjESSK6Mffvgx8TpvihomsS3Vklhe6Hrl/os8ccpljc29wyJIrEA/PF5blcfKXK5O3cew1X/gj
LYa7q8eoX3x5+Ml5fw3UV/Hcz6J4JkmS4iUrFMHPh8kSIpIV85UEgEVL4L/4I7f8K90y5s9I/aQ/
aAtYLy/utTmBt/CMrSXFzO9xNIWfQi3zSSOQM4UYVQFVVABDRW7/AMOsdV/6Oa/aA/8AALwd/wDK
Gj/h1jqv/RzX7QH/AIBeDv8A5Q0AYVFbv/DrHVf+jmv2gP8AwC8Hf/KGj/h1jqv/AEc1+0B/4BeD
v/lDQBhUVu/8OsdV/wCjmv2gP/ALwd/8oaP+HWOq/wDRzX7QH/gF4O/+UNAGFRW7/wAOsdV/6Oa/
aA/8AvB3/wAoaP8Ah1jqv/RzX7QH/gF4O/8AlDQBhUVu/wDDrHVf+jmv2gP/AAC8Hf8Ayho/4dY6
r/0c1+0B/wCAXg7/AOUNAGFRW7/w6x1X/o5r9oD/AMAvB3/yho/4dY6r/wBHNftAf+AXg7/5Q0AY
VFbv/DrHVf8Ao5r9oD/wC8Hf/KGj/h1jqv8A0c1+0B/4BeDv/lDQBhUVu/8ADrHVf+jmv2gP/ALw
d/8AKGj/AIdY6r/0c1+0B/4BeDv/AJQ0AbX/AASL/wCTMZf+yieP/wD1M9br6Zrzn9lD9mvTf2SP
gjZeB9K1vxB4kt7XUdT1abVNba2N/fXOoajc6jcySfZoYIRme6lwscSKq7RjjJ9GoAKKKKACiiig
Aor4D0r/AIOCfB2tQ+D5IPgZ8eCvj7RrXxBoPmSeFYjqFjc3FnbQSgNrYKb5r+zQI+1wZxlRhsdn
4I/4LD/8LH8Ox6tov7OXx9v9Plmnt1mW68IIC8MzwyrhtdB+WSN16c7eMjBoA+yaK+TP+Hp2q/8A
Rs37QH/gb4O/+X1H/D07Vf8Ao2b9oD/wN8Hf/L6gD6zor5M/4enar/0bN+0B/wCBvg7/AOX1H/D0
7Vf+jZv2gP8AwN8Hf/L6gD6zor5M/wCHp2q/9GzftAf+Bvg7/wCX1H/D07Vf+jZv2gP/AAN8Hf8A
y+oA+s6K+TP+Hp2q/wDRs37QH/gb4O/+X1H/AA9O1X/o2b9oD/wN8Hf/AC+oA+s6K+TP+Hp2q/8A
Rs37QH/gb4O/+X1H/D07Vf8Ao2b9oD/wN8Hf/L6gD6zor5M/4enar/0bN+0B/wCBvg7/AOX1H/D0
7Vf+jZv2gP8AwN8Hf/L6gD6zor5M/wCHp2q/9GzftAf+Bvg7/wCX1H/D07Vf+jZv2gP/AAN8Hf8A
y+oA+s6K+TP+Hp2q/wDRs37QH/gb4O/+X1H/AA9O1X/o2b9oD/wN8Hf/AC+oA+s6K+TP+Hp2q/8A
Rs37QH/gb4O/+X1H/D07Vf8Ao2b9oD/wN8Hf/L6gD6zor5M/4enar/0bN+0B/wCBvg7/AOX1H/D0
7Vf+jZv2gP8AwN8Hf/L6gDxz/gqZat8dvhZ+1/JrV1qcNv8ABb4fIvhiC01G5sWtL240+e8nv8wy
IXLjyYBuyPLiuI8FJZVbQ+Lv7Qvjqy+FXxjTXrrwte+JP2ffCWl/Enwp4j8M2t1p1uElhuZP7Kul
knnEkjR2bJIwcJNFdxt5MRC1pap+2fdzfHr/AITyx/Zz/aBs5tV0kaH4i055PBk9tr9rGZXtt+df
BSWF5pcMMhkmkRlb5GTn/E3x18PXPw1sPAfhn9kz4weA/h+2qLqWs6B4dsvA2n2+thZBL5DiLXVV
I5JVUy4UtIoKkgM2daVRRiotdvk1Lf8A9u016FymnZSV0m/K6ajdeV1Fx7O/No0foZo+oHVdItLo
o0ZuYUl2Hqm5QcfhmrFfJg/4Km6qAB/wzN+0Bx/0++Dv/l9R/wAPTtV/6Nm/aA/8DfB3/wAvqzk0
22kZQTUUpO7PrOivkz/h6dqv/Rs37QH/AIG+Dv8A5fUf8PTtV/6Nm/aA/wDA3wd/8vqRR9Z0V8S2
H/BbnQ9Wg1SW0+CPxcvE0SB7rUDb6/4Il+wxICXkl2+IDsVcHJbAGKm8Tf8ABabT/BniOx0fVfgF
8brDVdTANraTan4NWacF9gKr/b+SCxxn1oA+1KK+FU/4LxeE5bG/uk+DnxXkt9MkSK6kTX/BLLC7
syKpI8QclmR1AHUqw6giuq8O/wDBXGXxfoltqelfs5/HXUtPvU8yC5ttS8GSxTL6qy6+QR9KAPsC
ivkz/h6dqv8A0bN+0B/4G+Dv/l9XOP8A8FrNKj8fJ4Vb4E/GQeJn6aX/AG14K+158sygeX/wkG7J
jVnAxkqpboCaAPtaivjPxV/wWQt/A17pFtrP7P3xu0u4168XT9NjutV8GRPfXDAlYYw2v/O5AOFH
NU/A/wDwWz0j4mapqVj4e+BPxm1q90eWSC9gs9Y8FzSWrxyvC6uq6/kFZY5EPoyMvUEUAfbFFfJn
/D07Vf8Ao2b9oD/wN8Hf/L6j/h6dqv8A0bN+0B/4G+Dv/l9QB9Z0V8mf8PTtV/6Nm/aA/wDA3wd/
8vqrH/grLdLffZT+zh8d/tJ48r+0fBvmdM/d/t/PTmgD68or4YtP+C7Phi/udTgh+CvxfmuNHWRr
2JNa8FtJbrHJ5UjMv9v5wkhCMcYDEA81c8C/8FuNG+JunTXnh/4E/GfWLW3gW5kmtdX8GSIkTAlZ
CRr+NhCthuhweeKAPtuivizwB/wWj074q2c9z4Z+Avxo1+3tiokl0/WPBdwi7hlTldfIww5B6EdM
1hn/AIL4eDQ18h+D/wAVvN0yf7NdRf8ACQeCfNhl3umwp/wkG7O6KUdOsbj+E4APu+iviaD/AILa
aPd2FtdQ/Ar4yzW97dQWNvJHrPgt1nnmiWWKJMa/8zvG6uFGSVOenNdN/wAPTtV/6Nm/aA/8DfB3
/wAvqAPrOivI/wBkH9r6w/a/0DxddW3hHxh4I1DwR4g/4RvVdK8SfYDdx3BsLK/V1axurmFo2gv4
CCJcg7gVGOfXKACiiigAooooA/mj/a28U+ANA/ZO/ZEPi/wpZa5e2fwf0/ULee58bXnhl5444tIU
Wdu8A2tO0rxzgykKq2jHggEfTHiT4TDxb/wTA+E/hfwzZaN410681bzZfC/hrxtdWMXjGHbf3Elh
a6rMwld0YfaGZ2TzBZSjKhhjkNV0G48U/sY/sp6dYyfHuTU7j4XabLBafDj4g6f4YM6x6dZNI00V
zcwtOUBB3IrCNSd2Nwz7X4Q+AOhfte/sYfA3QPjtqUfiW7l1H7dHANbjvDrtyljqIhhkvbMqs8iW
rPK8kLBXe2Y8qSCAelf8E9/hP4g+DH7NljoviDSbzw0TfXV1p3h+71xtcuPDtnJIWisnvWJM7J8x
zlgocIGYIGPt1effBz4KfD/9jn4ZReH/AArZWfhLwyb9SkU99LJGbq5lSJFEk7sxeSRo0Vd3LMoA
ycHudI1i01/Toryxure9tJs+XNbyrLG+CQcMpIOCCOO4oAsUUVn23izTL3XNQ0yLUbOXUdJjimvb
ZZlMtokocxtIucqGCORnGQpoA0KK4vSP2jfAXiBtLWx8ZeG7xtbfy7AQ6hE5vD+5wY8H5lP2i3ww
4P2iHBPmJu7SgAoorh/2mPAt58T/ANn3xj4c0+1+26hrmkz2VtEbo2w82RCqMZAcqFYhj6hSMHOK
AO4orw34qfDXxv8AFjxfoV5LoWj6fbaLP9ntnfVBPNCry6Tc/btvlAJNE1vfQBFZtwKNvCysqbf7
Jfwj1v4Q+Eb2z1uGxtZ5BZxbLSbzUupILOGGW8Y7Vw88iMxBBOApJ3EgAHq9FeDP8KfGKeC/Emg2
3h/T/sGreJp9aYXOr7vtNut3bXAtipRwVuVSeJgzAIGHDA4GT+z9+zP4w+HfxE0O/wBWt9Ejgs5b
i+lu7a9aWWzt5bUQx6LEDEpe2ik/ehyVGUXCAk4APo+iiigAooriv2kfA978Tf2fvGvhzToVuNR1
3RbuwtUacwKZZYmRCXHKgMQSfQd6AO1orxL49fCzxn8bT4auILSy0kaPqZZraa/EhjSSCLF8CqEe
fby+aqRgkMDu3qTtD/2KvgJ4n+AnhLVbHxPqMGoXM8lvGJIpTJ9veGBY5dQkJUFZrlxvdecbR8xJ
NAHtVFFFABRRRQAUUVy3xv8ACs/jn4P+JtGtrU31zqmnTWsUH2g2+93Qqv7wEbQCQc+1AHU0V86f
FD4BePPif8DPB/h2KPTtG1TQFt7P7QdQMrWhFjGh1BCI/wDXQT+aETPzABt6lto7T9nX4R638N/F
/iu81WGxhh1IRxRPBN5j6hIl5fzNeSAKNryR3UCkEkgwkZ2hSQD5t/ZH/wCCJWnfsg618YtT0z4g
X2uXfxY0G90Ux3WlpBHpxuGdhJlZGL7S2McZAr3PxV+zd4l+I/xh0Hxf4hPhua50aNLZIbO/1K0W
NFnWYSDypFEjE7hslDJwPVhXu1FAHy7p37BOuab4Z1rSo/EGnW+kXs0FzZ6NYXWrWVlpdwkjsbmw
kW8M+mkq+wQ2ziELvUqwfC+ia/8As7a14i+Afh3wrq+uaf4u1LQ7uK6uZNds2uLLWlRn2w3EZcs6
qHQhmZmLwo7bjnPr1FAHhfwY/Yxh+EviXQ9aa90691vS7mD7RqSWPlXV3ax6HBpv2YuWZvLM0Czh
CzAYXqw3VdvP2cfEtsvxF0jTPEekWvh34izX15NM2myf2pp09zZC3OyVJlVwrqkisyhlVfL5+V19
nqj4osv7S8NajbG3a8FxayR+QsvlGfKEbA+RtznGcjGc0AfOY/YH1m50Uwp4zi8PvYx30+j2ejaX
Cmn6Xc3N5DdhUjmV2WGKS0tWURtG24zkFQ6qvc/sq/smwfs6RazeXer3uua1rGq6veB3lf7Lp9ve
6td6gIIIicR83KiRusjRgnACqvB/EP8AZ0+IPjj4K/Djw4ljoyXHhPRVsbo3GqMQLuTSrmy+1IBE
QWtpjBKhJywkkI2vGoft/wBlD4H+I/g/rPiuXXjp7LqU7+VNbXDTNqBOo6lc/apQUXbI0N3bxsDu
wYCoJRUJAPZqKKKACuBufgPBc/GRfGJ1GYTq6v8AZvKGziIR/eznoM9K76igDxTwf+zJrcfjzwjq
Gu6xpbab4A1nVdZ0iHT7eRLi7lvlu4sXEjsR5aQ3knyKvzSLG+4BNrP8M/s9+JfAVjollp174Z1G
zg8H6b4T1JdTtZnWZbUSq0qorAMriZsoxHTG7nI9orO8YaedX8JarafZ2vDdWksXkCXyjPuQjZvy
Nuc43ZGM5oA8k+AP7KurfCbQp9NufF2swaXHf215Y6dp+p3lxBZiIOHiWS9knlFvLuQG3DBIxEoT
GWzymp/8E8rRvDF1Imr3+p+J7jU5ruK+utY1Gz/sqB7q6uBFYPaTRvaNm5w7pu81QyOGUgLR0X9m
j4hyfsMfDr4cXlppEeu+DfDdjpV1I2pmSK8uk0u6sGkz5ZwsUzW90jHLMU6KyjPovwd+DPiDwZ8d
/Emu38enRadeR3aJdQ3Be51hp7+W5iMybBtFtCywISzEgtjaoGQDn/hh+x1r/wANfiVa+NJfGk3i
HxKggs7r+0Y3e1ubT7Ja287KhYmO6ZrVGE+WZlUI4bJYfQFFFAG7/wAEsf8Akav2mv8Asqtv/wCo
d4Yr6zr5M/4JY/8AI1ftNf8AZVbf/wBQ7wxX1nQAUUUUAFFFFAH4E+HvGvhnwT8Hf2RboePfEHwz
8ft8HtJs7DW4LLT73TZrC7fQrKW3miuyP3guJ7WYOmNkcE7HcBsOj+1np/wr0r/glh4B1TVNB/4W
V8PfB/ime6mtfEviWLRH1qdW1S1kuGltopPNZ7mZ5Y4bZQzZQgBVZDzXjL9nvxt8df2Qf2TrTQPA
Hh3xbot98K9H0ibVL7wzo2syeG7qdNH/ANMf7fE8iRR2S6g4EIYNMsQdWyteg/G/4T+MYv8AgmF8
OND/AOFP2fjLxFod5ePH4ci8NWlstrOlhqy6deNZwNFDbk3TWLyiEjaJpQBzigDS+FHhfQfDn/BK
a6kl+EfjL4B2F7q9nqel+GdB1eK/1wXp1K0ewlikvYzHHLNdLbjZcIAgPzBRkjsv+CYWn+LPh6/i
bwT44h+J+ia7o9paX1toninXdF1u1hsp5roJPbXGm2sHzPJHKsiTAlSibcg5LvhRP4W8G/sM+NX+
KHw4v/C3gOfUjAfDF7o7TXdzDMLWJEFvE0rySS3bER7WLZKYwRxt/wDBPXxh8CfEWo+M7X4KaPrM
EunPbQeJL+/stQWVLpRJt0+We+zK01uC26EErD5uOCxFAH0xXF6r8JptW8ceJNWfVFSDxHpdjpEl
ulrh44LeW4kb5y5y0gu5lJ2jaNhHKkt2lFAHz14J/wCCeuj+CtZ8PagnibWLq50OO0tZDJBCFvLe
0bSWt1IAGyQHRrTc68N5k+EXcnl/QN1bLdxFHMgBOfkkZD+akGpKKAKX9gQf89L3/wADJv8A4qvg
n/g4o+OHjP8AZf8A2IfDfiD4feK/EXhPWrvxraWE15p+oyxyyW7WV+7Rk7j8paND9VFfoHX5p/8A
B1D/AMo8fCn/AGUGx/8ATfqVAH5B/wDD2P8AaW/6Lf8AEf8A8HEv+Nfqx/wbr/tPfEX9p74OfGi/
+IPjjxT4tvNAnshp0uoalLI1oHguWYLzxkop/AV+EdftD/wawf8AJBfj/wD9fFh/6T3dAH1t/wAL
p8W/9DHrH/gU/wDjXafs+fEbxB4s+LelafqOt6rdWc4m8yJrpwGxC7DoexANeSV6D+y1/wAly0X6
T/8AoiSgD6u/sCD/AJ6Xv/gZN/8AFUf2BB/z0vf/AAMm/wDiqu0UAUv7Ag/56Xv/AIGTf/FV8Pf8
HA/xk8Xfs0/sFw+JPAXijxD4W11vE9laG9sNQljlMTxzlkzu6Eqv5V93V+dv/Bzx/wAo1rf/ALG/
T/8A0Vc0AfjT/wAPY/2lv+i3/Ef/AMHEv+NfqB/wbV/tVfEv9qzxH8YIviN488V+MI9DttJewXUd
TlkFqZXvBIV+YY3bEz/uivw7r9hf+DSn/kavjr/16aJ/6HfUAfpP4K+HXxJl+EfijS9ZvfE9nr9/
t+w30eopdPFIlpb+eyD7Um2Ke4E/loHQordYflxo/CzwN44tPGHhiPX08Sra2llezahef20ZLebz
Lmb7JZvEbp23wwFC8oV2ZvKHnOBJnzF/2nvHIdh/bh4P/PpB/wDEV1/wF+O/ivxn8VtL03U9VNzZ
XPm+ZH9niTdtidhyqg9QDwaAPoH+wIP+el7/AOBk3/xVH9gQf89L3/wMm/8Aiqu0UAUv7Ag/56Xv
/gZN/wDFV8ef8F2fin4n/Z2/4J1+I/FHgjxHr3hnxDa6np0MV/Y6hKk0aPcqrqDu6FSQa+0K+Ef+
DkD/AJRXeKv+wxpf/pWlAH4i/wDD2P8AaW/6Lf8AEf8A8HEv+Nfpt/wbYftYfE39qvx78WLb4jeP
fFnjCDRtP06WxTUdTlkFs0klwHK8jBIVc/QV+Itfrz/waYnHxJ+Nh9NM0r/0bdUAfpj4R8beNtR0
DxjBPDr411dGa40n7ZY3cVvbaoPtnm2quqBXgjEdoVdi28yth34Ab8AfH/jrXvFHhe08Y2Gv6fba
vbeIWCTWNzHMUg1OKPS5bmSNjFDNNYl3aP5AW3HA4RcqT9tHxKkjL/Z+inBx/q5f/i62/hn+1Zr3
jTx7pelXNlpMcF9OI3aNJA4GD0y5H6UAe4/2BB/z0vf/AAMm/wDiqP7Ag/56Xv8A4GTf/FVdooAp
f2BB/wA9L3/wMm/+Kr5F/wCC5fxN8S/s9f8ABOHxf4q8E+Itd8NeIrG902OC/stQmSaJZL2JHAO7
urEH2NfY9fDn/Bxf/wAoovHX/YQ0n/0vgoA/Dr/h7H+0t/0W/wCI/wD4OJf8a/Tf/g2w/av+Jv7V
fjz4sW3xG8e+LPGEGi2GmyWKajqcsgtmkkuA5XkYJCrn6CvxEr9ev+DS/wD5KT8a/wDsGaV/6Nuq
AP2FtvG/hS8s9duI9eRoPDBk/tWQ6jKEsRHv8wuS2AqmOQE9AY3GcqwFXTPib4S1i90q3t9Vv5H1
uWSCzbdeLFLNGZRJCXPyrKpgmDRsQ6mNgQMVyL/s6aSuneNrJfFrR2/jhbu2u12Qs0NrO9/MYV3Z
BZbnUZ5A5HKrGhBALNpfC34I6b4HXwtBJ4ij1b/hG5NRu4YAFSOS9vZWdp1UuzL5aS3EaKWYhLh8
sxwaAPRv7Ag/56Xv/gZN/wDFUf2BB/z0vf8AwMm/+Kq7RQBS/sCD/npe/wDgZN/8VXzd/wAFePGu
t/BL/gnH8UfFPhPW9a0HxFo9jbyWV/aX8yTWzNeQISp3cEqzD6Gvp6vk/wD4Llf8opfjH/2DbX/0
utqAPwH/AOHsf7S3/Rb/AIj/APg4l/xr9A/+Dcz9s34s/tR/theMND+IXxF8YeLtIsfB099Ba6hq
kskcU4vbNBIBkfMFkcfRjX48V+nf/Bqj/wAn2eOv+xDuP/ThYUAfvJ/YEH/PS9/8DJv/AIqj+wIP
+el7/wCBk3/xVXaKANr/AIJU24tfEn7TEamQhfirBgu7O3/IneGO5JJr62r5M/4JY/8AI1ftNf8A
ZVbf/wBQ7wxX1nQAUUUUAFFFFAH40fAb9qq9/Zz/AGCP2cLe18GyeKRqvw30SRnXxNo+j/Z9mnWo
xtv7qFpM7usYYDHOMjPMft8+DfG/7Rf/AATJ0a08WeHNKn8cazrhuoRd+L7DRk0HMl41tcLOjm1u
nS2MaeTvKyeYzEnaTXntx4otr79mn9k7wi138OdOvNS+FGh3Ud14t8AQeJoQJW0XTUWOR7yBoT52
oRMwCOCiOxI2BW9K/ay+AmkfCD/gl34f+Es3ifwZe6fqEd7pEviTWfDQvLOxjbT9Su7q9tbeCZFt
HgijneJlZxEkWwKxIoAj8HaX4c+FH/BJIWvi/wAPLDpGj6jpSeIX8Oax5s07rqViJtUhk0uSRopU
P+kCKBiwMQAxmrv/AASN+Jnw08aa/wCMbP4Z2nju3tEsLXUdWXxDq+tXqRX1xeXzOsS6jhdzhRM8
kQy7TfOSVrJ+F3ji9+Jn/BH/AFPUNBvfCvw6vDPbpJJaB/h5DaQLd2pcTTtJObSa4tTxcKzZFzEQ
uTirv/BJe48Q2N54+uNQ8YeGvGbR6XZNNDpHxUk8cS3V6Jr12uXDqPsZkjaGIKgCP9nzjINAH3NX
C+Evj/pHjL4la74ZtrbUUuNDMym5kRBBdtB5InEeGLfu2niU7lXJJ25AzXzR+xH/AMFOvFP7Vnx4
stCu/COlWXhTUrSW2ttRtXuBcvqFpZWdxfMUkUD7NHNd/Zs/eWRVB5bav1Yfg94aOu6rqf8AZFv9
u1to2vZAWH2goUIyM4Aby49wAAcIobcAKAPHvhb/AMFJfBnxd/4R3+y9G8VKfEJiIE8FuhsUlm06
CNpgJjhjLqlshRdzIVmDAbPm+g7i6js4i80iRIONzsFH5muC0L9lf4feGZtKlsfC9hby6K6vZyBp
C8IX7PsTJYlo0+x2m1GyifZYNoHlpj0CgCp/wkFh/wA/1p/3+X/GvzX/AODpfVLa9/4J6+FEhuYJ
nHxAsSQkgY4/s/UueK/TOvzT/wCDqH/lHj4U/wCyg2P/AKb9SoA/n/r9nP8Ag1ov4LT4E/H1ZZoo
2kuLDaHcKW/0e76Z61+MdftD/wAGsH/JBfj/AP8AXxYf+k93QB9H1337MVxHa/G3RpJZEjRRPlnY
KB+4k7muBr0H9lr/AJLlov0n/wDRElAH1h/wkFh/z/Wn/f5f8aP+EgsP+f60/wC/y/41booAqf8A
CQWH/P8AWn/f5f8AGvzw/wCDm/VrW8/4JtW6RXMEr/8ACXaedqSBj/qrn0r9Gq/O3/g54/5RrW//
AGN+n/8Aoq5oA/nlr9f/APg00v4LHxT8c/Pnih32mi7d7hc/PfdM1+QFfsL/AMGlX/I1fHX/AK9N
E/8AQ76gD6tk/wBY31ru/wBmW4S1+NuiySyJGi+flmIUD9xJ3NcJJ/rG+td9+y9/yXLRP+2//oiS
gD6x/wCEgsP+f60/7/L/AI0f8JBYf8/1p/3+X/GrdFAFT/hILD/n+tP+/wAv+NfCn/Bxxq9rd/8A
BLPxVHFdW8rnV9LwqSKx/wCPpOwr72r4R/4OQP8AlFd4q/7DGl/+laUAfzg1+uf/AAaeX8Fj8R/j
WZ5ood+maXje4XP7269a/Iyv14/4NMv+SkfGz/sF6V/6NuqAPruc/vn/AN4/zrqvgTMtv8X/AA+8
jqiLdAlmOAOD3rlZ/wDXv/vH+ddZ8A/+Sx+Hv+vsfyNAH2F/wkFh/wA/1p/3+X/Gj/hILD/n+tP+
/wAv+NW6KAKn/CQWH/P9af8Af5f8a+Hv+DifV7S7/wCCU/jmOK6t5XOoaVhUkVif9Ph7A192V8Of
8HF//KKLx1/2ENJ/9L4KAP5tq/XT/g05v4LH4kfGozzRQ7tN0rG9wuf3t161+Rdfr1/waX/8lJ+N
f/YM0r/0bdUAfXmoHN/Oc5zI3866X4HzLb/Fzw+8jqiLeISzHAFc1qP/ACEJ/wDro3866f4E/wDJ
YPDv/X4lAH2J/wAJBYf8/wBaf9/l/wAaP+EgsP8An+tP+/y/41booAqf8JBYf8/1p/3+X/GvlH/g
uHrNpc/8EqfjFHHd20jtp1rhVlUk/wCnW3YGvrmvk/8A4Llf8opfjH/2DbX/ANLragD+YOv03/4N
W72Gx/bp8ctPNHEp8B3ABdgoJ/tCw45r8yK/Tv8A4NUf+T7PHX/Yh3H/AKcLCgD9ffgv4D8UeCvj
V4y1XW9b0/UPDPiICCGzOqtNscX2q3BuvLYbVJtrnT7XaDnFt/djTdgeH/gf4m8OfED4barY61pN
lY6RealqOvafHqrrbbr1y3kIoGGW3QpHEQFVthLKMgjkvFvxq8WWfirU4Ytf1JIoruVEUSkBQHIA
H4VP8P8A4zeK9S8eaJbXGvalLBcX8EciNKSrqZFBB9iDQB9p/wDBKq4S68S/tMSRSJKjfFWDDKQw
P/FHeGO4r62r5M/4JY/8jV+01/2VW3/9Q7wxX1nQAUUUUAFFFFAH89XxH0LW/EH7In7Iun2vwu8I
eNtM1r4XaTpo1zWfBtn4hTwtdSRaOpupzcKfItYrNr2YkfK8kMStwRn2XxN8C9e/aR/4Jz/Cjwcv
wi8EaxDqOrn+0dB1OG68G6dY2UUeoPFeKlojS2TyslvmNI3BF3JGVCuXXxDxp8NvB/xW+A37HWke
I/F8Ggfa/hPollqNjfacZ7bVNKuLrw7FNFFMJF8ieSf7LC7FXX7NPcsQNnPqfi/40aL+yV/wSy+H
V1J4y8b6Ppen6zc6UNR8DNpttMsdu2pSSwxDVFmja2iitZRGg/fSeTAqEs+0gHa3Wi6x4Y/YN+MO
n+ItB+EnhPUk16eOe0uku/FXhtBK1od00RQTSjD7Vj8mNY9sQEYRATzv/BIPw7b+D/gj458H2Pjf
wR4qXT1E4uNPW/t7zTzcLLhJFuoo2is1KHyVRSq7ZRkkGp/2dPiwdQ/4JpeO/GVj4h8a2evS6vPe
avql14t8PNf29wHtgzx6l9nTSwn2cRZLw4XLp98A1b/4Ji+L9W+Oul/EPxdq2ifGO6/tTTrbS7DX
vHWoaa0WtW0ZumWOw+x21uhgDTM3nmNlfzV2uQuAAdN/wTa17WPH/hLSri1/aAi+Juj+FdOt9L1H
SY/DEVgIZjbIY3Ezxx3DxlcMkhXEq/Nk819Y1+Yv/BG/WvFXjb9o7X5o/C3ivRtK8L2seh6/JefE
s6/awSQwvHaQCNbRIbgIquqtDM4i74JxX2v4c+O/iV/i9420vU9LjXStE8xLGKO2kWbeDbLbBpSS
sn2pppCuFAXyiDkhjQB7HRXyP8K/2z/id44uPACaj4Yh0t9cEX9rh9KuDG9xJdaQr2sDb/3Zgtr+
7dxIC4ksZQQFhkz9a3EzQRFlikmI/hQqD+pAoAfX5p/8HUP/ACjx8Kf9lBsf/TfqVfpD/aU//QPv
P++ov/i6/Nb/AIOl7ySf/gnr4UV7W4hA+IFidzlCP+QfqXHysTQB+A9ftD/wawf8kF+P/wD18WH/
AKT3dfi9X7Of8GtFy8PwI+PoWCaYNcWGShUBf9Hu+uSP0zQB9KV6D+y1/wAly0X6T/8AoiSvPq77
9mKVofjbozLG8rAT/KhAJ/cSepA/WgD6+oqp/aU//QPvP++ov/i6P7Sn/wCgfef99Rf/ABdAFuvz
t/4OeP8AlGtb/wDY36f/AOirmv0H/tKf/oH3n/fUX/xdfnh/wc33kk//AATat1e0uIR/wl2n/M5Q
j/VXPoxNAH89tfsL/wAGlX/I1fHX/r00T/0O+r8eq/X/AP4NNLl7fxT8c9lvNPutNFzsKjb899/e
IoA+s5P9Y31rvv2Xv+S5aJ/23/8ARElcDJ/rG+td3+zLK0Pxt0VljeVh5/yoQCf3EnqQP1oA+v6K
qf2lP/0D7z/vqL/4uj+0p/8AoH3n/fUX/wAXQBbr4R/4OQP+UV3ir/sMaX/6VpX3H/aU/wD0D7z/
AL6i/wDi6+FP+Dji9lm/4JZ+Kla0uIgdX0v5nMZA/wBKT0Yn9KAP5ya/Xj/g0y/5KR8bP+wXpX/o
26r8h6/XP/g08uXt/iP8aysE0+7TNLzsKjb+9uv7xFAH2BP/AK9/94/zrrPgH/yWPw9/19j+Rrk5
/wDXP/vH+ddV8CZDH8X/AA+wRpCLoYVcAng+pAoA+z6Kqf2lP/0D7z/vqL/4uj+0p/8AoH3n/fUX
/wAXQBbr4c/4OL/+UUXjr/sIaT/6XwV9sf2lP/0D7z/vqL/4uvh7/g4nvZZv+CU/jlWtLmIHUNK+
Z2jIH+nw+jE/pQB/N/X69f8ABpf/AMlJ+Nf/AGDNK/8ARt1X5C1+un/Bpzcvb/Ej41FIJpydN0rO
wqMfvbr+8RQB9haj/wAhCf8A66N/Oun+BP8AyWDw7/1+JXMagc3855/1jfzrpfge5j+Lnh9gjSEX
iYVcAn8yBQB9o0VU/tKf/oH3n/fUX/xdH9pT/wDQPvP++ov/AIugC3Xyf/wXK/5RS/GP/sG2v/pd
bV9S/wBpT/8AQPvP++ov/i6+Uf8AguHfSy/8EqfjErWdzGDp1r8zNGQP9OtvRif0oA/mMr9O/wDg
1R/5Ps8df9iHcf8ApwsK/MSv03/4NW53t/26fHJWGWcnwHcDCFQR/wATCw5+YigD9DfG3/I56v8A
9fs3/oxqsfDH/kpPh7/sJ23/AKNWq3jRi3jHViQQTeTcHqPnNWPhqxT4jeH2Cs5GpW5CjGT+9Xjm
gD7+/wCCWP8AyNX7TX/ZVbf/ANQ7wxX1nXyT/wAEqpWm8S/tMM0bxMfirB8rYJH/ABR3hj0JH619
bUAFFFFABRRRQB+A4+DuieP/ANm39kXVfHfwhvfid8O9O+Edpb3kuk+HP7c1Oy1CTT9ONqnlKfNS
BlE7F0Vl3pGHKqcn0D4hfBnx/b/8Eq/AnhvQfgZ4D8V+JtPuo5JPC3iHQrG5t9DtjJcn7ZHYTTLA
14sTr+5Ey4aeQBiAVPj3xF+J+ofAn9lb9kDxp4a8RLpviux+E9ppkdjqfgvU/Emj3Npc6fp3myt9
iG6C4QxKFJ++rup+XIPq3iC38K+F/wBgL9ne/f4n+Iz4a0jVLjWpvFnhuAabdvGmg65c3DQxyqfs
0aL5w8plLJHGYwu7AAB2P7CvwL8MeMP+Cd1/4O+KXhyxstO1LVLoeJtEvvC1v4QsraVblHjjW1t0
ijWPalu4cM+8n/WPXcfs9/B74JfAvxD438NfCLw7plpqtxoFvf6kNPu5Ly3uoma6jgiJMrkMGjl+
UBThhyc8cT8P/GMv7Qv/AATQ8R3ngrwn4j+MGq34Y2vhf4sy2bT30paGWOK5IxAYxE0c6KSMgqCy
sfl8h/4I62+p2c3x+h8UeD9K+HPiuzS2gbw/pnw8t/Cltb2gt5WWVXiQtcjz2uYwWnlAWFXG0S8g
GL/wTA+FWleCv2lfDlxpP7OXib4Y3sLX1vdate6J4htLWOyOl2jqVa9naBZHvmvI9pBJSOMgAnc3
6cV8df8ABOfXfBF/pXgWPSf2odV+I+unw1bmTwfP4m0S8jgP2ZN4+z29ul0PJOR80hK4+bJzX2LQ
AUUUUAFfmn/wdQ/8o8fCn/ZQbH/036lX6WV+af8AwdQ/8o8fCn/ZQbH/ANN+pUAfz/1+0P8Awawf
8kF+P/8A18WH/pPd1+L1ftD/AMGsH/JBfj//ANfFh/6T3dAH0fXoP7LX/JctF+k//oiSvPq9B/Za
/wCS5aL9J/8A0RJQB9d0UUUAFfnb/wAHPH/KNa3/AOxv0/8A9FXNfolX52/8HPH/ACjWt/8Asb9P
/wDRVzQB/PLX7C/8GlX/ACNXx1/69NE/9Dvq/Hqv2F/4NKv+Rq+Ov/Xpon/od9QB9Wyf6xvrXffs
vf8AJctE/wC2/wD6IkrgZP8AWN9a779l7/kuWif9t/8A0RJQB9eUUUUAFfCP/ByB/wAorvFX/YY0
v/0rSvu6vhH/AIOQP+UV3ir/ALDGl/8ApWlAH84Nfrx/waZf8lI+Nn/YL0r/ANG3VfkPX68f8GmX
/JSPjZ/2C9K/9G3VAH13P/r3/wB4/wA66z4B/wDJY/D3/X2P5GuTn/17/wC8f511nwD/AOSx+Hv+
vsfyNAH2bRRRQAV8Of8ABxf/AMoovHX/AGENJ/8AS+CvuOvhz/g4v/5RReOv+whpP/pfBQB/NtX6
9f8ABpf/AMlJ+Nf/AGDNK/8ARt1X5C1+vX/Bpf8A8lJ+Nf8A2DNK/wDRt1QB9eaj/wAhCf8A66N/
Oun+BP8AyWDw7/1+JXMaj/yEJ/8Aro3866f4E/8AJYPDv/X4lAH2fRRRQAV8n/8ABcr/AJRS/GP/
ALBtr/6XW1fWFfJ//Bcr/lFL8Y/+wba/+l1tQB/MHX6d/wDBqj/yfZ46/wCxDuP/AE4WFfmJX6d/
8GqP/J9njr/sQ7j/ANOFhQB+hPjb/kc9X/6/Zv8A0Y1WPhj/AMlJ8Pf9hO2/9GrVfxt/yOer/wDX
7N/6MarHwx/5KT4e/wCwnbf+jVoA+/f+CWP/ACNX7TX/AGVW3/8AUO8MV9Z18mf8Esf+Rq/aa/7K
rb/+od4Yr6zoAKKKKACiiigD+dr4tfE6fw3+yZ+yP4bs9f8AiZoOr+I/hTpEeip4b8cS+G7bV9Qk
XRbKC0dUt5TM+b0zMwIMcMEpCtnj1L4zatb6t/wSi+H3/CLfBN/idp73d3bN4XWC58Vf6VFa6osV
2Z1aOWWF9SjgMlwdrPDcSfLmTFT/AA0/b68O/smfsv8A7Kvh3xZo+nTaP4g+F/h++j1S7nKCzmB0
eycKPKcZS1vbm5JyCVtGXjcWX6O+Kf7Wul/DL9njw/40+HnhW6+JOiaxc/ZbCz8P3NrZDyFinkkm
X7Q8aeWgt3yByBk4wrEAHh2t643jv/gnF8QNa1fSPEHwBsU8TWerI1zok1lq9hFb3mnTtPFbHzi1
w8kUiQKAVJ8ldoAIG/8A8E1vGcHj+z8f28vxF+NfjvUra2tVuNB+JGipot5YRSCfy5YUEMZMc+11
35Yfuux6x/Fj436v8ZP2B/H2ufEbwT4x8PRXPiew0210PSblD4j02B7/AE6OCa3a1Mu69jlkM8Sr
lmZYlwM5rc/4J1R2Gp+KvGusSy/tFat4kvLawtbrVfip4efSGa2iNx5NvZr9ngiKq0krSbFLFpAz
E5FAHkv7BX7UHinx7+2FZ/D7xN4I0P4FQ+GNFmFh4QPh2eW/1cR5h2DVZVWKVII1jk3QAiTf95gD
X1F4T8HfEDw78ZvGWrz3E9/pmoMy6fHNfl7UhzbLAVgLgRC3VbgybQpk3gjex49fZAzKSASpyCRy
KWgD5V0D4D/G3TvijpF5q3iO91PTINVa4me316VIvmu9ImkleE7AYWgt9ThSEBhH56gLh2dfqa6W
Z4iIXjSTPV0Lj8gR/OpKKAKXkaj/AM/Vl/4Ct/8AHK/Nj/g6Wju0/wCCevhQzz28if8ACwLLAjgZ
Dn+z9S7lz/Kv00r80/8Ag6h/5R4+FP8AsoNj/wCm/UqAP5/6/Zv/AINaUuH+BPx8MMsKKLiw3B4i
5P8Ao930IYY/Wvxkr9of+DWD/kgvx/8A+viw/wDSe7oA+j6779mNZW+NmjCJ0SQifDOhdR+4k7Aj
+dcDXoP7LX/JctF+k/8A6IkoA+rvI1H/AJ+rL/wFb/45R5Go/wDP1Zf+Arf/AByrtFAFLyNR/wCf
qy/8BW/+OV+eP/BzdFeJ/wAE27czz28if8Jdp/CQMhz5Vz3Ln+Vfo3X52/8ABzx/yjWt/wDsb9P/
APRVzQB/PLX6/wD/AAaapcP4p+OfkSwxkWmi7vMiMmfnvumGGK/ICv2F/wCDSr/kavjr/wBemif+
h31AH1bJ/rG+td1+zMsrfGzRhE6JIfPwzoXUfuJOwI/nXCyf6xvrXffsvf8AJctE/wC2/wD6IkoA
+r/I1H/n6sv/AAFb/wCOUeRqP/P1Zf8AgK3/AMcq7RQBS8jUf+fqy/8AAVv/AI5Xwr/wcbxXif8A
BLTxUZp7aRP7X0vISBkP/H0ncuf5V9718I/8HIH/ACiu8Vf9hjS//StKAP5wa/XL/g09S4f4j/Gr
yJYYyNM0vd5kRfP7256YYYr8ja/Xj/g0y/5KR8bP+wXpX/o26oA+u5/9c/8AvH+ddV8ChI3xe0AR
sqyG6GCylgOD2yM/nXKz/wCvf/eP866z4B/8lj8Pf9fY/kaAPsDyNR/5+rL/AMBW/wDjlHkaj/z9
WX/gK3/xyrtFAFLyNR/5+rL/AMBW/wDjlfD/APwcTRXq/wDBKjxyZri2kQahpWQkDIx/0+HuXP8A
Kvu2vhz/AIOL/wDlFF46/wCwhpP/AKXwUAfzbV+un/Bp0lw/xI+NXkSwxkabpW7zIjJn97dejDFf
kXX69f8ABpf/AMlJ+Nf/AGDNK/8ARt1QB9eahn7fPnk+Y3866T4Hh2+Lfh8RsqyG8TBZSwH4ZGfz
rm9R/wCQhP8A9dG/nXT/AAJ/5LB4d/6/EoA+wvI1H/n6sv8AwFb/AOOUeRqP/P1Zf+Arf/HKu0UA
UvI1H/n6sv8AwFb/AOOV8pf8Fw4b5f8AglV8YTLcWroNOtchbdlY/wCnW3cucflX11Xyf/wXK/5R
S/GP/sG2v/pdbUAfzB1+m3/Bq4k7/t0+ORBJFGw8CXGTJGXBH9oWHYMK/Mmv07/4NUf+T7PHX/Yh
3H/pwsKAP0I8Z7h4w1YMQWF5NkgYBO81Y+GoY/EXQApAc6lb7SRkA+avUcZqDxt/yOer/wDX7N/6
MarHwx/5KT4e/wCwnbf+jVoA++v+CVKyr4k/aYEzpJIPirBlkQop/wCKO8MdiT/Ovravkz/glj/y
NX7TX/ZVbf8A9Q7wxX1nQAUUUUAFFFFAH4Nt4V8deL/2J/2VLW3HxgPwvX4Y6ZJrI+GF5Fa69/ag
0+w+wmRmZZTa7PtORGdvmeWZPlArpf2vvCmtat/wS18JyfGjV/GWg6vpfnprt7ZNo82oxW1zYajp
7LdNczRWhkezvNkjRMW85wYx3HOx/tR+Iv2eP2KP2VbeXxiPhX8PdW+GGmSan4z/AOEYk18xahHp
9gLTT/LUMkQmV533OhLmAIpVjzc/b0+Jo8c/8EvPhz4y+Len6BbeIRr9nfW1tqi6zoz3V8q3aWsl
tFZTR3MFzJHiVY5ZAkYZ95BQEAHf/sxfGGw+EX7AsvxHvIPGur6ZqviSwvrufxnoUOl3xtZbywsz
ei2tg6iOKBRNGyjL+UG7hq9L/Y+/bq0n9sHxDqVrotqqQaRpFte3bgTAwXE1zdx+QfMjTOI4I5Mj
/nrjtz5f+y94117Wv+CaF1q/iabXRrGo3wVYPA3j1vEOsQtLcwRxW8WoaleTILgsyhojcFQH2r8z
bT13/BNzT/Gmn+HtYXxzZfHS21sxQ+c/j3UNPurOQ+ZNj7ELaaRlITZ5nmBc/LjPNAH07WTZ+PdE
1DX9T0qDV9Om1PRlV7+1S4QzWasoYGRc5UFSDz2IPcVrV5v4b/Z5Twf8Ste8TabrE0VzrEsk0UMt
usiWpne2e5GcguHNsm3ONm5uvAABuWvx48FXt5YW0fivw+1zqkzW9pD9vjEtxIpiBVVJySDPAOnW
eL++uesrwmy/YmFx420nxLq/imfUdftbjztSu47BYf7XAvdPvULqXYJIsmm28YKYTycoEBCuvudx
brdRFHMgB5+R2Q/mCDQA+vzT/wCDqH/lHj4U/wCyg2P/AKb9Sr9If7Eh/v3n/gXL/wDFV+a3/B0v
p0dp/wAE9fCjq1wxPxAsR887uP8AkH6l2YkUAfgPX7Q/8GsH/JBfj/8A9fFh/wCk93X4vV+zn/Br
RZJdfAj4+s7TApcWGNkrIP8Aj3u+oBGfxoA+lK9B/Za/5Llov0n/APRElefV337MUAufjboyMXAY
T/ccof8AUSdwQaAPr6iqn9iQ/wB+8/8AAuX/AOKo/sSH+/ef+Bcv/wAVQBbr87f+Dnj/AJRrW/8A
2N+n/wDoq5r9B/7Eh/v3n/gXL/8AFV+eH/Bzfpsdr/wTat3Vrhj/AMJdp4+ed3H+quexJFAH89tf
sL/waVf8jV8df+vTRP8A0O+r8eq/X/8A4NNLJLzxT8cw7TDbaaLjZK8f8d9/dIzQB9Zyf6xvrXff
svf8ly0T/tv/AOiJK4GT/WN9a7v9mWAXPxt0VGLgN5/3HKH/AFEncEGgD6/oqp/YkP8AfvP/AALl
/wDiqP7Eh/v3n/gXL/8AFUAW6+Ef+DkD/lFd4q/7DGl/+laV9x/2JD/fvP8AwLl/+Kr4U/4OONMj
tf8Agln4qdXuCw1fS/v3Ejj/AI+k7EkUAfzk1+vH/Bpl/wAlI+Nn/YL0r/0bdV+Q9frn/wAGnlkl
58R/jWHaYbdM0vGyVo/+Wt1/dIzQB9gT/wCvf/eP866z4B/8lj8Pf9fY/ka5Of8A1z/7x/nXVfAm
IT/F/wAPoxYBroA7WKnoe45FAH2fRVT+xIf795/4Fy//ABVH9iQ/37z/AMC5f/iqALdfDn/Bxf8A
8oovHX/YQ0n/ANL4K+2P7Eh/v3n/AIFy/wDxVfD3/BxPpcdt/wAEp/HLq9yWGoaV9+4kcf8AH/D2
JIoA/m/r9ev+DS//AJKT8a/+wZpX/o26r8ha/XT/AINObNLz4kfGoO0w26bpWNkrR/8ALW6/ukZo
A+wtR/5CE/8A10b+ddP8Cf8AksHh3/r8SuY1AYv5xzxI3866X4HxCf4ueH0YsA14gO1ip/McigD7
Roqp/YkP9+8/8C5f/iqP7Eh/v3n/AIFy/wDxVAFuvk//AILlf8opfjH/ANg21/8AS62r6l/sSH+/
ef8AgXL/APFV8o/8Fw9Kit/+CVPxidXuSy6da43XEjD/AI/rbsWwaAP5jK/Tv/g1R/5Ps8df9iHc
f+nCwr8xK/Tf/g1btFvP26fHKuZQB4DuD8kjRn/kIWHdSKAP0N8bf8jnq/8A1+zf+jGqx8Mf+Sk+
Hv8AsJ23/o1areNF2eMdWXk4vJhycn75qx8NU8z4jeH1JbDalbg4JB/1q9x0oA+/v+CWP/I1ftNf
9lVt/wD1DvDFfWdfJP8AwSqgFt4l/aYRS5C/FWDlnLn/AJE7wx3JJNfW1ABRRRQAUUUUAfz1N8bv
Dvwn+HH7Ilv4w+MvxG+Enh6++BdtIH8M24uUv7pYdHCCVGt7pchDKQ3kZHI81clH9t+IHhLx/wDF
P/gmn4Rh+D+paD8a9VudWe7GteM9Iiurm6sWuLstcRW98YYjeR7441EvlxlRJgKCoHA614y+Lvwd
/wCCc/7PnjX4P/DTTvFGtWXwg07T7zxHHbLqOr6FBJp1lII7ewMkTXCySxRM21m2+UG8qQDaeq+P
Phm9/a4/4JbeBfDM2o6P488X/EaV9J0/WPHOn3mj3EGqS218puktrS0laG4tispUNGkaxxOzSKAC
QDqv2XP2Yda+J/8AwT4XwL4n/wCEr8H+JLvxLDqGsSXOnW+h3cL22q290TaLYbIoVeGBBHJAzBHY
sHYrX0B8Df2cNO+As+pSWHib4h+IDqixq48TeKr7W1g2FsGIXMj+WTuO4rjdhc5wK4z/AIJ4eFrX
wF+z/L4eg0DwX4ZufD2sXemX9j4YlvJLNbqErHK5N1b28nmOV3EiMoylGRnVgx91oAKKK4HQ/wBo
zQtd8deJNCWLUYX8NJO813JGn2e5+ziL7QI8MXzEZ41O5VySdu4AmgDvqK8J8G/8FA/CfjXVdAso
NE8V291ryW0wSeC2H2KK5bTFgklKzEYc6vZ8JvYZkyBs59yuruKyiMk0scSA43OwUfmaAJK/NP8A
4Oof+UePhT/soNj/AOm/Uq/R/wD4STTv+f8Asv8Av+v+NfnZ/wAHNXh+/wDiZ+wP4X0/w3ZXniG/
i8d2U722mwtdzJGLDUFLlYwSFBZRnGMsPUUAfz51+0P/AAawf8kF+P8A/wBfFh/6T3dfkn/wzX8R
v+hA8bf+CO6/+Ir9gP8Ag2X8Fa18M/gf8dYPEmkap4fnv57E20epWslo9xi3ugdgkALYJA4z1FAH
vdeg/stf8ly0X6T/APoiSuG/sq6/59rj/v2a7v8AZohfTPjTo89yrW8KCfdJINirmCQDJPHWgD65
oql/wkmnf8/9l/3/AF/xo/4STTv+f+y/7/r/AI0AXa/O3/g54/5RrW//AGN+n/8Aoq5r9Bf+Ek07
/n/sv+/6/wCNfAf/AAciaLe/Ej/gndBp3h20utf1AeK7CU2unRNdTbBFcZbZGCdoyMnGORQB/O5X
7C/8GlX/ACNXx1/69NE/9Dvq/K//AIZr+I3/AEIHjb/wR3X/AMRX6y/8GsvgPXfhZ4m+Nj+J9G1b
w4t7a6OLc6paSWYnKve7gnmAbsblzjpketAH0xJ/rG+td9+y9/yXLRP+2/8A6IkriJNLuvMb/R7j
r/zzNdz+zXC+m/GjRp7lHt4U87dJINirmGQDJPHWgD66oql/wkmnf8/9l/3/AF/xo/4STTv+f+y/
7/r/AI0AXa+Ef+DkD/lFd4q/7DGl/wDpWlfcP/CSad/z/wBl/wB/1/xr4k/4OEdNufiF/wAEyvE+
maBbz65qUuraY6Wmnobmd1W6QsQiZYgDknHFAH83dfrx/wAGmX/JSPjZ/wBgvSv/AEbdV+Xn/DNf
xG/6EDxt/wCCO6/+Ir9Wv+DW3wBr3wt+IXxjk8T6Lq/h2O903TFt21Szks1nKy3O4IZANxGRnHTI
oA+pJ/8AXv8A7x/nXWfAP/ksfh7/AK+x/I1zU2l3Rmc/Z7g5Y/8ALM+tdT8DbWWx+LegzTxyQxR3
QLO6lVUYPJJ6UAfZNFUv+Ek07/n/ALL/AL/r/jR/wkmnf8/9l/3/AF/xoAu18Of8HF//ACii8df9
hDSf/S+Cvtb/AISTTv8An/sv+/6/418Xf8HANhceP/8Agl/410vQYZtb1Oe/0to7SwQ3M8gW+hLE
ImWIABJwOAKAP5sa/Xr/AINL/wDkpPxr/wCwZpX/AKNuq/Lr/hmv4jf9CB42/wDBHdf/ABFfq3/w
a1eAde+FvxD+McnifRdX8Ox3mnaWtu2qWclms5WW53BDIBuIyM46ZFAH1NqP/IQn/wCujfzrp/gT
/wAlg8O/9fiVz9/ply19ORbzkGRsHyz610nwTtJbL4s6BNPHJFFHdqWd1Kqo9ST0oA+y6Kpf8JJp
3/P/AGX/AH/X/Gj/AISTTv8An/sv+/6/40AXa+T/APguV/yil+Mf/YNtf/S62r6j/wCEk07/AJ/7
L/v+v+NfLv8AwWkjbxp/wTB+Lel6Oratqd3p9ssFpZjz55iL23JComWYgAngdAaAP5gq/Tv/AINU
f+T7PHX/AGIdx/6cLCvz5/4Zr+I3/QgeNv8AwR3X/wARX6Rf8GxPwy8S/DH9tnxtfeJfD+ueHrOf
wRPBHcanYS2kUkhv7FggaRQC2FY4HOAfSgD7t8bf8jnq/wD1+zf+jGqx8Mf+Sk+Hv+wnbf8Ao1ab
4y0+4m8X6q6QTOr3kxVghII3nkVP8OLGe2+IegySQyxxx6jbszMhCqBKuST2FAH3x/wSx/5Gr9pr
/sqtv/6h3hivrOvkn/glTcx3niT9piSKRJY2+KsGGRgyn/ijvDHcV9bUAFFFFABRRRQB+CU/7Ffx
Q/am/Yu/Zg1LwH4k0zSLXQ/hLpdoUufEWpaPNZ3k1rpsiXsDWcbhpVhhmh/eDAW4bg19TaZ+xbp/
iz9krwv8PNcF14Jv/Dbi7sb3wXr12t1ol2GlH2i1vZ185nZJpVdpVO8TShgwbnS/4Jy/8o9vgP8A
9k78P/8Aptt69loA4r4AfAjSf2dPhzD4c0m91zVv38l3eaprV819qWq3MhzJcXEzcvIxwOAAAqqo
CgAdrRRQAVzKfBzw1H4h1TVV0qJb/Wmje8lWRx5xQxn7obADGKPeAAJAih9wFdNRQB57oX7KPw98
Mz6TLY+GLO3l0NlaydZJS0IU2xSPJbLRobO02RtlE+yw7QPLXHoVFFABRRRQBneL/FVl4F8J6prm
pzGDTdGtJb67lCFzHDEhd2wMk4VScDk157q37Y/gnQvhrZeJ7u41KKC+1S60RLI2Tm+W+tRcNdW5
iHO6FLS6diCVKQMylgV3eheMPCll478JaroepxNPpus2ctjdxhyhkilQo6hhgjKsRkcivM9S/Yk8
Dav4NGiXSa3Pbrfz6qJW1OXz1vLhr03VyrZ+WSddQuo3KgDy3VVChECgHW+Afjt4c+Jfi7VtF0m6
kuLrSUWUyGMrDdxl2jZ4X6SKkiNGxH3WGOhBPYVyPgX4IeHvhz4w1nXNKtZILzWlSORDIWhtkV3c
pCnSNWkkd2A+8xGeigddQAUUUUAFFFFAGZ418V23gPwbq+u3q3ElnotlNfTrBH5krRxRs7BF/ibC
nA7muUtf2iNIvPhZZ+K4rLVJ4NRuvsNnY23kXV3dz+a0flp5Urxk5Vif3nyhWzjBA7XWdN/tnSLu
zM9zbfa4Xh863k8uaLcpG5G/hYZyD2IFcI/7NOitpJthqfiRJftLX4uV1AiRbtrp7lroLjyxKXkZ
chMeWfLACAAAE/wy/aR8MfF3xCun6HLfXC3Fl/aFndvbNHbX8SrAZDEx5Jj+1W4YMBgygDJVtve1
wfw0/Zw8MfCPXor7RIb2AWtkdPtLZ7lpLeyiZLZZBGp5Bk+yW5YsTkx5GCzbu8oAKKKw9A+J3hvx
UL46X4h0PUv7LG68+y38U32Qc8ybWOz7p+9jofSgDcorFm+JPh228Lw65Jr+ipotyQsWoNfRC1lJ
O0BZd20kkEcHqMVJP490O1Ehl1rSYxFcLaOWu412TMgkWI5PDlCGC9SpBxigCv8AEn4j6Z8KPCU2
t6ubpbGCaGBjb27zuGllSJPlUEgb3XLHAAySQBWV4a+PGgeKPFWs6TC95C+jLcM1zcQGK2ult5fJ
uTC5++IZf3bnAAY8Z61hfFDx98NPi18PbrS9Q+IHhy30u6niElxa63aKRJG6yooZiyg5QHGMkCk0
D4K+CrTXrfWbbW7y4fxJM9xZKNXzb3vm7rm4SFVIV452BmkRcqxXdgAUAVvDP7afgnxdNpkVlJq0
kt/erp88bWTI+lyu9skP2lScxiVr202dSRcK2AoYr61Xivhn9mX4Y+DPEul6LZag0euWM66k9o+r
h73UiktrLE9wpPmSLG1jabTxhYAuSrOG9LX4reF3TU2HiXQCuif8hEjUISLDnH735v3fPHzYoA36
KwE+K3heRNOZfEugMusRTT2BGoQkXscI3SvF83zqgBLFchRycVd0fxlpHiK1sp9P1XTb6HUld7SS
3uUlS6VDhzGVJDhT1IzigDSoqno3iGw8RxXD6ffWd+lrcSWszW8yyiGaNtrxsVJw6twVPIPBq5QB
j/ELx1YfDHwPqviLVTcjTdGtnu7kwQPPIsaDLEIgJOByT0AySQASMnw38Z9K8UfEvxR4Wgiu477w
iITfSymJYj5sKTKUG8yFdsg+YoFyrAElTjV+Ivge2+JvgPWPDt9NdQWOuWkljdNbsqymGRSrqCys
BuUlc4yAeMHBGRD8FdOHie61ifUdeu7+5WKNZJr5v9HiSdJ3ijAxtjldF3pyGUbOEwoAOJ8Lft7f
DjxmfD407UdQuG8TyKdPH2GRTLav9i8u9OR8ts/9o2GHPP8ApaZAw+32avGvC/7Bfw48G/2B/Z2n
ahAfDEqHTz9vkYxW6fYfLtDk826/2bYYQ/8APsuSdz7vZaACiiigAooooAxviF42g+HHg3UNcurW
/vbbTY/Omis4hJNsB+ZgCQMKMsSSMAGuc8A/tH+GfiZ4vTR9Ikv52nslvre6ktWit7lTDbTlFLYY
OsV5bOVZRxLgZKuF3/iR4AtPif4QuNFvp7u3tbmSKR2t2UM3lyrIFIdWVkYoAyMpVlLKQQSKwbH9
nvR7LxvL4iN9rkmrTlJJJftflB5B9jEkm2NVAMqWFsjqAEKq4Cr5km4AwU/bS8EzaOl/HJq8tv5z
iVksXY29qsdvKb5wORa+Vd2r+YMkLcKSBhtvrNeT/wDDF3ggaOLBItWitjcGSRY7+RTNAY7aL7Gx
HJtvLs7VDGMZWAAk5fd6xQBu/wDBLH/kav2mv+yq2/8A6h3hivrOvkz/AIJY/wDI1ftNf9lVt/8A
1DvDFfWdABRRRQAUUUUAfmV/wTl/5R7fAf8A7J34f/8ATbb17LT/AIc/8EcF+Evw90Hwp4f/AGjv
2gNP0Hwzp1vpOm2v2fwjL9mtoIliij3voTO21EUbmYscZJJ5ra/4dY6r/wBHNftAf+AXg7/5Q0AY
VFbv/DrHVf8Ao5r9oD/wC8Hf/KGj/h1jqv8A0c1+0B/4BeDv/lDQBhUVu/8ADrHVf+jmv2gP/ALw
d/8AKGj/AIdY6r/0c1+0B/4BeDv/AJQ0AYVFbv8Aw6x1X/o5r9oD/wAAvB3/AMoaP+HWOq/9HNft
Af8AgF4O/wDlDQBhUVu/8OsdV/6Oa/aA/wDALwd/8oaP+HWOq/8ARzX7QH/gF4O/+UNAGFRW7/w6
x1X/AKOa/aA/8AvB3/yho/4dY6r/ANHNftAf+AXg7/5Q0AYVFbv/AA6x1X/o5r9oD/wC8Hf/ACho
/wCHWOq/9HNftAf+AXg7/wCUNAGFRW7/AMOsdV/6Oa/aA/8AALwd/wDKGj/h1jqv/RzX7QH/AIBe
Dv8A5Q0AYVFbv/DrHVf+jmv2gP8AwC8Hf/KGj/h1jqv/AEc1+0B/4BeDv/lDQBhUVu/8OsdV/wCj
mv2gP/ALwd/8oaP+HWOq/wDRzX7QH/gF4O/+UNAGFRW7/wAOsdV/6Oa/aA/8AvB3/wAoaP8Ah1jq
v/RzX7QH/gF4O/8AlDQBhV+WvwN/4J4/Ef4W/sJ/EPU9P0K/sPi349tNS8E2OnGKGJbbT7/XpWlu
rlo4xIcW8hlErySGOMYRQTtP6z/8OsdV/wCjmv2gP/ALwd/8oaP+HWOq/wDRzX7QH/gF4O/+UNAH
5G+Df2Mfiv8ACG28BaR43+FVj4/+H3wq8V+JIv8AhEPD0f8AaGlXFpqmnwzWVzaQX8qGeO3u5ryE
tM++ISHAYfOOq0b9k/4o+HP2l9R8TzeCtRk8G6hrNxbReH1SKW30aebwfp9pBqcCBtxMU8M9kZGl
lEaO21Ms0tfqR/w6x1X/AKOa/aA/8AvB3/yho/4dY6r/ANHNftAf+AXg7/5Q0Afll8Ov2PL/AF7/
AIJheH/BL/CnxTF440HU/BrajD4g0HTIXdoL+w+3G1eBQ0sCQxXG55iZGRiCW3EV9Rftg6BqXgD4
h/ALxF4a8D674i0P4feI76a80zw1ZRPNZ20uhahZRGOJnjQIJZ4lwCMDp0xX1X/w6x1X/o5r9oD/
AMAvB3/yho/4dY6r/wBHNftAf+AXg7/5Q0AflVbfsj/ETWP2yhqJ+FmqRatqPxus/iLH4+uBaq1p
4aFmgfT3uBN5yuuDbm18orgtyRiQcF4a/YX1XTNAu9Hh+D3xog+HsDaddSxS6b4f/wCEltNUS6ub
gtE4bbqFlG/lsyXrXXzSAhWOSv7Jf8OsdV/6Oa/aA/8AALwd/wDKGj/h1jqv/RzX7QH/AIBeDv8A
5Q0Afl1+yd+zffa/49h8B/GPw5d+F7nxz8K9a0Lw+ILC006S0guNc1KS+TbaILOG/ls59OmkWNMH
Y528ODZ+MP7M3x6+A2qavrnwfbxLf6laa9faZoCPBpzKkV9EdQu7l4WhSKO3n1Ro43dFUiKzhACj
e8n6ef8ADrHVf+jmv2gP/ALwd/8AKGj/AIdY6r/0c1+0B/4BeDv/AJQ0AfL37JFjqB/af/aI1G3V
08IX/iHTUsto2wT6nFpkMWpSxjuN6wRsw4MkMg+8rE/Qlbv/AA6x1X/o5r9oD/wC8Hf/ACho/wCH
WOq/9HNftAf+AXg7/wCUNAGFRW7/AMOsdV/6Oa/aA/8AALwd/wDKGj/h1jqv/RzX7QH/AIBeDv8A
5Q0AYVFbv/DrHVf+jmv2gP8AwC8Hf/KGj/h1jqv/AEc1+0B/4BeDv/lDQBhUVu/8OsdV/wCjmv2g
P/ALwd/8oaP+HWOq/wDRzX7QH/gF4O/+UNAGFRW7/wAOsdV/6Oa/aA/8AvB3/wAoaP8Ah1jqv/Rz
X7QH/gF4O/8AlDQBhUVu/wDDrHVf+jmv2gP/AAC8Hf8Ayho/4dY6r/0c1+0B/wCAXg7/AOUNAGFR
W7/w6x1X/o5r9oD/AMAvB3/yho/4dY6r/wBHNftAf+AXg7/5Q0AH/BLH/kav2mv+yq2//qHeGK+s
68j/AGQf2QbD9kDQPF1rbeLvGHjjUPHHiD/hJNV1XxJ9gF3JcCwsrBUVbG1toVjWCwgAAiyTuJY5
49coAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKAPj
79o34/T+DP2hfjL4r1TTX13Tf2bvh3a+KtD0QTvCt5f3aai01y4GQcQ2aQo5VjGJLggZY1V+Pfi/
4g+HP2VdV+KfifxH8O9Y8VfDtrPxX4X1PwXHdWEV/pszRGeyuIJp598dxGJYQ4lZJSElCROihfoz
xL8A7bVvjppvj2xvjp+ojTH0LWrZrZJ7fX9P3NJFDKDgq8Mru0bgnAmmUqwf5eV1D9hHwBY6DpHh
rwr4d8MeAfAtvrUfiDWPD/hrQrXTLfxBdwyRy25nMKqNiyxpI4C7pDGilggZXuDS5bq1mvO3vXb8
7qz/APJPh1CteV+V9H93Kklbyalps+bmb5k0e0RvvjVuRuGcUtFFQC21CiiigAooooAKKKKACiii
gAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKAPIP2y/2voP2MvAOj+Ir3wL448c2msa3Z
aAsXho6b51tc3k8dta+YL28tV2STyxx7lZtpcFtqgsNT4Q/H3xB8TkVdU+EPxL8C3CambC4h1+TR
mNtH9m89bzfZ6hcRyQM2IR5LySCQ4aNUDOPIf+Cvnwv8ZfG/9mLSPCfgzwB4v8e3V74w0HUr+Lw9
rtlot1Y2VjqdtezutzcXto8crRwOkbQSeYJGU5jA3jmPi9+znffA340/s86n4V8J/EvWvBvgK88Q
ah4k1vU/HEV0nh+1v7OcPJePqGoefdSJNMG84LcSRxRyAOc7XqMoxpSnPfmaV+iUIyT6Wu+ZXba3
2a1dbRR5Fd22W+7X37ab+qufaFeY/tO/tTaX+zFpfhoXGgeJfF2v+NNXXQtA0DQEtTf6td+RLcMi
NdTwW8YSCCaQtLMgxGQCWKqfgj/gkv8As/xfs/fFV/H+r/BjWU8beKfB8VroWpWGkeGoJ/ENklws
01zNfR6zcT3t7J9pjaa9uIrATrHHuhEu2OvrH/gpr8HPE3xs+GHhPTdG8F33jvRrPxCl7r1homp2
2leJreBbedYrnSLu5mgiguo7hoWLmeJvKEoV8nBK8XBR731XVe9Z9+n+XS5UHB1JxTuknZ9H7t0/
S+mj176nsX7Pvx00X9pT4PaJ428Px6jBpeuRuyQahbm3u7WSORopYZUyQrpIjocErlTgkYJ6Hxf4
kj8HeFNU1ea3u7uLSrSW7eC1j8yeZY0LlI1yNzkDAGRkkV5L+wvpHj/4d/s/+DPB/wAQtClh1zSN
IYTajbHT0s40S4dLa1kS2dR9rFsImlMMAtt+/Y/Ra9rqsRFKUowel3Zr1a/4butdUY0J3jFzXa/T
+v666HyjoX/BU+XUPGfiHRtS/Z5/aA0Q+Dmsh4guJLbw/qA0gXkfmW7NBY6tcXU29f4beGVlJwyj
nHvf7O/x10X9pz4G+FfiF4bS/TQPGOnRarp63sIguPJlXcm9ATtbHbOR9a8H+EOnfEPw3+2F+0lr
t/8ACTxnbeHvFFlYSeHdTbU9EaLXpLC0e3aGKNb8yxNMzBojcJEm0HzGiOAfhPwd/wAE6PjpZfAP
w94S0D4JeMPh3rNx8NdJ0Hxrqia74YkPiS4sNXiuZrIk3t0kxms1uYYnubd4Ns6xSqsRcLnTlzL3
la/LZ9k4zbuvJxS7rmWjujXktByk9U7W0196Kuvk27t2dnqrNn7L0V4D/wAE2f2epP2Zv2aYfDf2
Lx/pFq+pXF9a6V4vm0Nr/SUlKk26RaIi6dbwBw5jht9yqrdVzsX588E/sb+PbHwV8XLW1+Fk3hr4
36taa3ZJ8Uh4jtorPxxb3N289qsj29w16JViEMCm5tlFou8QSFfle5pRk43vZX+dtvv079UnsZ05
OUU7Wu7dO++traa66LZtbn6A0V+XHj79hDxbeeKvCev+EP2cPFng3wO/jTw9qeo/DXSvEui2FvZC
0F6NT1Ca2g1NLCZLlZrRBGryPIbcySJGzc+P+Pf2M/iL8JP2arrUp/2fvHXgaLw7pHxKg1LVrLxN
odrPo2g3YuLvRbUSWWqmcWluTEPssG5I2ik2owbL5VZKFKdR/Zvp3tFSvfazb5fk3urG1Km6lWFK
P2nFX1+05J6b+6opvu5JK6ak/wBp6K/Kjw/+xH4w+I3wxj1XQfgFb6b4I8Y6d4Ssdf8AC95qOk3p
8ST2xmkufEQtTeLZXTbJLZAL+TzJ1TfLbs0Mcbr8Af8Agn78UPD/AIm+GNr4u+C/iHxCngX4Q634
XE2ueKtNk0IawmpJc6OPs1vfZhKpbri4t7VGjeS3I2GEGHerT5JSi/suS/8AAYSl+LSil3kk7STi
sKVRT5X0kou6/vOKt0+G7bfaLfwtN/p/4x8faP8AD+2sJtZ1CDT01S/t9LtPMJzcXU8gjiiUDJLM
x/AAk4AJFjQtYudXa+FxpWoaX9kunt4jdPAwvUABE8flSPiNskASbHypygGCfyd+F3/BK7xppuh+
Rqv7P+lz6Bb+PfCHjK28MXsPhuK0t/JsmtdVSKKG4ljUq/lvI8ss0s6KWMs8vyV674R/Yz8Yx+BJ
vGZ+BV1L8Sfhb8XdS8X+DLTxXq+laje6tpV/MyTxw3ou5/JPkSl1SeSPbLbW/GEUiUlzOL7tfL91
rvrrOet7WhJ20uTzylFSS3W3n+90fZe5De1nNXfR/opRX5m+K/8AgkzregftheDr+z0LxfD4M0Cz
0m58N3nw/wD+EV0qz8KanBPJcaibn7fbm/tobyd98jaUxM6PJHNGQFJ+kv8Agrh8F/FXx3/ZY07R
fB3hLxZ4z1u38X6HqRsdA8QQaLOLW3voprtnkmvLWORDbJMgjaRsySRnaNvmIcukbPVy5fRcyXM/
LVv0V721No2lNxW1r3fo3b12T3abtZvR/UFFfmbpX/BL7xP4e/bV8Z+Kj4a+ItrbLNeXHg++8Jaj
4U0TQoNJm0/7ONDuJjbnWodjvKywxNJZeb5cw2Pkhukf8E/vF2h+I/hbrD/APTNV0zwH4y1PTHsW
i0Cx1W98PX3h+bTpZbmKK6Nh9ne6MckkVsY2kjAkNoJtyGVrBS2fKnbzf2evVq76avZaqTs7LXf8
Nbq/dbdb2W+32v8AEX9tzwP8Jvj5dfD7xE+s6Te2Hg278dXer3Ng8Wj2+nWs8UMv+ktgPKrSqTHG
HKrgttLIG9bhmW4hSRDuWQBlPTINfkJ40/4J0fHD4ifs1eEPhvrXwNtS+g/AHWvAySR+IdI1DSrb
VnvbO4sISZpophLs08EusLRxSzRASsqvIv1b8Ev2XvEPwx/bQ8P+IdD+ENv4W8M3VpHHf3Msukm1
8P2dvpQtbWzsntJUukKyMy/Ynhns03zyxzI7KrdLpU+WKUtff7dJzSvrpeKi0k3vfqiakmpySWit
8/dg3Z9dXL1tboz6k+MXxl0r4KeHLW/1KLUL+51O8j03TNN0+ET32q3cmdkEKEgFsKzFmZUREd3Z
UVmHWAkgE5BPavnn9rVP+EX/AGo/2f8AxfqhRfC2k6vqelXM8pCw6ffX1i0NlPIx4UM6yWwJ/jvE
HVhXyJ8Av+CWniD4j/EP4rad8TPg/p/hfwl8X/BV7peuQ/8AEovLD+201Wee2vty3E97dy+XMssd
3dM0oKAbLbasdcak+382v+GN1H1dtNftRVtbu3ZavT4f/Jpcrl6Ld2vtLXov1Bor8xP2nv2X9c8R
/APwJLrfwc8Ex/Gbx14jsYtU8IW2naLqlnq9lpWk3FskVxZz39hb6naR8zxQyX0Jt/PgYZeEQv8A
VX/BMDwVovwP/ZX8H/Drwx4D8ReFdH8K2M1rdzX1vpNsqahHcvHcwyJY3c6tOZNzl42ljxw07SBh
W7hG8kns9PNWu36LReuna8SlaMG1q1r5O7VvN6Nr+772x9I15N4w/a703wx+0NZfDmz8J+OfEt+f
sZ1fU9G0+K40/wANLeGYWr3mZVmCSG3lG+GKVI9oMpjDKT4t/wAFCf2aNe+NvxbtZtQ+E6/Gfwdf
eGpNK0m2TUbG0m8Da4ZnZdZU3c0WwGN41+02pe7g8j93G/mNjL/Yn/ZV1b4R/t+/EDxV4k+DKWuo
al4Q0PSk+J5h0Pd4gv7WKRNRlzDctqCfameBsywrv+y/vNuyPdNBKfvS0tfTvZtfkr/NW5tULESl
BqNNXv16K6i/nq2vWLvZWb+jfjH+1P4c+B3xW+HHg7WbTxHLqvxR1ObSdHns9LlmsYp4oHuGW4uc
CKEmONyqs299jbVYKxHLXH7f/g6z+Odx4Mm03xNFp1rq7eGpfFrW8A0BNZW2+1HTDJ53niYQ8+YY
PI3fu/N8393XOft5+DvG/iz4y/s6XnhPwDr/AIx07wh4/wD7e168sL7TLaPSbP8As68st7rd3UMk
jb71X2wpIdkMnRtiv5P46/Yq+InjnxPrPwsk0CW38Bat8Trj4kN42XUrfyUtJVaf7AIPO+1fbBet
t/1XkfZxu83f+7rJOVrpX+Ly2dNfhGU2v5pRsm/hfTWjFRTi9eVN+T/e/rGmmtWlNvT4l694U/4K
i/DjX/COua/qVn4q8MaJp3h9vFulXmqWcW3xXowdYxf6ekMsrujSPEgjlWKfM0RMQWRGb0j9nf8A
aVsP2hbXXYP+Ef8AE3g3xH4Xu0s9Z8PeIYrdNR01pIlmhZjbTTwOkkTq6vFK4+8pKujqvxPqP7AH
xe+Nvwx8O6RrHh618Kax8GfhrH4L0SW51SCSz8Y6nDfaXeLcx/Z5ZHhsmGkQp/pCxzA3EmY9qBn+
o/2RPAXi+++L/wAUfih4x8L3vgW68fyaXZ2Hh69vrW7vbK1sLZ0824e1mmtxJJNNMQIpXxGsRYhi
yL1ThTV+R338tFNqL9ZRs2ujd7RWhyKVSy5o2d1dXva8Itq/VKTaT62td7v1TxT8WdO8Az3MniKO
fQtMS8sdPtNSu5ITb6nc3kqwRQwqkjS7/OeNCJI0yXG3cAxHUV+bn7UP7DXi/wCPvxE+MUF58ENT
8T+H7/4m+DvF+l/8JJq2j6jaa/Z2MttFqcdrHPeSNbo0Kz4hmSFGjkdQMuUPiH7Qf/BJv4veJfDv
xsu5vCvxm8UfEnxE2sJpd94a8UeFdE8O+ILS8uS9jbzXCtaazOtnGYV+zX0xt0WBxEWQrC2NG04R
lJ2bb+S5YP73KUl0+HZG8kk7b7duspLv0STf+Kybtc/ZKuW8P/FvT/HEOn3XhqG58TaXdapeaTda
hYSQfZ9LltWmimaXzJEdlWeBoP3KyNvZTtCBnX89f2l/2AvGPif9pv4e+J/AvwLj0XT/AAffeFNY
tr+zm0T7akf9pyza7ZzyXF4zQymO4kkl+xIovGLma6uPliNX4DfsE/EP9nTxb8KLDwx8Fr/w3NoH
jjxxeapr+g6vpFvpUNrqhvYrC/nsxeRtcMkc1iFIhknjhtpIwEG1JLcYqnKd7tOSS6vlSs97Wley
d+j3SMZVNrLdRd+3MpXVrXvGyva+9rXP09or8mfi9/wTv+Jnin9n2/i8PfAjxL4V8V/8I/a6L4ss
tB8X6ZZv8S9ZTUbCX+2jcR6hCLiNYYb4tLftFcy/bAjRELlehuv2NviHeL8SLfR/2c/E/h/S4PHF
94m8FaRe6h4YutIdrzTrG0aSS1TUS1v/AKTFd3LT288FzEJS0RleaSKhQV2nJaX/AAlGPlum5LyV
nZ3tXM76rt2v8Lfpo0otpta3Tdtf0Z8CfGbSPHvjTxN4bhW9sdf8JzpHfWN7D5Uphl3GC6jwSJLe
UI+x1J5R1YK6Mo6XVNUttD0y5vb24itbSziaaeaVwkcKKCWZieAAASSegFfKXjTRbf4nfth+J5Jf
BUPxE0fwv8MY9A8WeHbVLS6t9Xv7i9juLfT8Xskds7xRRzyFZ5F2pdxk48wZ9M/4KGfDvW/iv+wf
8V/DXhq0ludb1jwte21pZRna92xhbNupHRpFBjGO7VlPSkp3SbT32VpNJvyaSl6NWfUqk3OtyOLt
eP4xjJpX00cnHW2q1629D+EfxQtPjL8P7DxNp1jq9lpuqhpbIajbfZprmDcRHOIydypIoDoHCttZ
SyqeBB8IvjNpHxn0fULjTFvbS80W/k0vVNOvofJvdLuowC0MqZIBKMjqylldJEdWZWBPwH+1D+z7
4v8A2r/2ofhl8W/ht8PYtd8P+Hp/B2r6D4r0y80pp3sItQkbVLLfe3QmtNttKSYrOGHz9pWaeXYs
A+pv2Xm/4Sv9rn49+K9KcSeFr260fRIZo23Q3uo2VtIt7KhHytt823t2YE/Paup5TFbOmrSezTku
V7pRcLSfk+ZrZarR9Hl7R6WV01F36XkpNx9VZdW7bq+3S/Hn9t3wL+z14h0rSNXl1jUtV1TxDo/h
prbSdPku/wCzrnVZmis3unGI4ImZGJaRgfugBmdFb12vzM/bX/YI8Xan+1Z4/wDEnhb4ADxla+O/
GHgbW7jxBot7oen3jWOmXUU2o28jXN1bzszfZlJXO1y0PLYcx+eeI/8Agm58UPiZ4M8NaBqfwo+J
3hD4W+G/FHi023gzw5feCZ9QsIdR1BLvTNRtE1Ga6sIUtojNEPKeG6t3fMBKk5zpWlSTekm36JKM
LffKUkn1s72UWzZq0n2SXq789/LRRjdXv7y3bUT9dqK8U/aG+G3im8/YC8S+EdC0m58beLH8HtpV
vp+q6uYp9Yn+zCMpNdwyWuZH53OskAZifniByvxd8Bf+Cb3jH4QfD/UPEdr8FdJufF3wy+Ka+Mvh
1o+ow+H7IjSb3T7SC/srYWUhtrIq7XUgj3KvnW8Ll5W/etSinUnC+kba97yUdPRPmfkmReXsozt7
zvp2tFtXfm/dv3d+5+nlFfmN48/4JK63on7WXha9tPD3jUeDNC0/S7jw3c/Dl/Cuj2/hfUoJpbjU
RO1/B9vtYr2d98j6U+ZkkeOZCApPL6L/AME0PGGvfsOeGvB+q/s+3r+IdS8Z6+2vyeINV0bX9atN
Omk1SbSrlpLnUJ7S7SFr5Bi6a6aCRppY7Z5CJqiVlSlPdrp31t/wfTXbU0XK5KN7X628m9e2yT83
bc/WGivxo8cfsoal8UvEPw7h+Kvwx1DxnafCTwd4Mg+IM0ln4a8S33hm/wBPU3Nxbxz3WswtZpOg
ha5SC1vvtkDoAEkwD9Mf8E3f2B/GXwG/a08T+OPGtt8SB4oupNUgv9ea78Mx+GPFlpc3RmtpNtpA
usTzwxrEiLqJItx5qRSMhCt0ToxjOUOa9nNXWzUbcrWv2+nlqr9MFUlyRlKNm1HTs3uv+3er9Nrn
3/RRRXMankn7Xf7UU/7K+heCdQj8KX3ieDxd4z0fwlPJBew2sejjULpLZbuXfl3VXdQEjVmZmXOx
dzrS+Ln/AAUI+B/wk8H/ABD1HW/id4DnHwxtGn8U6ba65aXN/pQPyrDPbrJvjkkfCIjhSzMFHJrL
/wCChXwL8e/tAfDbwZpfgG18I3V/ofjrQvE18PEGsXGmw/ZtOvY7xkiaC0uS0rtCqAMqqA5bcdoV
vk7xx/wSQ+M/xG1X4izX+q/Diz/4TDwR4u8I25tNYvI7NG1LVIb+xnWwjsY7e2HySLceX5krO3mt
LcscLpRjCceWo7e9PW17RVODjp1vPmj3u77Kw27TTSurQ0vbVzkpa9LRs+3zZ9b/AAC8Rfs0fCnx
JDpXwxu/gd4W1z4g2A8UJYeGZdKsbzxFaMpcah5duVe5iIyfOwykZO6u60H9qf4Y+Kf7cOmfEfwH
qX/CMWSalrH2XxBaTf2TauGKXFxtkPkxMEYh3wpCnB4NfG/iT/glJ4q8U/tE+LvGPibQPBfxEs/F
97b+Jo7XVPiR4k03TtE1KHTI7L7GdIhifT9Qt2WIp9pnRJAk8gaGVVER4H4e/wDBJ/4++H/hf8PP
DMml/AjRf+Fe+CNK0JLmy8R6jeRatf6ZrdvqsIngOlQ/6JO1vsk/eF4zcO4EhXDi5W0pOy0XflVp
PyvytKNl8V1KLs0idoc27002u2437pKzcrvazTV0z7z0L9tv4MeKdT0Sy0z4u/DDUb3xNYTarpEF
r4psZpdVs4hIZbm3VZSZYUEUpaRMqvlvkjacR+Pf2t/C+kfCfw74o8I32lfEIeOryLTPCUei6pBN
beIrmTeVEVypaPylSOWSSQbtkcMhAYgKfAf2j/BeseINK8CaLaXvw3+Fnx+1PxA9/b6L4Tvm1V5d
KvnS01m5JaC1muEEMjXBuJLdI0uILUNvZVL+jfteeBh8OvEHwN8cWVm7eFvhF4idtVtoIGlNjp1z
pl1pwulRQTi3eeJmIB2xea3RTRGKaTk7e8l39ddraqKl3Um0krA3K/uq/ut22d7e7pvrZuy3TUYt
vU9JH7Rvhzw1Drlz4t8T/D7w7ZaVqbabHP8A8JRFIA6W0c8sdx5qRCCdN0hMIL4iVJCw3lE1rz4+
eBdP+EkXj+48a+E4PAk9ql9H4kk1e3XSJLd8bJhdF/KMbZGGDYORg18HTf8ABN/4un466P4t0v4e
fs5vpWh/Ga++J2mEeK76K4+x3em/Y5IV26IyxzSyhLuQqxVpEUZYgS17L8Jf2QPiPoX/AAT90P4d
eI9F8AR+MfDesS6pZQaL4u1O109dl7Le2zRX8dnFPbyK7oh/0aWMKrbklVjHUXXs1N7+5ddrxjz7
7tNtWVlp2ehf31Fap82vpKSj6JxUZX/vW3Wv0Hqf7Sfw60Xxh4b8O3vj/wAFWniDxirtoGmTa5ax
3muBM7zaxF984XBz5YbGOateDPjx4H+I/jjxB4Y8PeM/CmveJfCbrHrek6dq9vdX2jM33VuYY3Lw
k4OA4Ga+G9N/4JI+N9V+MmheIvHD+HfH1rqGm6Kmrovj3XvDUOgX+lzyzW9xDYaZFFZauA7xyYuI
7QiWN3XaJPLT2/8AZE/Z3+J/7NHguLw/feFPhBrs3guzl0nw34mi1i6t9X12zlu/OZb0HT2+xtjE
knly3KzzKGIizkWoraT1978Hp/wV1WsW7NEuT5br+7+O/wDW6e+9z2P4X/HWLx58RfGPg/UNNk0P
xN4NmikntHnWdLywuPM+yX0TgDMcvlSqQwDJJDKpyArtyvxF+N/wk8U/BPUIPjFr3wYTwnrP2yO6
tNX8QWWoaJqFnBdNFuka6SON8FY/NQoVilJj3PtDtgfDbT7j4p/ttfEnxzptlBceHNH8LWfgi3nu
EeKLWdQhuru4ulDlTvghMsUW9VZfMadRkowr5D8B/wDBKv44eCj4Mmi+HH7NEU3hPwf4z8JosHi7
UEUQa1dtc2kSH+wsiC1VpIvL4BWeQqFyVbGbbp/Dd8rdu9lJrXb37R9OfbSz6IqKrcrdo3WvbSLe
m/utyXrFd2foD4g+JHwq/ZB+DOk3Oq6/8Pvhf8PdNjhsNMlu76z0TRbVCuIYYSzJCilR8qLgYHAr
b8W/Grwd4A8OaXrGveLfDOi6Rrc8Ntp19f6pBbW1/LNjyY4ZHYLI8mRtVSS2eM18xfGH9jT4r/FL
9k74K+CwvgCy1vwdZ/2Z4nWHW7qECI6VPYGXTtSWx+1RNmRWYRx20kiM8fnopbe7U/2JfiRD+wZ8
HvAln/wic3xE+GXhyDSPt8fie+sLaK5SwFi88U4s5VniMbSs0F1ZyRyfKpVTiReisknValzcskl/
eTvd69rLXb3vJnNQblGlzLl5oty/uvSy/O63080fSUv7QfgKD4mWPgqTxx4QTxlqll/aVnoLazbD
U7u1wT9ojtt/mvFwfnVSvHWsDS/22vgzrgtjZfFz4Y3n23XP+EZt/I8U2Mnn6t/0D0xKd11wf3A/
ef7NfHfj3/gjZ4j+I/xg8aXniC/sNe03x19m1OPXofHfiDRJfCWpx6RFpzPbaBan+zbtR5TNHJLJ
E8YmZGEqoAe+8afsafF34i/s0aPpN14U+BehfELwdr3hXUbO40nVrxLLxRBod7DOi3VwdOWayDRp
IscKx3YhMhxIwJpU4xckpvS8bvsnJKT6P3FfS3vaSjpdJzlK14LWz0fdK6Xa0m97+7ZqWtm/pHSv
2uvhRrnh2y1iy+J/w8vNJ1KSSG0vYPEdnJbXTxzCCRY5BIVdlmZYyASQ7BTycVs/Dr47eCPjBquu
WHhLxl4V8U33hi6NjrFvpGrW99LpNwM5huFidjDIMH5XAPHSvh34Hf8ABMD4s+Bf24NJ+IfiKz+C
V3ocEvjXdqekSXlp4g0uLXbwXUKRiS1kS4aBxL8xlgAF7KApKkzeif8ABMP/AIJw6p+xPdb/ABDY
abeavo3h+Lwpa+JYviF4h1+fXrGKUPGz6dqH+i6WAQXMFq0yBpG2Migq0RV4qUnvG9uqeunbSyv3
5rxuou+2IUYykqTv71k+8b7v1Wq7NWlbmVvou5/ar+F9n4V8Ra7N8SfAUWieEZnt9d1B/EFotpos
iOUZLqUybIGVgVIkKkEEdataX+0h8PNc1rR9NsvHvgy81HxDp41bS7WDW7aSfUrIsqi6gQOWlhLM
o8xAVywGeRXxR8Sf+CWnxT8d6G1rb6p4c0jTfC2saVrGgaDYeNtask1NrYXpnhfVoLdNT0y3LXrG
GGKa7WFoVZcK7xV0Xw1/4JseMfg9qnhaPwZofgXwjou8z+ILGbxxrfiWGRf9KlNuy6jbyNeO897c
EXqPZTxgj5ZFxEsxvy3e90vla93216K7SVnq0KokptRd1Zv53ennot9E3JNaJs+pj+0n4V8VeE7L
V/B3i34e+JbW71i20j7R/wAJPDHaNI9z5EkUc0SzB7kbZQkGAZJU8stHksti0/ah+Gd/4r8T6DB8
RfAs2ueCYhP4i06PXrRrvQYyMh7uISb7dcd5Aor4+8R/8E9vjGfBXh/T7HSPhRqreD/iFoHiLw/D
rfiq+uZ9E07S1CN5Wovpcl0800a+WsU5lMCSSD7VMpCjnvjt/wAEpPin8a/2Zb74balp3wa1dvCO
g65ovhLW73ULtbnxCdTVkE2px/YHFq0DMtyfJa5+0XNvFJ/o+OKnZRk462bt3a5YNP8A8CbTW+j1
0JovnqxhPRPlu+15SUvW0UnfbXY+6/CvxK8AftG6Jrthomv+DvHmm6fOdM1m3sb621SC2l2K5t7h
UZ1V9jKxRwDhgcYIrKj/AGwfhG2meIbxfil8OTZ+Eb5NL1yceJLLytFu3fYlvct5mIJWchQkm1ie
AM147+x7+zL8T/hx8SPiRd+MtB+G3hbQ/GXh3RNLsT4T8R3Wo3VrPY2TWrlkm061QKQ+UYMSBGoK
8/L4T8Av+CQHi/4GeArCAaL4b1bxl4OsbfSdI8SzfF/xa9zrEFsJGt5Fimilg0VvMYFoYIryArNM
m0IdjE0ozaWsUl6ve7XTSy0bTfMmm1F3inKUqSbVpX26L5/qk1dWdrq30b8YP2kv2Xf2hPGPiv4W
fEbWfg/4uXwPotr4t1nT/FMmm3um2NpIz7LpluSyARhUd3IxGtxASw8xc5t5/wAFMvhD8J/i14G8
H2+qeB9H+FfiPwfeeINH8fR+JtLtvCuyzu7Wz+w27pLtLBrqPn5E5VULtuCeXa7/AME8vjfp9t4m
utK1f4UarqviTwd4O0i4OoQG1ha90S9uJpliRbGWC2WSOfMVykDNDLGrLbqQrLjfCP8A4JffFv4I
6loWs2DfDPxHqGlz+N9MfT9c17UbiA6b4i1KC9F011JaSSzXMAhKPA6BZw7E3Eea0UYQk1e6XN5c
0lFqPpeTik3sk2/dZuuWUeaWmsUu6TScn8rO66tpL3kfSWpftum2/aM8f/D0aBpemL4O8N6P4jsd
f13xFBY6VriahcTwIqvGkzQqr27qGddzvgBNpV2f+1n+314W/Zq+G/inVdKbSvHviHwbc2cGs+Hd
M1+yiv8ASUuZoohPco774o1EyORsZypBVWzXyJ8VP+CT/wAaNMVPDvhLSfg5418M6X4F8GeEdL1T
xb4qv9P1KK40C9kvTfNbw6Tcxq8jytGgSbKBQ247ig7H9rP/AIJ6fG74wab44sPClj8KLXTPGSSz
XWn6t4q1Ca0uLi41K1upWRX0yeSzHl2oDiCQw3MkpdoIigLTNQU1GDuk2r2tdKXutrRpSjdO22nd
tZVb6uOl1DTs3Bc9u7U9k/PorP7Fs/2q/hfqHhB/EEHxI8BT6DHd3Fg2pR+ILRrNbm3DGeAyiTYJ
IgrF0zuQKcgYNL4R/an+GPxAvTa6D8R/AeuXI0dPEPlWHiC0uX/sx87L7akhP2ZsHE33Dg/NXw1r
f/BPH4+67+1Dpnjqb4dfs4PaaR8WD8RrRn8a6i95b27aJFpT2aZ0HCMzQRXJcNgvEilTtEg5K7/4
I+/Hbxn8MPCfg6/g+DvhOx0/w/4y0bU9Q0PxXqc06vrepw6hE8UY0y3Lqhto4pP30TMsrsrKVUNN
lyp31a+58l7Pv7/u6dFdXumrsudK+mt3/wBvNf8ApCT9ZeTT/QSy/bP+D2pfDq18YW/xY+Gtx4Sv
muEttbj8T2L6dcNbozzhLgS+WxiRHZwG+QIxOADVTwd+258KviJ8e4/hpoPjrwxrXi+fw/D4nhs7
LU7ec3FhMT5c0e1yZAygPlAQEZGJAdc/Gmj/APBKvx74N+Lvwr+IOhfC/wCDcfinwr4g1HX/ABHJ
rnxX8SeJbzUpZtIfTY/K1LUtNnuAjAwO0ZVFT7HEMynDR+n/APBOP9hb4qfss+N/DWqeLz8Oobay
+G2meB9Qt9C1S8vfLk068v5YZIPNtLcFJY7xS24AxGEoFkDiRNVCm5b/ANcsuv8AiUbaK97aPaW1
7OT2atbrduaTXlaN2/w8/pvwz+0v8OPGnjLxL4c0f4geCdW8Q+DFL+INLstctbi90JRnJuoUcvAO
DzIF6Vx2l/8ABR/9njXPDGs65ZfHr4MXmi+HGhXVr+DxtpklrpZmYpEJ5BMViLspVd5G4ggZIr4z
+Jn7BvxE+ER+KXxE8ef8K+1Hwzd+APGnhm5srDUdQa1nj1PUY7yzlGm21lDFbLjzFuTE5lLMZnuJ
jymd+zP8EfG/7Q/w8kPhHXfhf48urvxNY674g8Z6d8R4tfi1a2j0+fTPIttTsPD9lHYX8EYi4tbf
zniDJJcRGUOcFrTTjrLlTa7NzcdX0TilLXVXtqaSUIyfM9OZpPulGL+d5Nx+Sez0/Qe6/aH8MWWp
R3UvirwFF4WfRU1n+038SQrL5UkirFMIyvlm1cHifzsFsKFOdwbB+1f8LbrwlFr8fxK8ASaFPqx0
GPUl8Q2jWkmoh/LNkJRJsNxv+Xygd+7jGa/NvxF/wRu+OMvwW0vwXD4J/Zv137P8PPD3gu71XVPF
eorPcXGlX/2pLwodEl3YTdEgZ9yBidxHyn2y4/YT+N+s3HxU1GXw/wDCbQ9W8TeMJfFHhmTR/Hmq
RPpxm0i20qQTMdJELgRQNK0M1tcwzGXYVjKLNWjUfes725rd3aolHtZuDb7K2utzK0lPlbVvd16a
wu33sp6d97dD6s+EX7YHw3+PHxY8a+CPCPi7Qte8SfD54I9bs7O+hmktTNGJFO1WLFQGALY27srk
srAeY6l/wUw8Nap+0x4u+G/hiXwXrC+EfCVzr914juvGlnBo9tfQXUVs+m3TwieW0dGmQyPLGCoZ
dscmTtn/AGd/2R/G3wu8b/GmTWtc8PPpnxRSwuYL7SY5ILy1vI9FtNNmIgKiKGNWtTKm13JEoXEf
l5k+SPih/wAEkP2g/iH8ObXR5rX9m66GgfDGH4aWNpNJqMceoGC+gubfV2mFo32SVDAkq26wzhJA
wWf5/MRwUFWgpu8ba76twne3+Gairfa5k78qkRWlL2LlSXvXVk+nvQun6xc9dly2+JxPZv2n/wDg
sh8OP2O/ix438M6XZfDvVbT4dWSa946jg8c6ZpOr2sl0ZTm1sZQBezCRYxMrywyhru32rM0gWvY/
2YP2+vD3xrstKtfFGr/DDwv4k8UvLc+F9O0n4g2GvJ4s01UVhf2LKIZZIxl0cGFSjwyDLKFdvF/j
z+yh+0X8XD+0XDa+GvgraQ/GfwDYeEtOeXx3qZfTriKG5hllmUaNho8X0zLtOSbeMEL5rGLF1n/g
lt4y+IH7RE3jfxr4c8IeLrXxL/Y2rX+ky/FTxLY6b4a1PTLWOGOOGxtraOz1a3Z4lcPdwwuhlkBW
VcIUkoxV9f66LuraXdraXu4tXdygpbS97T/wG1353le2uiaVrp/VTftafAz4b6c6n4m/CfQbS4v1
icHxFp9rHJeXUkhVT+8AM0zxzYH3nZH6kGtez+Ovwr+HviHTPA8HjL4faHq0kjWWn+H49Ws7W4Z0
i85oYrYOGLLF+8KquQvzYxzXwX4d/wCCNHjqy+A3wb0XVND8ATzfD/TPEHhzWvCOgfEfxB4T0TU7
LVLuO4a4j1DTbOG4LqIxG9tNbNDIrnLAqprW8E/8Exfi98HfiPrs/hLwL8A7Lw9ffE7w941s3Xxb
qcF3HZ6bYRWkiOp0mVjcymJ5dzzyEtcy7nY5dyMU5crdtUvRc0Y6+kW56Xurx0kmKcmqcprVpN27
ys2kt92uV32+LVNH2R8Df24vhR+0X8J9b8c+FPHfhnUPCfhvU7zSdT1T+07cW1jNbTGJzK+8rGrY
WRC5G6OSNwMOCb15+2X8INP+GepeNbj4rfDaDwdo1+2lX+vSeJrJdMsbxXCNbS3Bk8qOYOQpjZgw
JAxmvib9uT4CL+y1/wAESvjZ4X+KF58O7ixg1nVtX0K5vH821d77XJb60aQXCIFuVa4VRHHuIaPK
yMWG3stc/Yj+Knxiubr4gWMvwosr7xxr2kaheaZo+t3LWSaRa6bdWiXdjqv2Dzor6VbpHMkEERMM
YgWdQTMYqfDJ09bWXzfLv23bt0Wr2Y+Ze15ZaJ8z+Sva3for9Xp1R9bXf7T3w5tfEnhvQ/8AhPfB
Umv+M7Q3/hzShr1oL3xFAE3+ZZxGQNOhXncmVwc5xzXmf7Ln/BR/wP8AHf4aeG9T8V6h4c+F3i3x
Tea1bWXhHXPEtk2qyrpd9c2tw6KHAmCC2d3MO9EGfnZRvPiX7B//AAT0+LX7Hui6D4e1nR/g1480
SfTdCXUbvUNWvXvPD99pNqttDLZI9g4uY2EUcqB3tnt5ZJWDS5GeH+Ff/BLr9oLS/wBmf4o/DLxD
qPwzt7D4ty6vdXV/Y+K9Surnw1Lc6jPexRWjHToHktX87ZJD5kJVxLNHJumKJrUUIuSg772fpe33
9d72Vrc2g7qyfle3mtfkumz6ev17q3/BSP4Fabd/DyOD4reAdWh+KesyaD4bu9O1+zurXUbqNHZ0
WVJShw6rFwSTLNFHjc4FXr39raHQv2uNc+GesaE+h6RofgxfGUnim+1O3ispovtJgeMR5LRiPBZp
JSg6YDDLD52+Ef8AwTV8YfDzxf8ADLxfp+i+EPC/iTw/43m8S+KLaf4ieIvGY1ZZdFudKNyl/qcQ
naZY5INtuURAsO0zHgjoP2x/2Jfit+0F+1Pf+KfD83gLTvDUHhXTLHT5dQ1W7a6u9Qsdah1ZYbq0
W0Mf2OYwiF2W4LhWLBG+7UzUFVppP3W5cz3svZtrRau0rbWctrJ3RLcpQlZWdo28/wB4lLfRe5fy
W6ezPTdR8R/su/EzX/CXxmu7/wCAfiHVLm5OmeGPHU02k3dxLOocfZ7LUCSxcASfJFJkfNx1r1jw
/wDGTwh4t8bap4Z0rxV4b1PxJoe06jpVpqcE19p+5VZfOhVi8eVZSNwGQwPcV8gePv2Afij40t/F
fi600/4beHviJ431Ge+mtdO8SXy6bobS2NnYM/nNYGPVFkjt3lmhurFEmZYEzGY/OPqfwK/Zg8e/
DP8Aanv/ABLdTeFrXwfd22oS3ENnqNzeTX99dTxP5sVtcW//ABLhtgVpVt7pop5JCxgQoHZRS0i9
Fr8nZO3nrdc3VtWW7VTeimtW/wArtL9NOiu72sn9IUUUVAzy39p79rXQP2U4fB41vR/F2tXPjnXo
PDek2+haS98z3k2fLWV8rHAhwfnldV4PPBx4/wDEj/grRofw38f6/wCDr74ZfEmx8W6X4a1PxFYW
OoPo9t/bJ0+1iuLq3hX7e0vyCUL9oaMW0hjk8qaXA3ewftN/stWv7Tsngd7vxd4u8KnwH4ltvFNr
/Yf2HF9c24YRxz/arafMXztkR7GOfvcDHmd//wAEpvA+qfFrV/Ftx4q8fSvrWo6zqE+mm4sPsgOr
WYtLyLeLT7S0ZQApvmZoiAqMsY8usZqo6c0vi97l/wDAYqH/AJM5t76JLrrSaVSD3j7t/wDwKTl/
5KoJbfFJ9EcFpv8AwXN+GPg/UPhb4b+Idpf+EvG/j7S9IvNQ0+XUdHVtDl1IhLXdB9va5njmc7gb
OO58mN1afyece6/BP9tHT/2hfDuoap4U8GeM9TtLHUYrFXV9MCXMbXT28lwr/bNiCHy3klglZLpE
XBg3skbc38Mf+Ccek/BrxXour+GfiV8U9JuLXRrLQtdjju9OePxhb2aMls16HsyYpY0dkElibVtu
FzhVAns/2ItR+G+u+JPEngz4heLV8Z+J20u1m1TVv7NlNvY2cpf7O2LAtchxJNvectcMJWVLmEBC
nfUlSdVuK05nbtZyXLpvout/hvpzJX56SqKilN3klG/m7e9236K29tbN2+g6+K/+Cmf7W3xK8C+E
PjFB8J/EWneEtR+CPgH/AITbVr+90RNVXUppxdfZrFEeRVjxHaTyM+GIZ7c4ZQ6P9qV88/Gv9j+P
4j/G3xfNfaWdd8A/Grwing3xtZR35tLi0W3F0be6iIILB47ueGTYwdSIGUMA2OdW5lfz9L2dr+V/
le19LnXSmoy5pK6TV+9uZc1ul+W/yvb3rHK+K/27ta1z4XeOL3RNB8U+F/HHwa0218Wa14c8Q2Fm
zeKtGeKZ/Mt3tp5VRZ1guRE29JY5oAJYguUbsv2of20b74LyfBiPwx4O1fxkvxi8RwaJb3FpJaIu
nxSWU935zJcXMG4+XCzYDfdR+rbEfmvHX7C2o+Gfg94w0Dw1rniTxj40+KunweENb8a+JLuyjvtI
0VEnRSq20EETeRFPOIkjhDPLMGlc5eQen/GP9kXw98ZPDfgDTpNS8Q+H2+Gmqwatod1o9xHFcQSR
Ws1psJljkUo0E8qHgONwZWVgGGlRwcrpe7zR9f79/K3La2l+axjTXLBRlvyzXfXlXI//AAPmvfXl
5bny5+yf/wAFcI/B3wMll+O769/aulxeLtSufGUei22n6BqcGja3LZSQQRrO0sciRva4Ei7GDf6+
Rlcj6D/Yj/4KGeAP2+fh14i8ReCJLk/8InftpurWX2yw1OW2m8lJlCT6bc3VrOHjdSDBPJg5Rtrq
yDyHT/8AgiN4ObRNI0fWvix8ZvE2gaTDrsI0y/m0OKG5/ti5F3eO8ltpkU4f7SscyNHIhjaJdpC5
U/Sfwy+Bd54I+GV94b13x/46+IMl/bvaSatr8tlDfrCysoRfsNtbQqVDH94IvMJwWZiBias7wnJL
3radPe5n202srfO+6dK3Mu3M7+nS35+um23gPhn/AILG+FPF0Ovx2Pwv+LMmqeFtb0TR9Z0p10NL
/SU1eQx2N3cxnUh9njaTarwylLqHeDJboMkM/ae/4LV/Cv8AY71qWw+IWleJPD06ahfQQi61HQoD
fWNnIkU+pW6yairTwiRiiwRBr12jcLanbW18Iv8Agkn4C+EngTxh4bHijx3r2meNvBtj4Ivkv5NO
gMNnZfaRayw/ZLOAR3CC6f5wMEqrspfc7dZqv7AekjWfBGt6B49+InhDxX4L0x9Fk1/S59PlvfEV
nJKs08N+l1aTQSebOpmLxxRyK7uUZAxBufs1UXJrG+t+qtp/5Mve/uzfKm4olN2d1r66dLrbdpvl
e14q+jbOa0T/AIKpeFvHGieOtU8KfDz4u+LNM+H+rHQtQurTQ4LOOe8K2jxrELy4gbypI7tZftMg
S3SKJ5JJY0MTScv4k/4LY/DnTP2edD+JGi+DPiR4y0vV9A1TxPcWWiJpMlzpOnabci1vZ5ZJb+O2
lEc5VMWs85cMHQMnz108v/BLDw7d+FPH+k3fxH+J9+nj/wAaWXjyae6fSJ5NM1G0MHlCENYGOWHZ
a26Ml0k+RCrZEhZz4T8d/wDgmJf+F/Gfw/8ADeh6L8V/GvgrwzdanrOmavYf8INqtzomr6jqjXs0
1xb+ILIxxRws26K4skkugHkQ5AXek6fuJ31tf/wC7d9vjbWy92K1Tlca5nd6aN+V1zad9eW3ezbb
TSsey+Cf+Cyvwh8ZftYaL8GJH1HSfG2sypYG2u9R0iWSx1I2n2ttPmt4L2W6EixZBnWBrMuNi3DO
Qpwvij/wUC8UfsyftvfGDS/GOna54q+FXhDwj4e8Rxt4d0e1R/CFtczajFeXl8810stzGptFc/Z1
Z1T7sB2PI3q/wG/Yxu/hJ43n8VN4+8YW134mMOq+KfDNhJZDw7qms+TEk9+ga1+1xNI0alo4biOF
yMtFlmyfHr/gnv4Q/aE+J+q+JtU1rxbpieKtEg8NeLNI066t107xfpkEk0kNpdrLDJKiK1zP81rJ
A7iVldnX5atOEXHmWv2rbX628r3Se/LZ6SuEJe7NPqlbvpJP5NxVmtua6u4s5HxD/wAFbfh/4O+L
vi/wfrPhf4j6bdeE/D+o+J47htKguDrlhYPElzNaWcM73+zMymN57aFJlDPE0iAtU/hX/gqn4Q8W
6ZqJi8E/Ey11tLbRLrRdDudPs49Q8UprEU0lj9jH2oxKW+zXIf7TJB5XkOz7UAc4upf8EdvBdxr+
vajY/EH4oaNNrkPiO1VbOXSSNPg11oXvoomlsHdwHhUxtM0rxg7QxQIi1rL/AII5eH4Ncj1S4+Mf
xpvtVsNM0TTtIvHl0KGXQn0gSiwurfydLQGZFuLpGEokilW6lV42GwJjT5XFKd9o3/8AApOfz5eV
R+zzXb0swq3u3Tf81r7X91Qv15ficvtbJXOL/ZV/4KneKNP8EeJYvih4P8da/rtnqvjC5tbuy0/R
tJtY7XRbvY+mlZtRUJdxwlXy0jxOodhcMFOPTtE/4KXeGfijqXw2htNC+Knh3T/iBeaI2k6vBZaV
eafeSX9k9+thcyxz3Ig226gynCE70EMrk5qfwt/wSX+HHhfwtYaY2vfEbVTaePLr4hT3Wo6+1zNf
310k0d1byKyeWtnMk8iyQRJGGByTnJNiy/4JfeGfDvgjwj4f0Hx98SvD1h4O8aSeN7f7JcabO93c
ksIrWU3FlL/okMLeRHHGEYRqoLswDURslBPVr2afytzvzTT0vreGqfO7FbV1OTRP2jXlfm5F5Wsr
/wCP3bcqPJfi5/wVC8Vaf+0r4d1Hwp4c8VX/AMJx4M8V65HBJpmnwf8ACbTaUkDLcWV3Jdl44AZH
ULPFbF9vmKZUZax/gH/wVY8b23xo127+JvhbxT/wiWsaB4Ev9P03SdGsB/whkmuTXdo017Mt7IZ4
pLlIGUwvJIkcqZgUpK59a0f/AII8fDnTfFmkX0/iz4p3+k+GLHWtL8P+H5PECwaVoVlqyBbq1iSC
KOSWEYJRbmSbZkAfKkapz03/AARY0V7PV4I/jr8eIE1ux8P6fcES+HXYRaHKZ9PCF9IYrsmLOwHD
FtuAgCisM4x0qa/D93PNyv5uLgrrazUWkFdczXI7LW//AJJyteiUu17rmu7n0H+0V+1BZ/s/T6Lp
0Phbxd488UeIluJtO8PeGorWTULqC2VGuZwbqeCFUiEked0oZjIioruwU8F48/4KW+E/h/eefceD
vibe+HNPnsbHX9etNER7fwte3kMEttZ3lq0q3/nstzbhhBayrE0yiRkOcdr+0B+yja/Hm/8ACOrx
eMvGngnxh4IeY6V4l8PPYrfok8ax3EMkd1bT2ssUoRCyPAQGRGXayqRyHiX/AIJzeHfEXjXVdVXx
t8RLDT/Es9nqHiHRLe8sn07xFqNmkS22oXAltXmWdfs9uWWGWOGXyEWWKRAVOa0Tvr/X5NXts1O1
/dbtTs7en6/mvmmr9bX47wp/wWR+HXivwk+vnwn8S9I0W48M3firS73V9NtNPj1i2tb+PT540Ety
rQSJPNBuN2IIwkwcuFWQp0Xi/wD4KX6T4L1uy065+GPxUmvNT8Iat4xskhh0lhew6ZLHHd2sZN+A
04E0UiNnyJUkUpM3SuY+FX/BIfTfhFq3g+60/wCOPxyuE8EaPe6Hp9vPNoKRyWt5eR3s6ytFpSSO
WnhhJ+cArEEIKNIr7Lf8EovBieH/AApZ23jP4iafd+GbbXrKbULGfTrWfWoNadZNQinSOzEEKvJG
jr9jitzGyfIVBYF1fg/d/FaX3+/yfJe45ejstwouPMlV2utu1o3+baaXk9XojMuP+Cx3w8jvZFi8
G/Fi4sbK/wDD+m6lfjw+kVvpsutoh08kSTLJOjvJFGWtUmAeRTygZxj/ABb/AOC5/wAHfgR4OtdQ
8Y2PiTwxrMmrarpF14f1a90Ww1CwfTXjW8kLzaglrOF86FljtZ5ppRIBHE7K6rWT/giH4X0/RtQ0
zTvjV8ebDS9QvvD1+bZtQ0a/ML6GUbTlWa70yacqjxxsd8jFtgBO3KnqPDH/AASe0nwT8R7/AMaa
P8YfjFp3jW91vUdZXW4joJuLdNQaFryxWJtLMD2sr29u22WJ5EaFSkiEtu0lyOWmi19docvyvz82
t+W3K77403NU4+01lpe2i2ne3nfktpbe+hyf7Rv/AAUj1PxT4w+FkPwebWpvCepfELw9ofiLxT/Y
trc6Rew34hlOnRSy3CzxTGCeF2mW1kiAYx+bHKcL7D+0f+2t4V/Zz+M0Gka9P8QvO0rwTq/jS4sd
H8PfbrDULG0lto5WLiJpZLmIyKVit3GFlZpVwYyOV8df8EmvA3xA+IUmtXfjT4sWmmT+JdP8Zz6B
YeI/smnz63ZxJEmoGRIxdiR0jQSItwImZQ/liT566H9qj/gn3aftVfFC28U3XxP+Jvg+W18K6n4Q
Fh4f/scWj2eohPtbn7Xp9xL5r+TBhhIAvkJtUZffnN2pcsPivN6670oqKv8AyqqnbT4XdpSbNKCX
t3Ks/d5YrTq1OTbS11cGr6/Emk3FK+z+y/8AtwaH+1RrOuadpfhbxt4dvtG0fSvEEcOvWltbtqVh
qUUslrcQ+XPJgMYJkZJfLdWjOV2lWPzjb/8ABfDwJ8OPgrp/in4qeFta8C3+t+IPEGn6bpdzrGhQ
S3VhpV+9rNeI8+opHIYzsRoUc3EkqyeRBLGFdvev2XP2Bbb9lv4o3vim3+J3xL8YS33hjTPCbWGv
jRxZx2mnBxaOotNPt5BKnmz5YyEN57ZU4TZgaP8A8EtfC/gjVNL1bwj4/wDib4N8RaJqes3thq+m
3WnT3Fta6reG9vdN8u6s5rd7RrjEg8yJplKriXgVtW9l7T918L79NdL7avTmtpy81vesiKLmqaVV
Jy0vbT7OtvLmel1uo30uYWqf8Fn/AIYW/hTxh4j07wv8WNf8L+Bb2zsNW1jT/C0ht0kvIYJrRo0k
dJpYpkuIysqRmMBlZmVHjZ97w/8A8FSfC2r/ABDXw3e+A/idod3b+NB4D1Oe/sbH7Po+pSWq3doJ
jFduzx3MDo6NAspTcomEJIFUPGH/AASi0Xxp4U+LujXPxa+MEVt8ZtX0/WdXkjn0Zp7CWySGOJLa
R9OZgjR21sj+cZWIhBDBmkZ8+/8A+CRtjqXibWNYm+OfxvOo6343sviBcyqPDiEanaWq2sJUDSAF
i8iOJCvU+UpzkuWyXLf5R+9unzfcvaW21UfO9TTUZcru7O3TW0rfK/Lfyue0/st/tXaN+1n4Nl1/
QtG1/TdKCrJb3GofZXivY3aQK6PbTzKG2xhmicpNEJEEkcbkoPONZ/4KWaZLBqSaN8PfiJffbtI1
DUvBupPBp0em+OjZxl5o7KRrxWjYKC4F4LbzY0Z4y6jNehfs+fskaT+z34y8XeIIPEPijxNq/jIW
kV5cay9oWjhtkdYYx9ngh81h5khaefzbiTcA8rBEC8Hon/BM3w/4Z0i/0zTviD8S7TR4bW+tfC2n
+fps0HgJbxWS4Om+ZZMxJR3RBeNcrEjFIxGpxWWKi3GapO14u3rbTXunby38jSm0pJy25l919flb
TvbzPJfh1+2P8W/gt/wTIv8A4/eL7Txd4+1bxLp2matpfhfULHQrC40R7vyo22TWdykM1g0kqSRL
K/2pYyFldnJ2a/wM/wCCiPijQ/2nPiN4P+JWieJrvTj8QdN8MaHd2Wj2UFp4TW/0a2vrez1B0u5G
ll8yWSJpoDOm8KT5SOlex2/7CGizfsOQfAbVPGHjfXdAs9Lh0i21y8ewTWreGB0a2IaG1jtmaHy4
gpe3bcIx5gkJYt57qH/BJbTr/wAea1r/APwuz42RS694v07xrd22/QJYXvrC3S2gXdJpTSmLyYol
ZWclvLBLbixbrrTg8TN00uRuy8o80Px5VLXV362bOaiqkcK1Ud6nK9v57PX/AA3a07bq6Rsfsif8
Fb/g7+218c9a+H3gfWPtet6XYy6pbP8A2hp11HqdpFMsEsyx2t1NPb7ZHQeXexW8rBgyoy5Yef8A
7O//AAUk8VeHYfEOkfEbwr4z8a6s/wAQfEnhPQta8O6Rp9lpeo3FjLM1rpcaS3okjuJYYH2ST4hZ
wVa4ViFr379mT9kCy/ZUim0zQPGnjjUPB1urR6J4V1KayfS/DMTOWMVq0VtHcvGM4VbmecIoATaO
K5hP2DfC/wAN/iFqHjmym8d+JoNN1y98caZ4IS9sjp0evTxzCa7tjMsUhnlE0gVLi7+zRtJuVYiN
45/dUk7u3I0+uvNF3t0aimtG1zf3W0ul2cZRS15k49NOWSs3ppzOLd0vdTt7yTfmnxx/4K9zeCPg
Z4b8X+E/gr8S/Eh8T2mkXm1rrQYk0T+0dUGnQ294G1NWFy0gcBIg6Bhtkkj2yGO9ff8ABcP4G6R8
edd+Hd7qN5b694fg1E3KrfaXcyC70+2kubyy+yw3j3iSxRxS/vJLdLd2jIjmc4zu+Bv+Ceeg+O/g
Z480vX9O1/wNc/E3xdH4zktbTU4bm/8ADk0F5FeWkaOwntlKTwmd4UEsAluJwpkVt7db4G/YK074
YeIfEsnhz4ifE/RPDfiqW5vrvw1aajaLYRahcj9/qEU5tjfRzu5aRlFz5Jkdn8vcc1dkrqXW772b
UWlfZ8r5lfXmajqk2yeaLjpe6dvWKur+TlZO2louS1aRv6L+2P4Yl/Zm1z4sa/Z6v4P8K+G9Pl1P
UX1M207RW8Vus7yJJZzTwToFYrvhlkUujKCcV4R4P/4Lm/Cjx/8ACjU/Gmi6F4u1rQvDOuWejeKb
nS7/AEHU4PCMN2AYdSvbi21KS3Flgku8Msrw7X81IypA9k8F/sF+DPDvwG8f/DzWLrWfF+i/E65v
LnxFJqf2W2lvDdRJC6ollBbwQgRxoAYolYspdi0jM7Uf+GFH1jwBo/hnxN8W/in400nS7+K6ng1w
aLNHrFtHG6R6fdxppyRzW4L+YSUEzukZeVwgAU2rtxXSOnS91zK+/dLTbXeyEtIpPV3ld91b3bLp
d6vezstrszIP+CjFvcaboIT4P/GaXXNWsF1q+0CDTtNudV8PaW87QRX91FFfMGjkZHKQ2zT3JVWP
kDawHB/so/8ABQPXm+LGv+A/iVa+Ite1K/8AiN4i8L6F4i0zQIbPRo1sLUXkVgYxO1yZjbRzMHCS
KzI6mRWKxjovhJ/wSvsfgknhebQfjT8bYdW8MWbaMNTmu9GluNS0jzvOj0qdTp3lfZ4nMnlNHHHP
CsrqkyrhRQtP+CR2k23jOz1dvjR8a5Us/GOpeNhYtNoSwS3t/bPa3KM66WJ/KNvLLGoWUOokLBw4
V1eim2tbxml6uUXBv0indrXmclrFq8TTkl0tJPTsoSTXnebVk/sKLvzpmd4a/wCC2fw58Q+J5fD0
ngb4tWHipNe0vw+uhyaRaXN6s+pRyyWbT/Z7qWOx3rDJmK9eCeMjDxKeK1/Gf/BXfwh4U+C2ieML
f4efFXXbrVrHXdSufDtjZ6amraPb6JP9n1R5zPexWzGCbCbIJ5XkzmNXUFhy/h//AIIfeFPCHiPw
tqej/GL40aVN4UTRVgith4cEF0dIN19gaVDpBGY1vJ1OzYJNwZwzjfXAfHn/AIJdat4XTwF4VtT8
Zvi54Q0jV9X8QDU1j8BajqGk6rqN5HcyTS2etWEViIUk8+VJ4Inu42uJETER2Fz9nrGLestHbooq
zfS7ldtXtayTi2XC6nzTV4pK6T6vmvZ26e6lo+raaR6npn/BcP4JyfHfw/8ADrV7i/8ADXiTW0tI
54NT1PRvN0i7urRbuG0nt4r6S5ZjC6EzwQy2qswQzh8qJv2eP22/F/7Qv/BQe20a3sfEOgfCjWfh
tJ4m0Kz1nRbW1n1d/t9vHHqSTx3E0phkil+WGZLaWPkyREshHZ/Cr9gt/DmvXviLVPHHjC2u/Glv
BN458OWEmnjQvE9+lslsbqYGzE8cjRRRI/2SW3il8obosEqYf2bv+CY3hH9mv4t6F4ztPGvxT8T6
p4U8OP4Q0K31zX1kstL0gyCSOzEMEUSzrHhQslz5suFUtIzIrLUORVVKXTm9NYTXztNxcH/LdySm
lfCspyp2ho3yeukoN+icVJSX81km4t2+kaKKKxNzzP8AaT+P158FYPCul6Ho1l4i8Y+PNWbRPD+n
X+ptpljPcraXF27XF0sM7QxLDbSkskMrE7QEOcjxDw5/wUk8Z6p4isrTU/hf4c8PWsmleIo7ue/8
ayb7fXtGcrNpiLHp7LLDKpEsVwHDmFJmNurR+W30T8cvgB4U/aP8HRaF4u064vrO2u47+0mtNQud
NvtPuY87Li2uraSO4t5VyQJIpFYBiM4JFYN7+xj8NNS8D+E/Dlx4Yjm0rwRrCeINIV725M8OoK0j
NdST+Z5s8kjSymUzO/nGV/M37jlxtrzf1dWv8tWk73aV5JXTqTWjitt/Nq7t6P3U30XNZN2a+aLb
/gsN4qb4uav4WT9n/wAZ+IV8MfadL1u88NDUr61sNZt7D7XNbi9n0230z7IHxbi4kvo5vMZS1qiH
ePcvgT+1N4u+Ov7E8XxcXwRo3h+617wzH4l8PaPc+IXufPiksUuEW7ljtgID5jMuIxN8gRyQzNEm
l4v/AGB/hh428c+KfEV1pXiGy1HxtbNb67HpPizV9KstTJiEX2iS1tbqO3N0I1VVuvL89QibZBtX
HZ/CD4C+FvgV8FNH+HfhuxuoPCGg2A0uxsb3UbnUmhtQCohM1zJJK6Kp2qGc7VAUYUABVfew04pW
qNJJq9k7S5n1e/LbfRPrqyD5a0W9YJu/dq6t5bXT26Ndl+dHw8/4KGfGrwUvh74v+J9MXxbb3/wB
svHuteFbbxStpo1in21DNe23+gqzXktsQ/kOjIrholnVf3j/AEl8Fv8AgqVJ8dP2vrn4e6L8LvGt
34Pg1fUfDx8YwaRq8llaX9iH877RKdPXT47dpI3iR47+WUybVaGPORrav/wRx/Z+1rRZNNl8M+Lo
dPl8NR+D5LW0+IPiO0hl0hHDrZMkV8oaMEAYIJKjaSV4r0P4VfsN/Dj4J/EBvE3hvT/EdjqcsarP
HL4r1a6sbuVY1j+1zWk1y9vNeFVAa7kja4fktISST0upScvhtFOpZf4pylFf9uppevkkjncJ2bv7
z5denuwjF6a7yTfp5ts8n+Nn/BS3xF8JPit8UNKj+E01z4V+Dh0a78R61d+JIbe4uNP1ASZu7G0i
im84wmMkxTyW7MA5HIUP5t+zh+2F8Uvht8RfE/g2XRrj4mp4m+KXirw14e1zxJ4sWymiurTT2v7W
yaKGykWKyMdvLF5qDdG2D5Em5nPpNn/wT6uviP8A8FAviT8SfiLoXh6/8G6xa6Gnh2Gw8Xap59xN
pwmIOpacsMNnPH5k2+NJZLlY3iVgAzZXobn/AIJe/Czwj4iTxh4a0HxXd+MdE1+88aaRDf8AxO8S
2+nya5cRlZJpVF1NGqygmN/3EiiOSRfKZWZG56TUWpzbs4STtq9XBp27rlk7WWrtrF2VSUptxW6k
mr6LSM1a99m5Ru9dE9mjjtK/4KW+OfEXw0sfEWm/Crw9qBg0e0n8Q2tt4r1C6k8MapPqE1mbK4WD
SJJDBAbeZ57hUzF5ZPktH+9qbV/+Ckul6N4q1HXJvB+rXMdt4J0zWNKvbDxZFeaPrralqosbe3hS
JzAGE/l77qRFZFcgblDCvTvhh+xnokPw58UW3irSNN07XPiB4hn8V66PC+o3enrb6hLGsStBeQmC
4MkcSIv2geU7OGkCxlgq0V/4Jf8AwS/tG8uJvC2q3i6j4cPhO6tLvxTq9zY3OnGQymN7aS6aFpDM
zSmcp5xlZpN+9ixct02ratuz2vB3inr8M2kpa3irvmvZ3dO63Wm/W0462tvKCba0tJpJK115p+1h
/wAFLfiP+xt8Eo/EnjH4NeG4ddsxqd7qOmW3xA+0wT2FlFFK0+ntFYPeXTusuNstnbxxGKQzSwoY
3k6f9mLx7rviT/gor8c7W58T+JNX8NzeEfB+uaRpF9cIbTQzdLqaypbRoqhQ/kRszNudm6uVVFXo
vEv/AAS/+DPjXwzYaTreieKtbg0+w1DSVn1Hxxrt3fXVlfRrHdWlxdSXjT3MDrHHiKd3RDGhQKUU
jr/hR+xt4B+Cfxc1zx14dsvEEHibxJpdnouo3F34o1S/hntLRdttGLe4uJIUMY3YdED5kkOSZHLa
RnBKSa1aaT/4F32Tv0u1tuqibhFR36+fvRa+5cy89L63Z88+Df8Agqx44+Iuv+H7LSvgfHZnxXrX
ifwvpq6x40ht5oNV0QzGRbpYLadI7aRbeUedE8zq6gCF1IkrC8G/8Fv2+Jvif4fWnhb4M+OvEln4
k0nQ9V8RvpdhqupTeG11UZiCtaadNaSLCoMkrXV1ZkRjdGsrZQevaD/wSM+BvhjVrC+sNL+INtda
Vqeo6zZunxN8T/6Ne6gjJe3CA6hgSTB33MBnLuRgsSdT4W/8EuPgr8FJvDknhbw/4l0c+F7IaZaC
LxrrjLdWayPJHaXiteEX1vG0j+XDdiWOMOwRVBIqKbilHn1ty387KXN1W7cdraLprfSs05VHT2bl
y+Sb0vvql+O99D5z8Q/tyePvH37WHw38daXo2vt8Ldb8DeMNV0Lw7pPiqAy+L0sUtjFcT27Qwra3
LF3EQa6mRUZWbyZNy12fgz/gqM/hvxz8DvCFt4DR/C/xE0/w/a/2jc+M7jV9a0mbUrGSeATx/Zpm
eNfKWNri+ureWZ3LIkuCa9Nvv+CSn7Puo+JZdZk8BSDUwupLZzx6/qcTaINQGLz+zttwBp5l5JNo
IiGd2GGdyZfBX/BKf4G/Dy40aXSfDXiGBvD8+m3VgJPGeuTrDNpylLKYrJeMHkiiPlB3BYxKsRJj
VUBRcYqMZ7XjfzXNNz10u7SiovSzWiSZliOeXM6Wj5Z2v/M1FQ9ErPm3vfqcJ/wVK8YePE8efCDw
fo0zaZ4F8W6lqR8T6jp3jjUPC+sRQ2umXN1+4ms7SWQeWsRnAEqCWSFIXXypHYc34t/4Kq+KP2bf
2f59e8S/CbVdfgh8AHxx4Wls/F1reX3iPS7drSOeTUWkt7aKzvEW8t5pEh+0IQ7+Wzsuw/Tfxp/Y
/wDAv7QXxI8HeLfFNr4judb8BTvc6I9j4p1XTLa2kcbZDJb2tzHBPvQtGwmRw0buhBRmU8Pdf8Er
vgdefCvxD4Jk8La1/wAIv4mtf7PurFfFusqLWy81ZjY2bi7D2NmXRSbW1aKBgoBQjiii1FWnrre3
/gXX5x6bJpt3TjbXvqT2X/Av18n63VnGz5qn7av7SfxP+Bv7BPiX4gaN4Y8K2Hji1MK2un3OuyTW
tpFPdpBHK0wtDunEcqO0YiaNX3KJJVUM/h/wn/bQ+I/wF/ab+Ldh40sbrxd4Vf4m6ToNzd3HiZXH
g0X+g2l2LawhFnGLq1iuHdSzi3k2SI58194H2d4/+AHhX4p/BK6+HfiKxvNX8KXthHp08Fxqd011
JEgXYxu/M+0+aCisJvM83cA2/dzXkF5/wSX+B194nvtYfRvHCXupa7aeJrkQ/EXxJDBLqNrGIre4
8lL8RAxxqqBQoXaiLjCqBN7VJOOz0XkuaDel/wCWMtb3u7Xs2KLfsWpfFZ+nNZ2d/Jva1mt03YyP
+Ce3/BSq9/bx1q+P/CrPGfhDw7c6TDr2ga9e6Vq8VhqtpK+Ejea80+0hF1tKSbLWW7hKNlZ3wcYn
xj/4Kxf8KLs/Hcmv+ApYLvw3qi6To2kx393LrOsyTahBp9pK9itkZxBPLMZFkskvR5SqRulcQD3n
4C/si+A/2ZJ74+CtO1fS7a9LBLGbX9Qv9P01Gfe0Vla3E8kFlEWwTHapEh2r8vyjGD4p/wCCevwi
8cX/AIguNa8L3OrN4ltZLS5ju9c1CaG0SS5W7kazjacpYyPcpHM0lqsTtJFG5YtGhFTceaLitLO/
e/TX8L287dCo7y5u6t6dVa/Xfe/Tm6nkfw4/4KY/EH4y6dpel+GfgJrS/ED7LfanqugeJNSvfC6f
YLWeKAzWEmo6dDPctO0y+SLi2tEO1/MkhIGZtB/4KV+M7z4lf8I9ffCXS4za/E+8+Gt61l4x+0Tx
umijVrS6iSSyiSQzITE8bSIInwRJKpLD1HU/+CeXwt1hPC8lxY+MX1Xwc8zaZrY8c66muhZvL82G
bUheC8uYHEUQaGeaSNhFGCpCKBS8U/8ABMX4G+NvHV34j1XwOt7qV3rNr4iKSavf/Y7fU7a1+ywX
0NqJ/IguFhCr5sUauTHExJaNGV3ja1uj+/ni0/8AwBSVtfed9rWUL683nb5xkknrrabUr6aKzXV+
A6p/wWl8R2/wj8B+Irb4H6tPrXxNj1G68P8Ah2C/1HWNRa306dorx7hNI0u/aI5aARbVkjdpiJJI
AoZvo34m/tban4P/AGYPC3xF07wFrpuPEwsJJ9I12G70ybw6lygeR9RENtcz24h5Vz5DBXxvKJuk
Wjp3/BND4PaN8HfDPgWy0XxPY6J4Lu5r7Qbi28a65Dq+jyTEmbyNTW7F9Gj7mDRrOEYHBXHFejeP
PgD4Y+I/gCy8M6lb6rHpmm4Nm+n6ze6bfWjeU8XmR3dtLHcJJskcb1kDfMTnPNRNrlly73TXay3X
XfbrtdNXslBWceZ9Gn5vo9lt/wAPfc+V5/8Agsg+q/HHTPCnhb4SeL/HenRf2XBr2peGLXUtbj0q
41C1iuYvKns7CbTZYI45omlllv7dgrbkjlXk9Ppf/BS/WNS+C0fihvAGmw30GtW2maxZvrt4IvC0
MsD3LS6nnThd2MiQrGpSe1RPOmRTKIv9Ir0i3/4J2fCHT/EWn6nY+G9R0qbT9Mi0doNN8RanY2Wp
WsSFIo722huFgviisQrXSSsp5BB5qb/hgH4YLoOrWCab4niOs3QvJ72LxjrMepRMInhRIL1boXNv
CkUskaQwyJFGkjqqqGILbXK0t+n37enL6tPva7f2k3taz/8AAd1/29ra6VvuPKbf/goM/wDwt3xL
peneA74+MtRg8Mab4ehv/GofQ/EM+pWt9dxtG8H2iG1giWC5ElzFC004iH7t1WHdSv8A/gqD43Xx
Rofg6z+CXnePr6517TNRt5/GEEOiadf6VapdNEt4IGuJop4pYXSUWikLJ86Kysg9Ff8A4JY/A973
XJx4W1qJtfsdO06aOLxbrMUNnFp237AbONboJYyW+MxS2oikjLuVYF33WfEv/BM34P8Aiv8A4Rpr
rSvGENx4Str+2066sfHevWN3/py7LyWeeC9SS5nmX7887SStgHfkClWd+bk63t5aJL11u2vNWsla
Uw5rx5u6v5rW6XbTlS32fdcuL8VP+Cjun/Dn9hLwJ8Z4PCmrand/Ei20f+xPD0SXNzO93qUaPFA5
s7a5uGVAxLNBbTPhCVic4WuY+H3/AAU68R+MLXwG+sfCDWPAbeK5Xs7w+L59Q0CKG6F8LOOK0e80
6LzvMyJ0W5FnNJE6eXDJJviT2G1/YZ+GNr+y9pvwaOg39z8PdFiih06xutd1C5u9OEMgkgaC+kna
7ieFwpidJg0WxAhUKoEc/wCwl8Nb1dEF3p/iXUG0KS2ljkvfF2sXcmoNbyNJB9ueS6ZtQEcjb1F2
ZgGVDjKIV2nKk603Fe45XXdQttu9d39yvveUpqlFX962r7yvv00at00176fI8f8AwWE+J3wk/Y9m
+JHjL4b+CNbvV17xYWtNP8aTRSDS9Hv5oGEMC6a9xNcLsKDEPkbIhLPc2xkEY0Pgn+3F46+EHxp+
MN3r8OpeO/hrP8XdI8OR6rqfiCOHU/CsesaZo5s7a0sUtRDNbR3V8Fb97FIqvvxO+8n6D8Tf8Erv
gT4us7i3vfBl2ILw6yLiO28RapaLPFq7l9Qt3EVyu62mkPmfZzmJJPnREYBq6PRf2B/hR4f+JVr4
ttfDNwus2v2aT59Zv5LO5uLaJIre8ntWmNvPeRRxoiXcsb3CqigSAAUUalOMr1I3TSTXlzRb+bUb
JqzTk+is960k4NQ3vJ/ffl72td3Wq0Wj3Xy/+xl+1R4l8L3Om+GfElp8Sfidq8Xij4jvYeIJ9dCv
cLpOozQxWElrCUS4leIxrGphWGPGU2sAKg+JH7afxG+K/wAXP2d9d8JwpZapceK9Y0HVvBFn4tMO
kapL/wAI3c30S6lJLYR31s8LqmYprYMp3N5En7p69y8H/wDBIv4F+BfF0Gt6fo3jo3lvPqVykV38
SPEt5ZiTUd329jbTX7wH7QXYyZQ72wTkgEaet/8ABLv4N+IfEemazdaZ43/tnR9RutVtNRh+IXiK
C8jubi3+zSSGZL4O2Lf9zGrErDESkYRCVOMZNRXdRSXk9r9no7bdE99QryUqlSVNWUpTdvKV7LR6
W62fVrayPCZv+C2Gu3Xw91DxHYfA7UHs/D/gbQfH+rC88WWsG6x1GeSCWKz2RSGaaGSGZVWYW6ym
JstGCjPv/FH/AIK+aj8JU8S6FqPwunufiFpfjpPBWmaNpd9qOs22omTSV1dLl3sNMuLxALRsSJDZ
T7JRjc0eZh09j/wRB/Zy03w/qWlQ+HfiAum6vpEPh+7tj8UvFbRzadDMZorTB1I4hSRmZUGFG98D
DsD10n/BLL4Kz3fiS6l0TxdPqHivUrXWb6/l8ea/JfRX1rF5MF3bXDXpltJ1h/debbNG5jwhJQBa
ubg78qte/wAveTX3QTWvV690Nx520tLK3e/LZt+sve0t0W2h4p4U/wCCy/ivxdqWoCT9nnxb4Vs/
Dj+FW1xfFerrpGpQQa3fy2CzQWTQPK/lTxkhLj7M8kYZsJ8iyez/ALG/7SHxG+MUPxtvfF3hrQVg
8EeNNS0Lw/aaHq5ubi9htI0HlOJ7e3SN2bDB2lYFpmBMaopNLxV/wSK+BnjXVNbvdS0nx/Pd+JRp
41SVfiZ4nia/NhIZbRpNmoDc8UpaUN94yO8hJdmY+r+CP2ffD3wQTxnqXgnRkh1zxhcPql6t5q10
8N/e+UEDM0hm8hXKqXMUfLM8hR3Zi0VZxUZygvsyS6u7dNxfbTln0+1bbbO0pci6qUW+iaUZJrvr
Jp72slsfHvif/gt34h8Dfs9aX8S9W+BGpPofivwdf+LvDtpYeLbWe+lWxmiS6gvVkijittscyzK0
UtwXRJBtDhUb1b4o/wDBQfxr8MLPxReS/C3Rr+z+GmmQ+IPHKweMSLrSdNnad4WtIzZbby6W2gaa
aJngjQnZHNcHmuJ/ZF/4I2eD9D/Y2s/Avxn8N22p+Jr3SZND1ttC8ea9c2DWhuvPMdm7NavZRzsk
TzxW0cKTMv7zzRyfoHxl+wb8LviB4t0bXdY0LU73VNG0yDRjKfEOpINXsoSWit9SRbgLqcaMWYLf
CcBndurMTs/ZppNbPW2ul3pv6Lo+t096k1e0dlfyb2S7pdXez1to09PKtb/4KdajoHwt8b/FKX4a
zXPwc8Kf2ra22uWmurNq97e2F41k0MmmeQGjjmuEdInimmkIGXijyAee8L/8FYfFmofDSPXNf+CG
veDpbXWJ9P1C68QnWdD0NbeO1S4S4hvNR0i2lxIXMQN3bWkAlilUzgeW0vuLf8E/PhJLr3jC+l8L
3E9v4++0trukTa1fy6FfS3CbJ7j+zGnNlHcSKTvnjhWVtzEuSxJrP/wTw+Ftx8PoPDFzZ+M7/TLe
N7cSXnjvXrq/kt3ZC9q95JeNcyWreWqm3eQwldylNrMpyi0t10X33u9dL6aLReiauy/veV391vd0
v0er1fq1oHwf/a8vPiZ+0d4i8A3/AIas/D40pZ5bCS51Z11DUoYTApuVtJLeMPbuZspNbTXEeFAk
aJ2EdcNq3/BSS60L9vzTfgxc+CbGXStZvrrSbPW7PxAby8F5Bpf9pFJ7SK2aC2R4g6ok14tyxQv9
nEREh9i8Ffsn+BPh58Tz4w0nSb231tbea1h8zV72eysknl82c29pJK1tbvK4Uu8UaM4RAxIVQOV8
S/8ABP74cXvxNvPH+m6Pd2njwapN4isbyXXdUawtNWksXsjdfYkuVgAeBtkqIiiUAFssAwlyUUm0
3aLv5y6NfLXtfS1ndJJtNXs29PJW6/Py213Vn85/Cf8A4LNeLPi9D41v9O+Fvw+OjeE9Ftr95j8U
VW40++ub37LHpOqo+nLHp99FgvPAJZ5UG1YY7l2C1b0H/grZP458C+GPGM3wf8Wy6jaWHjK6mtNL
8Ttb2aXWhSNb3FrsuVtGuDKoMkZu7aLyxztWUba2P2dv+CXt0PBA8L/E6xubPw5Z2sNoNO0f4w+L
NetdQkt5YJrS8t4rs266LJDLCHSOxyUyqrMETa3feKv+CP3wG8YoiXeheN4Ikk1OYRWHxH8S6fGW
1Jy+oEpBfop+0Mx8wEYcHB44p10+RxptXs7Pz1s/x20asr3u0aqVOUruLS5k7f3UtV11ut9d3Z7M
5bwv/wAFO/Fuu+EfE1zc/CBbTWNK0Twx4i061g8QXGo281jrfnKk15JbWEktqLd7ebzjFBcKsYWT
djds2/2df21PG3x//bbvPC1vo/gxfhtH8PdN8VwX9h4k/tC5llvLy8hjZPLtvKlQi0YfLOoQYPzs
xWPovB//AASz+DXgTV73UNM07x5DfX2kWmhPcSfEbxHPLFaWistqsTSX7GF4A7+XLFtkjMkhVgXY
nuPht+xt8N/hD410rxH4e8OnT9a0bRhoFvdf2hdTM9oJZZgJRJKwnlEk87efKHmzcTfP+8fdvOVH
2jlFO13ZeTi0r99bPy17JHLBTVJwm7yajrtqpQcumzSmvRpPds9OooornNTxX9s39oHWfgzb+APD
/h2bQtN8Q/FHxMvhbT9W1y2mudM0iRrO6uvNmiilheVmFsY0jWaIvJKg3jv8Rf8ABKX40Xp8JfDr
wH4en+GXiGSbxJ8TIYvFF1dXGvX2hanbapO0IRJJvPMMtvcxyOZLrzpYmQFhvEp/Sf4n/Cfwt8bf
Bl14b8aeGvD/AIv8PXxU3Ol61p0OoWVwVYMu+GVWRsMARkcEA1x+t/sP/BbxNf6dd6l8IPhfqF1p
ENxb2E1z4VsJZLKO43/aEiZoiUWXzJN4XAfe2c5NCbUJx/mv+Wn3O70tve+lnpOScYxWlmn31XNr
81JLXbl/vNr8n/h9+yTq3iuT4SeNvHF/8J/G2nfEXw/4i1vxTpVv4J1WK78WDTgJhLcMNbeKfU1B
K21+IBNbHbjzAqqPfvht/wAFPP2ll+DHgvxDd/CjwJpvhnx1rnhWw8N6rq2qwQh7DVLxLSWNILPU
9Smu5IBLbn7VM9pv81y1ujJ5cn2X4a/4J4fs8fDTWdK1zR/gZ8GNA1HwxKbzTdQs/BmmWk2kyA7z
LDKkIaFgfm3KQc85pmj/ALEX7OnxB8Lm80/4Q/BXXNF1zUl8Refb+FdMubXUL4Bgt/uWIrJPh3Am
5b5m+bk1eHcYSSkrxvF220UryWmt5LRP7Nnb43bCopNNx0laVnvq1o+2j3WvNfX4Y3+TfHn/AAUy
/aY8OeO/iUnhz4Y+CvF3hb4ST3WheINXvpbbw7ZLe2+nLdG/3vq1xepFLIyJHZDTpCySK4vH5FUP
jJ+338e9Z+CPiK0i1z4b+GfEjWvw41yw1DTNEvZktLXxFqP2S4tJUe9VpGjeJmEyNFujkKbEbEo+
5PiH+xx8Ivi54vvPEPiz4V/DjxPr+oaedJutS1bwzZXt5c2ZHNs8ssbO0J/55klfasjw5/wT7+Av
g46kdI+CPwh0s6zYJpWofY/B2nQfbrNDGyW0u2EeZCpiiIjbKgxpx8owUZJJe1V/g8tYtuW1labt
/hXuq6Wtzd5qcdve06Wbjb5xjzR/vNqVkzzz9p79p74m+Cfj/wDCv4e+DL/4VWUXxG8OaxqQ8T69
Fd3cKXVhDBLiOxinhDQOswbP2ssF3HkJl/CPB3/BXv4jeNvG/wAH9QttE8HS+FPGE+iaV4m0my06
7ur/AEu81GyuLgOuoSXMMKqfLiaKGK2uneKQSO8IZa+j/wBqP9gWz/aq/aN+GPifxHJ4D1nwF4Bs
tRs73wd4g8GrrMesm7EOHEslysUJia2hZM20mCrc8jb3Xjj4D/BgfEHSNY8S+DPhh/wleqTWtjpd
9qekWP8AaF3JahpbaGGSRPMdoQHeNVJKYYqByazV7Jt2bl26c0um3vRaSXSyfxDqW5HGO/K/k7Kz
vvo1dt+a2bPhP9rn9ojxx8fP+Cc3hz4teKrrwffeGda17wd4t8M6N4PlvrXW7FzrtlHPptyGuTDq
LJHN5bMVhTzjtMAKpIPQ/i//AMFBPjn4a0b4d2ngXTPBvxI8R/GSbVNS8OR6T4cW2i0aysljb+zr
sahrtmlxfHzNjuk0DRmGYi0k2ED6c1z9gD4D+J4Nai1P4J/CPUY/El+uq6ulz4P06ZdUvF37bmcN
CfNmXzJMSPlhvbnk1Z1b9hf4Ja94Z1XRL74O/Cy90bXb4apqVhP4TsJLXULsM7i4mjaIrJKGkdt7
Atl2Ock1o3HlcYrlvLm01smoq12tbcq1au0rP4pFymnbS9r/AI3tttu3ZOycm1sjw/8A4JwfH74p
/tAfGr43RfE3UNB0yLSrvSbSy8J2Ue668PvJo1jd3MQvIryWKdI5LzyzJEg3ON4cKyRp4x+wp8c/
F/w5/Z08M/C74bav4L0XV47jx54ji1Hxyt7q8WoWmn+J7uD7IjLdQzNKVlVpLqSWUxKAzRSl8j9C
dC+EnhTwtrOo6lpnhnw9p2o6xbQWV/dWunQwzXsECFIYZXVQzxxoSqKxIUEgAA15yv7HX7PGjabo
3w9Hwr+DFrZ293J4k0rw0PDWmRxRXKbEkv4LTy8CRd0atMi7huUFuRTnNS92C5dEtO6TSerbdm+e
zbvZxbs2zK10r9Gn+Fn0Vuba6StfmWqSPB/Cn/BSb4heK7O21yXQPCWgab4n8Nx6h4Z0vU9yte35
0E6m9rNqYufJglDsB5F1BbYgheYSuJAqdZ4k/bg8c+EP+Cfnxf8AiMlp4S1z4hfCW0upL3S7yxvf
D9vHNbWUF1LHcQM908bmORpEWKeaN1eHE2GZ1+gtQ/Z3+H+rePH8VXfgXwddeJ5LJ9OfV5dFtnv2
tXADwGcp5hiYKuU3bTtGRwKpp+yr8L4/hFffD5fhv4CXwHqkjzXnhseH7QaRdu8glZ5LXy/JdmkA
cllJLDd15pVpKSlyK11Za7O9739L301dtktdKLjGpCVRXSab81ZXX4K3zb1enyF+0T/wUV+MXwD8
V+BoDJ8LtbS9bw3c+J9LsNB1B7rT7bW9UWxi/wBJkvY4oFjG/ZIEuJLl0bNtbIu8+deGv+Cjf7Q3
hq0PhXRLXQPif8Q/GfxB8ZWekJb6HBDHpljo9+9uls8d7rlnG5m2HyylwrRpFIfJuSjsfvXVf2Mv
g9rqaQl98KPhreLoGmxaNpgn8MWUg02xikSSK0hzEfLgSSNHWNcKrIpABANc/cfDH9nT9oDVfGPw
8l8PfBXxvfWOpx6v4r8MvYaZqUtvfuoCXV9aFWKzsqjEkqhyFGDgU24NtRVtZPz5XKDitb/Co3d7
3b5W7O4k0qaUldrlu/NQkntb4pSv0skrao84+EH7ZPxM8bfGjRdA8W6R4S8BR+J7aGz0+xaP+22i
1QaQb26tzqFnePA00UpI+zSRwFoLd5Unk8xQnUftoeJdct9E+Dnw+v8AUFLfFPxdbeG/Emo6bHJY
Ry20dhd31zHEPMeSBbn7H5IHmsypOwDlsNXpurfsu/DnVtdn1hvAvg2LX5tKl0Masug2b30dlIgR
7YSPExMJVVBibKEKAVIGKyvFf7J/h/WvgFoPgHTJ7zQrfwgbOfw7f2oTz9HubMq1vMi7RHhSu0x7
QjIzJtCnAJTg2m46JxbXRpSbdrvt0btK/K9FcmCtfX7Mkne1m42T0XR63SurNrWVjyr4TfELxN+0
34y8W+HpY/hjafBvQdc1L4f3/hl4bq38R2clouyG4S4SbycS7VdLcQRMkTRyrOxwlcVL+2l8RPhF
/wAEudY8eaNa6B4u8XeAvEl/4R8/xHfzQQapDZa9LpKXcjwxs7zOiRuR8oZy3zDv9AfEL4E+BvCU
mr/Ei4s/hz4Q+JUmkjTbr4jz6BZxX1sjBUJa4kIfy92NsbylQdoO7GDetP2Ovhtc/s+aX8L9f8Ia
B418GaYqE6f4m06DVobydXMhuZkmRkeZpWaQuVzvdiMZqeb3Unq1y3f8zTfM++ur1tbmstrkyUW2
oq122v7qado2/wDAdVvyXfxWPl/48ft6fGP4PftQeHfA1tqPwx17T7rW7Dwxrc1l4WvxJpN5qFtd
XFvJJLLqKIhRUtv9HiS5eVS8jPah0VfOP2cP+Chfj3wl8FvhP4w+Iml+BPiRqs3wW8R/EE63YWct
vr0VzbNp8r6aqM83kpJFcwF5Ef8AebFIhiWNQ33rq/7J/wALPEHiyHX7/wCGngC+122jtIotRuPD
1nLdxJatutVWVoy4EJJMYBxGTlcVT0j9i74O+HvG2k+JrD4T/DSx8SaBFNDpmq2/hexivtOjmaVp
UhmWIPGrtPMWCkBjNITnc2Sk1FS5tW27eScJJL/wJ83eyUbtI2pzipJzV0lHru0/e+TVo9dm7Ju5
xH7Lf7QHjzxZ8ZfEPg7xtqHgDxRFF4d07xbpGt+ELO4s7cWl7JcRrazxTXFzucGAsk6yKsysSIo9
pB8btP24Pix8UvCdhquk6p8NrTQPiroevv4dSHR72XVvA91p8Mjn+0f9NVbsfu2jk8tbM287RofN
zur67+EvwI8D/ALRrzTvAng3wp4K0/ULp726tdB0i302G5uG+9M6QooaRsDLEEn1rA1n9lD4PW3/
AAm2qaj8NfhrH/wnNuV8X3dx4esh/wAJBAoyRfu0f+kIBk/viwFZYqKnTlFaXi16XTtf0uve392/
2mTQbjJN66xf3Wv/AOBNN22V+XZI+UP2P/B/iD9k7/gnT8PPF/gjTPBuofEL4rQaJqHiG907Rpkh
1ES2nmyXn9myamhvNQ8kHz5IbhJbhg83luUEJwfGP/BV/wCIXhGy8Za7L4k+C0XhTw3B4A16C/u9
H1CyhfTNdvZrO/ieSe9jKyxGEyxzPFGFVWWSEnLD67k+D/wH8L/syW2hP4X+EenfBqSH7RBp503T
ofDDRXJJ3rFtFsVlMzHIGH809d3N23+APwY+IPi6W9i8FfDDXNe8Hww+HJJ00exubzRIojFdxWBY
IXgVC0EywnaFzG4UZU131a0ZYidRx05k0u0U17ttraRXld90jnw0OSlCEndpWb/md9ZeslzfNK2q
bPni6/4KI+PbX4O/Ev4xI3wuufhx4Pu9e0aDQne6t9bsrzTbqS3jnuLsSPDJFKkTXDxrbxNDAVYP
MMmsr9oj9tf9on4E33gjwFpWjfDn4m/Ejx/Nf32kaj4Y0xYdPn0+2t4JUSSy1HWrRY5pXlkVWTUZ
sxwNMsT/ADRJ9SeH/gp8ItW+LPirxNpXhL4cXXju7i/snxJqtppdk+rTRtGp+zXkyr5rKY9v7uU4
K44xiqR/YX+CR+E48BH4O/Cs+Bhd/wBoDw5/widh/ZIuc58/7L5XleZn+Pbu9649LLpovPrd7r5+
a916WZ0X9+Ta0bena6089Nt9fi30PAYf2/fitp+sXH/CQeGvBPhae+0UnSNEu7yO6jm1eLRG1C4s
pNYt7x7SORJsr5U8UA8iB5lnkEihPJ/2rfGPxF/bJ0T4M+CtQ8RfDCL+0viRceFPF+g6/wDD7UJ7
O8nXw5dXqRXuntqqAxAgyCFbidGMlnMtx+7KP96P+zV8OZPF6eIW8AeCW1+PT20ldTOh2pvFs2Ch
rYS7N4hIVQY87SFHHArnbr9gn4GXtvoMM/wX+E80Xha8l1DRUfwjp7LpFzLIsss9uDF+5keREdnT
DMyqSSQDWjcJSvKOjS07NO91e99L6N72193UpzcE+V62kvvhy30XR2astdb/ABafBegfth6z45/Z
S0H4W+LNX+H+k+H/ABt8CfFN5aWGkXepadrMOoaLOLVVt7qbUZZ5IXt977CWmBtpS0rruC/TOq/H
jxh8B/2Ivgbf+E7LTbqObw7p8usy3Fg+py2lhBpazSPHZxXMFxLkoqFoBO8XmB/s8qhgPaV/Yy+D
6aZrNiPhR8NRZ+IzdHVoB4YshFqhumRrkzr5WJfOaNDJvzvKKWzgVf1f9lv4ZeIPhfp3ge/+HPgS
+8F6PGkVhoFxoFpLpdkiMrosVs0ZiQKyqwCqACoI5AqZTlJSbfvS5W35qdWWvfSoo9LqOtrmUaaV
SDfwxUlbylGmvk7wb62cutj4vtP+Cr/xh134peNtb8PfCyw8V/Bz4eG4stZ1G0msbWdpI9KW9ju4
ZZtUF06zyPFHHbf2VlklWRbhyPLPdXv7Wnxw8I6V8Jdd1HxJ8CNe8O/FDxVo1jDJo2kagJhp2pQy
sApa+ZN8MiIFucslwHb9xblRu+nW/Zt+Hb/FWDx43gHwW3ji2sxp0PiE6HanVYrUAqIFutnmiLBI
2BtuD0rEs/2Ivgvp3gnWPDNv8IfhhB4c8Q36arqmlR+FbFLHUrxGDLczwiLZLMrAMJHBYEA5yKd4
+6mtuS/dpSvNdPjXX7Pwq61CSk4NJ2dpK/m1aLtr8Ha/vaSdmtfkX9nn/gp98WPjl488E+FbWb4L
6rNf2/jL/hIdZ0eO9uWguPD+rJbeTDpy3DGMz2s1tIoku2YGctgqqrL6P/wTE/bg+Mf7Y8a+IPHX
w4s/C/gPxXoUfiDwvqkU+nROcyBXsmjh1W9muDGroTcSQ2ZDbka3jbAP0DZfsl/CrTfiDo/i23+G
fw+g8V+HhMul61H4ds01DTRM0jTCCcR+ZF5jSyltjDcZXJzuOdH4c/s8+APg94j17WfCXgbwf4W1
fxVP9p1q+0jRraxudXlyT5lzJEitM+WY7nJOSfWjmju1q0/S7cuno42/l5be8pSLqaq0dNU/l2/R
/wA17+60j4q+Jv8AwVL+Kvw68Lppf/CM6DqfxB8U65YaboOnWWkq8Njb3sl/5N0ZptVhsNRgZbMJ
HImoWhkkk2tHA21H6v4a/t6/GmPxF4etvid4N8KfDxp0j0u/tZnh1BX1Z5bnYkl3Y6hdR6aZIbeJ
lhuUkQm6VRds0bI30xL+yN8KJ9B8TaU/wx+Hr6Z40ZG8Q2beHLM2+ulFCobtPL2zlVVQPMDYAAHS
uY8A/DT9nbX/AIjL4e8L6B8Fr3xd8Krf7Cum6VY6ZJqXg+CeMJ5IijUyWaSRqF24QMoAwQKiK93l
66P0SVml8+rvdtNpcqTqo05OSVla3zbdm/XTRWsk0n7za8F0L9tnxv4yn+Gul+MvDHw81DWLrx5p
Om65Z3ulz2d14dN1Z3F5az2kZmure5kBiEcd1BdtG2yR1AOYk5f4rf8ABUr4t+AfgRcfFPRtN+Ff
ijw74l8O6/rOh6Cy32n6l4Yk0mN5po9RuBLMtySkUiOqQWpiuDFCSwcyr9cXn7DHwS1AWwuPg78L
JxZ6u/iC3EnhOwbyNScgtfLmL5bliqkzD5ztHPFL4r/ZF+Cklr411PXPhh8LWh8aRLJ4uur7w5YF
NdjiIkVr93jxOqFQwMxYKVB4xRNrlm9r3fkrxirfem77pW7sKNlUg5q6XKmu9pyb9LppW23OG/ZV
/ab8deOPE/xQ0jx5F4TvLvwZY6TrNj/wjdpcwFre+sGuDbSLNLKZJUkjkUSLsEish8tDkH58/Z4/
4KTftI/Hn4Pf8Je3wr0LRdH8aWVhqXg/UJ/7LlZFmukjuLYWUevtPqMkEMgk3E6fI7K0f2dZNqN9
VfAX4Sfs+fB/W9U1j4YeGfg34W1K40SzvNRvfC2nabYzyaU6sbSWaS3VWNqywP5bMfLIhbacKccn
4Uj/AGQ/ENs50Mfs330PxrvJoW+wjRZV8eXK71mQ7Mi/kXdIGH7xhucHqa0npVbS7WT6avR9Xzaa
3TTi1rzMxpXVFRk76/F8r37Lrpqmne6sj55u/wDgod8RB8bvGfiKHx/8N7bwhYfC7StV0fTNR8O6
rFC2r3up39mqsomFy0yyWm1oPs/mOQIgYdrytxfg/wDaL+Kf7Rv7VPwo1y41Lwl4Q+Jnh6X4heEp
7jVdOvBoEw0/7A8Vw+kx6rIscpjlO7F40igtlyF8sfoZq37Kfwu17RY9Nv8A4beAb3TotGPhxLWf
w9aSQJpZYMbAI0ZUWpZVPk42ZUHbxVS+/Y0+D+p+FJtBufhT8NrjQ7i/j1WXTpfDNk9pJeRhVjuW
iMWwzKEQCQjcAq4PArNr3vd0SUkvJyk7P5Rk01s7pPRJmspXadusbrdO1NRtt1mlLytdatn5zz/t
Uat4hvPjJ8Z4/B3hnWdR8V/Abwlr+s+GvE2oXV3oEiS6hqkFzshlDAwvbxh0iCRLN8pcqXZ67r/g
p9+0N4n8ffss/tE+CvEx0rR9Jg8M6xfeFE0z7XaTXw017YBxqFrdSQzDzJMTW0sds6f6top0LOft
H4g/sIfA/wCLfiTUtZ8V/Br4U+J9Y1m2istQvtW8Jafe3N9BEYzFFLJJEzSRoYoiqsSF8tMAbRg1
f9hD4H+INOvbPUPg18Kb601Kzg067guPCWnyx3VrBJ5sEEitEQ8UcnzohyqtyADzW3tY3i1GyTlZ
drttW84u1tOr8rVObdb2kdFaH/ksYxf/AIFa72ei87/NGtft6/GrwL4wn8Gy2Xwk1LU7X4qaN4EO
pBb+0htbDUtLgvYn+zGSRp7iJpHjY+dCjhAwRMlF4p/+CuvxZ+GHwxtvGPi7QvAHiGxgtfHmn3Om
aBYXlnd3eo+GZp0FzHJLcyrFBcrAc27I7RD5/tDjKj6wb/gmD+zS2uJqh/Z4+Bp1OORZkuz4D0rz
1dcbWD+RuDDAwc5GBT4v2GP2bvghZ2viRPg78EPCFv4RebUrfVF8J6Xp6aKzKoluEm8pRASqLucF
chRk8Cs3Jcj5t317e5GP5qUr95a6pMzhGzgoq9uXTvZyb9Oa8Vpso2WjaPljwV/wUJ/as1j4k/Df
wdr/AMPfhp4Q/wCFl6jdW2meJdXkhlaaD+x7u/hmTSdN1e+HlJJasjSPqKecMbUjLMY+x/Y4/a5+
KP7Sv7VPwn1DWvEfhDS/Cnin4Ox+JtQ8OWWlzn7Rqc10I5GguGu8fK0W5Q8MhWISL1YyD3m0/wCC
dP7OOoaTp4g+BPwTnsbZ5byx8vwVpbQxPcKvmyxYhwDKqpuZfvhVyTgV2Hw2/ZY+GPwZfR28H/Dj
wH4Ubw9Bc2ulHR/D9pYHTIbl1kuI4PKjXykldVZ1TAdlBbJANaKUVNSta19N/sTj+cou9vs33Jkn
Km43u3az22mpPb+ZK1r6JtJ237yiiisSz5T/AOCsV/qmj+BfhJd2njzxH4B0tfifoUOr32lJZsHg
eVtiy/abedSPPEO1dvzOUXDEqK4X9nP9sHxn8T/2p/D+nx/EN9b1e+8Razo3jj4Xz6ZZQyfD6xtk
u2stQBSFb2MSmC1XzLmWWG4+2boQgAA+n/2kP2ofD/7LmneErnxDZeIbyPxn4n07wnZHS9Oe6WC7
vphDC9w/CQQhmGXdhyQqhnZVPo9XQ9yDbV1zy+9wpq3yST7+8rWtdzVV5X2fKl8lKb5ujvdtLW3u
6prQ+J/+Cu2qwaD8RP2fLnxH481Dwb8OZ/E2qweKY3isH0nUbf8AsHUZBDeC6t5VaOQI8JXIyk8m
3EgjkT4u/ZC/4KOeI/gb+xb4R8NfDb4q+E/H+rr8FtM1XTfCqS6cD4TuIdSjtLuVPs8MtyRDZvLN
KkyXDIbNnWLbuir9qaKmLai493f7ozSv6Oaata1rK12zadTmil2t+ElJpduZJxfe+t9j5u/4JefF
fxv8YP2fb7VPGvj/AOHfxOxq80ej+IfB+vxa7b3VlsjIS4vINP0+2luUl81W8i1jUKEDAOGz8s+F
v2jdc+Cvif4paZ4m+O/irwlous/GfU9J8QeMNTtNHZfANqtgJNPUSzWRtrYXWy3iEl4ksYjWMIEa
ZXb9N6Kc5J1HNKyceW3/AG9B3v39z73fyeCh7ii3qpc1/lNW1vp71/kkrdPym1T9q74h+CfidceP
/G3xX8U6PNpfwd8RXWiLaeHtPuLDXha6vLBHq6WUkcbHzLWOyvHxcwxKWi3OkLBDz3gL9sS0+Kvx
l+BcfxR+IPg7xJ4u8E/tCXGg+HNcvtS0iTUbzSLnww88RE9pbWkEiyzXltGWghWN3MChpSEkf9eq
K0o1VTkm1dK9vK9V1Lrs7Nw22d/Ipr4mtOZNdetL2Vt7tL4tW3frfU+WP+Cof7Tur/s1WnwdGm/E
7wv8MrXxp8QLDw9qt1q1tbSzXNlKshl+zvcyCKJk2gl2jkA3Dgd/h+y/4KleOdX+HGq31j+00mo+
f8P/AB7Fo+o2Gm+H7r7b4g0DWE+wSRJHZsJbm501lllt1BRoX82KKIYcfsPRWVJ8iknrdya8rw5E
vSLvNf3rdjRSXtITtty3XR8snJ/+BJqL391W6n5Fad/wV78R+JvHmpSSftKeDdGj034p+GvC9rok
+iafpk02kapY27XX2u3vAbtZ7aWWYb1MISW2k8yMpmFOc8GftPWvxb/aG8K/EG/+PGmaBrfh/TPi
F8OX+KOnWGhTXmpy2muWD6LYXDG1aykuLi2R5Y4EhVpleUwKhfcP2YorRVFF3irO0rd1zU1D/wCT
l6z1ulZkZW0eq9358rlJ378zcb9lBWtfT8tNH/b7/aY8UftD+D9H8S+JvhT8Fr6PRtAvrvw14x1h
LCTxJFc2EU+qXFrp502a5u5LeVp0VYNStlhaAiaMqd5+q/8AgkZ8cvEf7Un7HWg/EjxP8S9P+I2q
eI2uIp20mysrTS7B4Lu4j2wpAGkV2j8reJZpPuqQEy276goolUT5rRSu7+mu3pbTS33WSwdPWLvs
kutnZWvvu3rrf79T4P179sTxbqH7U2oaNH8Vm0DxJpXjGbQdR+F81hpqm28MgMB4kSSSE3Y2xFbn
7U0rWfHkNF5mTWt/wQ1g8HeMf2W7nxTo3xDsvixrMXiPxBp0mtuNHnvNMhfV7if7L51hbQkRzZju
ykm7JuAy7YzGq/bVFTSlyU+R6uyV+uyT+/V9/eau42SdaHPV9pstdOm7a+66XpFaXuz81P2jP+Ch
nxT+FT/FvTPDnjGx8UeJNJumukS3+xNpngrSH1m2sjdXLLZNeWD29qZpc3ltexykTzxmWGHyQ/wt
+3J8UPB/gL4e6t4u+NPw68S6bealcWcd54G1vTtbm8VLPcwx2arJNpdlbalLHG115kWm/ZZd9uCk
UoEkK/pRRSoyUFHmXNbe/X+u+rvfytdf378ul7v5/g7LXS6W21nf8zvjH/wUv8VfBvwl8TZNQ+NP
hSx1bw3rGnXX2m6TTLvSrCxutYSBbFfktrizu2sf3givopm+aWWOWeNQY+n+If7dvi24+MevNonx
l0bw/wCJNH8Q3OnS/DzU9N0+40+28MiJ2j8UlsR3rwLEUuzci7FoygwbVk+cfoVRWSi+VRvsv/kd
+vS2/V2aepUpXlJpWu/u0asr3W7vs9Uk7q6f51f8Emv+Cj2pftLfFHwDpPib45+E/iBq/wAQPhXD
4puvD9mul276NqsV4Yp44EtgJxmInzIpnkKtAzDYNyjd/wCCmn7Wvxo+FX7V3hXwX4E8YfDj4Z6P
faJFqWmap421+LSNO8Vaobt430vL6XfPcssSxN9mt5LO4YzgpKwBUffFFdEqkXUhNLSLk2u6bk0n
/hUkut+VEJfxE/tWtv7tlFO2vXlbf+J9dT8tv2xf2qPG3i74T/HrwlcfF3U7TUtKsp9Zc+Gk0yS3
8O6Wur2tt5M/nWaXVji284st4konH2iWKfyo9i1df/a/1/45/tJ+I/hfN8Qpfih8OfFuk+KfCN34
b8QaTo9vNJeWekwzWpWyhtBcs9wfNfzJ5kS4Em6G0SMK1fqnRXNUpKdN0n1jKL9WrX9Uvx1v0KTc
aiqRdmpJ/Ja29G/uWi7n4t/ED49Wjf8ABOWTQfEHxG0Tx78O/DvgTwpJeTa1a6ZBD8O/FNtf2EA0
mOeOONluRGs8jw3BkuYDCSXVZFUe6f8AD0fU/GXgH4j65ovx8+G+taV4G+Jd7A1/4fv9JtRPoQsI
JrK1t5Llbi0kaS5kEJM08DXLCUQ3EThUH6YUV1VazqTnOS1ld/NzjK77tKPIno+V2bbu3y4fDKio
Ri7qPL90YONvJNvn7cy0VtF+PngD9ujwb+zt+1V8UvEGjfHLwH8P9L1z4xeHYfEGgX6aTYR6pHe+
HrRb+6vY5P31vJHcrI7mKSLZNBOsrP8AMFPg/wD8FXPFHxDtfBg1r9rrwNaz+LNL8epqkml2nh+1
h0s6PeyHTb21SdZmiaa3Un/SXnieFMqu8NMf2DorKbvTcFppZPtamoK3kmnJLu7dEdnO/aKctUrX
Xdpybbe93dX72Vz8kPgT/wAFT/jd+0p8QPhzfaf8Uvgp4N0m/wBA0C/Npr+vwW0XjGOaxjk1i5tL
FNNmnu5bW5+1RbLfUrZYHtmWeMr81ec+Nv8Agpt4y+N37IusabJ+0zoniDxN48+DfinXJdN8OQ6N
az6ff6dqUaRC1REkuEE9i135iSPI3l2zPGYyjvX7a0VvKrB1XNR0bk7eqkkvSN00lbVdNLY04uHK
7u6UVf8AwuLv6uzu/N/Px7xv8Uh8J/2EtY8YWvivVdcHh3wbPqUPiSTSoNQu70w2jOt59lgFtDOz
FQ+yMQxvngopBH5t+Hv2r/iV8fbjwnpGtftAeJ4NM8P/ABm07TovE+hN4dvbu60u+8LvfWjytDpn
2GZmvG8uIJbujPIIw08iRy1+wtFZcydWVSSve1l2tNSuuzaVrpK1+uxdP3KCo21UZK/+KHKvVLez
e/bW/wCNPgj9sL44/Dr4H/Cvwr4X+NPh3RLnW5PEF1d+LfiXrOn6LY3PiCLVmj/sKSddFuUmIDPK
9sv2a7dpHVLpfLMa9jpf/BUvxhqHxyfSdb/ad+HelzJ8bj8P5NH02x0q3t4tIn0eOZpQt1vujNbX
hMKTM6p528SwsCsMf6y0UQnZJSV//wBuMun91OHo2973TWjUdN/xjKP4San2urWSdl+PXwv/AOCr
3jP4o2UFrfftTeFdG02Dwr4l/s7VtN0bR577Wdc0zX/stjFPI0ctvLJeWbW7C2tbeB5ROWhwXQp6
XZ/Hf4leHPjB8adb174q6h4B8WX3h7wXfz6FrM2mWdh4atJrUzX7wXE2nTrbmJ/tiRyXe+3L+aJD
lfMj+5779le1v/2w9P8AjK3i/wAXpqWneG5fC8egJ9gGjPbSzLO8jA2v2oymSONsi4CjYAFwWDep
0c3uJ/a1v2+OT/GLiuySSWzbz5G6sm37vResYb9dGpdbu7beyXln7NvxfX4z/sm6D4zutZvrKPWd
JkvJNVu4bW1ltl+fM/ymW22qBuWRS8TqFcFkbn8yP2OP2ifD3hz4X+HzY/tM2ugwavc+LltfiLLY
eGL6d9TTW2lt/D5uRYCJUuo5ft5tiBcXBmBt5I0UKP2KopSac5SWid7LtdNfhfpbazvG6dKPuxUt
Wvx2737eej0tK0l8Nf8ABNf9rD4kftS/tK/EDSPHvxF0K2v/AAJpXh2+uPAui6ZaW02mXF9phku7
e9MjTXJ8q4dcbGhKugVsjchb/wAFhfjnHoFs3w68T+LR4C8CeLvA2u3pupNDtNUj8XanAsSw6Ftu
oZo2MsUksnkRItzNsAikQo2fueis8XFV1y2smmmumsWvwbTV73a1urmmGk6Mua93dP7mn1vvZrSz
SelnZn4r6z+3Jp/jb/gm38ZPh3rvxx0XwpY+DfhP4NOk6VHbWWk6tp0ktk0N5p91FfxySyPLMkQJ
8uNtk8IjC7g8jPj18TfDvwk/am+LWs/C34y+Gfilrs3gzwRrMsF7/wAIrLaTM+p3BudenNlpDsJb
K3eDUPtMcEnlG4SWSOWFYYl/auiuytinUqyrWs27/wDA79FfW73vfVc2CofV6PsW+ZJRX/gLi79r
6NaprXZpWf5g/Av9uL4weLP2i/hP8Otb/aE+Eevx+MdA8R6tanwTe6frl/4j+wy2z2KrqMlna2ss
sqPcRP8AZtPRMWdwV2uG8jyvS/8Agqh8fdB/Z7uvHPij45/Azwy99rPh+y1XR7nUrbVNb8GXl1qc
VvfadNaHT9PXTljt5JZPLvJb2ZRZzESyJulj/ZKisYyipRbV0rXXe0m/xi1F+iasrp9N/ds+u/3f
gr7WtpdNt2kvy7+En7V1/wDHL9sz4Uae37Rl94u0jwf8T/FXh159J/sR49aC2KS2FvdLb2hRpGjk
uoQ0IiZo4ZXUq6vIPpD/AIKeftIeI/2dvGfwPSD4oaT8KPAnjTxPe6F4r1u40+0kuLGH+yL26iuI
7q8321sI5LYZMsEikspYhEZJPrSvKP2gv2TrP9oX4ofC7xVd+L/GHh64+FGuP4g0+y0j7ALXUrh7
eS2Zbr7RazSFPImnjxE8RxOxzuVGSYWtThLpZN99Em3az1s3bpfRd1TXLKpNu7kp28m+blS6aXST
8r9kvzu+Nf8AwUz+L3gX4ReA78/EuXSvEem2tzrLpdaZpWm2nj7RYfEYsYtSkM9tLLIZtPVZ2gsI
rYR+eJWnijaNDqftLftQ6b8fP2DP2nLn4g/GnwzqV5a+E/Eljq/wp1XStNj/AOESu4ZZE0q4ibYt
2iyCOFkluWmS4lnge3aL5Eb9VKKU3zRaXXm7acz08tFt2eseXY0w1R0cRGuuji7dPd1avq9X1u9P
i5nq/wAmPFf/AAUo8XyfAXwzq/gn416NpOpeINWstI8SaXqmvaDY6R8K9NXTjLBepqC6Tfv5N45s
8Xt3Dc27C8VFWBmDJ7T+wz8QviH4u/4KB2UvxG+KNtr99qXwj0y7tdP8NSW914X1uY6jqMdxeWcz
WMM8kYSG1kaVCkZe5UfMjW6j7+orZ1k5upy9X8rxcfzd7u7876nPGFqXsk9LJfdOMr/dHl7a38mU
UUVgaHzh/wAFNfAvjP4ifCnwHZeCfBOs+OL7TfiL4b12+t9OvdPtXtLKw1GG8nmJvbmBG+SEqqoz
MWdeAuWHz1bfsLePvEnjbUprz4a32g+Nba78Rr4k+IumeINPtZviVpN9b3sdlYpMskl0skTT2ZC3
luIbU2mITIuAf0UopxdoOHRuT+coxi/wgvvd76WG/eU1vZL5JyktNr3k9d1ZONnq/wA2dT/Yz+JH
/CqtEFj8E4xqHhTVtQg8MaPJ/YNtZxW80NjbR3V9aQ3nk2LeXDOouNIuEmihyVtmaeSFeb8P/wDB
Lr4g3vxl+J2r+MtN+LGteIfEeoaqJtZ0nU/B9t4f8S6ReXnmW9s/m2zapdPbQGNFtNS32oEMiJII
3CH9SqKqU7pJ9E196Sf5dO7DZWWmqf3NtL0u2eF/sM6d4u+H/wAH9B8M+Jvh5ceEZD/aN4v2Y2Ed
ppkX2wm3tpoYL24EVy8Um8pamW1Ty3VXjHlxn3SiiipNyd3uTGKjdIKKKKgoKKKKACiiigAooooA
KKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAo
oooAKKKKACiiigAooooAKKKKAP/Z

--=_mixed 0035B28665257EC4_=
Content-Type: image/jpeg; name="1_separation_of_responsibility.jpg"
Content-Disposition: attachment; filename="1_separation_of_responsibility.jpg"
Content-Transfer-Encoding: base64

/9j/4AAQSkZJRgABAQEAYABgAAD/2wBDAAIBAQIBAQICAgICAgICAwUDAwMDAwYEBAMFBwYHBwcG
BwcICQsJCAgKCAcHCg0KCgsMDAwMBwkODw0MDgsMDAz/2wBDAQICAgMDAwYDAwYMCAcIDAwMDAwM
DAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAz/wAARCAEuAiADASIA
AhEBAxEB/8QAHwAAAQUBAQEBAQEAAAAAAAAAAAECAwQFBgcICQoL/8QAtRAAAgEDAwIEAwUFBAQA
AAF9AQIDAAQRBRIhMUEGE1FhByJxFDKBkaEII0KxwRVS0fAkM2JyggkKFhcYGRolJicoKSo0NTY3
ODk6Q0RFRkdISUpTVFVWV1hZWmNkZWZnaGlqc3R1dnd4eXqDhIWGh4iJipKTlJWWl5iZmqKjpKWm
p6ipqrKztLW2t7i5usLDxMXGx8jJytLT1NXW19jZ2uHi4+Tl5ufo6erx8vP09fb3+Pn6/8QAHwEA
AwEBAQEBAQEBAQAAAAAAAAECAwQFBgcICQoL/8QAtREAAgECBAQDBAcFBAQAAQJ3AAECAxEEBSEx
BhJBUQdhcRMiMoEIFEKRobHBCSMzUvAVYnLRChYkNOEl8RcYGRomJygpKjU2Nzg5OkNERUZHSElK
U1RVVldYWVpjZGVmZ2hpanN0dXZ3eHl6goOEhYaHiImKkpOUlZaXmJmaoqOkpaanqKmqsrO0tba3
uLm6wsPExcbHyMnK0tPU1dbX2Nna4uPk5ebn6Onq8vP09fb3+Pn6/9oADAMBAAIRAxEAPwD9/KKK
KACiiigAooooAKKKKACiiigAr5A/4LI/trfFT9i74WfCD/hTth4Av/G/xZ+KujfDi1/4TKC8l0q2
/tGG72Sv9lljlXbNDDlhvwhfCMcY+v6+AP8Agvp/zZX/ANnVeBv/AG+oAP8Ajad/1YB/5d1H/G07
/qwD/wAu6vv+igD4A/42nf8AVgH/AJd1H/G07/qwD/y7q+/6KAPgD/jad/1YB/5d1ea2/wC1X/wU
mureOVE/YUKSqGU+R4sGQRkfxV+pNfDWh3GNFsxu6QJ/6CK+ez3M62ElTVK3vc17+XL/AJn13C+S
4fMFVde/u8trO2/Nf8jx7/hqT/gpR/c/YU/78eLP/iqP+GpP+ClH9z9hT/vx4s/+Kr2v7R/tUfaP
9qvC/wBZMX3X3H1X+pmA/vff/wAA8U/4ak/4KUf3P2FP+/Hiz/4qj/hqT/gpR/c/YU/78eLP/iq9
r+0f7VH2j/ao/wBZMX3X3B/qZgP733/8A8U/4ak/4KUf3P2FP+/Hiz/4qj/hqT/gpR/c/YU/78eL
P/iq9r+0f7VH2j/ao/1kxfdfcH+pmA/vff8A8A8U/wCGpP8AgpR/c/YU/wC/Hiz/AOKo/wCGpP8A
gpR/c/YU/wC/Hiz/AOKr2v7R/tUfaP8Aao/1kxfdfcH+pmA/vff/AMA8U/4ak/4KUf3P2FP+/Hiz
/wCKo/4ak/4KUf3P2FP+/Hiz/wCKr2v7R/tUfaP9qj/WTF919wf6mYD+99//AADxT/hqT/gpR/c/
YU/78eLP/iqP+GpP+ClH9z9hT/vx4s/+Kr2v7R/tUfaP9qj/AFkxfdfcH+pmA/vff/wDxT/hqT/g
pR/c/YU/78eLP/iqP+GpP+ClH9z9hT/vx4s/+Kr2v7R/tUfaP9qj/WTF919wf6mYD+99/wDwDxT/
AIak/wCClH9z9hT/AL8eLP8A4qj/AIak/wCClH9z9hT/AL8eLP8A4qva/tH+1R9o/wBqj/WTF919
wf6mYD+99/8AwDxT/hqT/gpR/c/YU/78eLP/AIqj/hqT/gpR/c/YU/78eLP/AIqva/tH+1R9o/2q
P9ZMX3X3B/qZgP733/8AAPFP+GpP+ClH9z9hT/vx4s/+Ko/4ak/4KUf3P2FP+/Hiz/4qva/tH+1R
9o/2qP8AWTF919wf6mYD+99//APFP+GpP+ClH9z9hT/vx4s/+Ko/4ak/4KUf3P2FP+/Hiz/4qva/
tH+1R9o/2qP9ZMX3X3B/qZgP733/APAPFP8AhqT/AIKUf3P2FP8Avx4s/wDiq7jwv4j/AOCovi7Q
LXUrT/hgT7PdpvTevi5WxnHI/Cuz+0f7VfVnwEO74P6CfW3/APZmr18lzaviq7p1bWSvovNf5nzn
EuQYbAYeNWje7lbV+Tf6Hxf/AMbTv+rAP/Luo/42nf8AVgH/AJd1ff8ARX058UfAH/G07/qwD/y7
qP8Ajad/1YB/5d1ff9FAHwB/xtO/6sA/8u6j/jad/wBWAf8Al3V9/wBFAHwB/wAbTv8AqwD/AMu6
j/jad/1YB/5d1ff9FAHwB/xtO/6sA/8ALuo/42nf9WAf+XdX3/RQB8Af8bTv+rAP/Luo/wCNp3/V
gH/l3V9/0UAfAH/G07/qwD/y7qP+Np3/AFYB/wCXdX3/AEUAfAH/ABtO/wCrAP8Ay7qP2Kv21v2p
/wDh6bqH7Of7Rlh8AP8AklUnxHsb74cQav8A9BeHTo4pJL6X/r4ZlWL/AJ5EP95a+/6+AP8Anaa/
7tV/926gD7/ooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAK+AP+C+n/Nlf
/Z1Xgb/2+r7/AK+AP+C+n/Nlf/Z1Xgb/ANvqAPv+iiigAooooAK/E3/gpN+1J8QfgT4p+EGheBdU
1/Tz4vtdYa7XRfCY8S39xJa21u9uq2+NwTfIwdhjapyelftlX5hfEHWvh14Q1zwh4k8a6n4X0bWd
Hjnh0K91fUIrSSIzRok6wmRlDFlCBgM8Yr5HiWrGnXoSlHm0np8o2P0DgujOrh8TGEuV3p67WV5X
7brQ+P7f/grd8Zvha/hrwf4u+C2o+IfiFo+g2mueNrfRLW+uZIY7ieVY47aK0t7iNJfIRZG8+WKP
eWQHKnGz+0H/AMFI/jHqnwl+OOqfD7wp4V0ax+GGuDQE1zU9SkN5vc2JRlszA6+YFuiTvbaCBwcE
H334u/C/4BfGX4yRWvjC1+H+rePntBY/Zrm9hTVbi2wZBA8auJJIsFm2MCuCTjBpoi/Z+v8Awf46
01dT+HEui61fpqXiuJdYtzC9zmNVkucSYRswRgZxzGB2r55YrDXjP2Tvo3vbdba7b2PsHgcZaVN4
hW1Sd1fRPfTfZv79DzG9/wCCgvjv4P8AiS/0HW/D2meIbL4Wy+HtK+Iery6tsv2vtYaIRnToY7SK
K5hi8+PLOtuWGQEyCTkfGf8A4Ko/EL4W+Adf8Vw/DXw7e+H9M+IMvgGxkbX5FudQnTUJbUyGPycR
DZGGyWbLNjAAyfSvFGr/AAM+J37R/h/VbrQ/C/iPWZ9LbXIPFcN/Yy2MS6fMNhlInDyPC7lkfynW
I5+dDgVqa9D+zt4z+GckOoap8NL7wnL4mGsO7a1bmzOsyyvOJN4k2+ez73C5yTnA4pKtQTi5Un0v
v8+ve/5dLlPD4pqShXS3tt8r3XRNX311vrZeNfA3/grr4x+Ivx58M+DvEHwx0rQ7W/8AHOq/DzVr
218QG7a11SzgNwDChhXfCUKgsxU5JwOOfun7V714l8OPgh8FfFNzH4u8KaV4Q1YxeIrrxOmq6ZdJ
cxrq0sYiuLrzEcr5rIAre3aussf2k/h9qdlqdzbeO/B1xb6KAdQli1u2dLAFtoMpD4jy3HzY54rl
xVWnOS9jBxtvvvf5ndgaNanB/Waild3T02svJep6D9q968w/bY+KGs/B/wDY9+KPivw9dix17w34
W1LUtOuTEkoguIbaR432OCrYZQcMCD3Brn9U/b6+FunfGTwR4Hj8WaVqOq/EGO5fSLixvYLiykMG
0GNpVfAd2YKijJdgQOazP2lf2vfhBpv7OfxCv9Z1fQ/H3h7RdHmbX9D0XUbW+u7i0ciGRDEJV4O/
adzKOeuamlCoqkeaDd2um+tv+AaV6tKVKajUSaT1vs7X/BNM8T1D/gqZ4h+Ftpq9te6XN4q8Q30/
grQdBguLmGzsZNS1rTzM0krxwB4YQ6MzZ805wFCA4Ec//BQ/4z+O/HPgfTvDnhXwtF4ifxf4r8K6
p4f/ALYJ07Um0yxSRJPtslt5qKrszjZGpfaFOATiT9sS/wDgL4u/ZkSTSZ7aNPH/AIh8OeG5b/wz
b6brN5pd4uEsFnjuGeKPyY8of+Wiqx25PNdD+xV4O+CP7Pvwa0e5vtVtNPvfD3ifW/s2seLtV0y2
u59QlcwXssX2aXyEV0AURjDKoAZVbNem54dUvaez12tZ/wAtu9t/n1PDUMVKv7H23u2TumtFzXtt
e9tNdOhl+G/29/jV8X/it4GvfBPhnwRL4V8VfC0+NpNJ1PU54rtZlmhSVVeO3bc6vJ5aLuCurFmK
EAHkbf8A4Loal4xtvDw8K/D+11SfxxY6Xa+Gmm1Fo4b7XJZdPF/p7kKSoto9QRg+Pm8txxg49R+D
nxf/AGdPiJ8cpfBFjpGkeG/EvwQvofDegNf3VvZm58xVlWLTys5kuIsohKMvXadp610HhLR/2Vfh
vBo1ppF98HdLTwPqNzrunRxazZr/AGPdSHyZ7hQZPkJOEJPAKgcEDEOrQi7Tovpb8Wr6630/HyNI
0cVOPNTxCs27vTdWTtdaW97526XOAg/4Kt+KvEPxc8a6BB8MPEcXhPR/7c0uy8T2llfOkF/psUxa
SeWW0+xpFJJBIqbZpWVtgdOSByGof8FfviDp/wACrnxL4f8AA2g+ILbwJ8PfD3i3xZd63rrWl1NN
qsG+KO2jt7XZIVwS7ERKTkALgA/Qmr/Db9nSy8cweJb2P4cW2t+NjLdW1zJqUEX9svdRmGSeFfMC
yvLHIyGRAWYORk5rwz4+/sIfs/8Axr+Nuk2U/wAUPDPh3TNF0y28O3vgrT7nSY5Lu105i/2V5WBu
0VFUBlD5RUONhyadGtg21zU2lZd3tvs+u3RX1FiKGYxi3Cqm7taNLfbdW0evVtaIqQ/8FRPiV8Nv
2m/FPh3VtB07xN4R1L4qxfD/AEe9kvY7ObRprmxjmtovKjhJliDiRnkdiwDADOK9Z/4I/ftR/E/9
rP8AZem8XfEs+HZ55dVu7SwutNZkmnWGeWN1miEaIm0qoUqWLjJbaeK2fgJpnwC/bA8NJ408KaP4
e1nPiZfE8p3q11a6vbl7eO7lRXOyTZGdhPDJg4wa9S+DvwC8Efs+2+qQeCvDem+GbfWbk3l3BYKY
oZZTnLhM7VJyfugVhisXQVN0lT5Z6fhv10udeBwOLdWNd1eem+ayT72t01t66X36HoX2r3o+1e9U
PtXufzo+1e5/OvL9qj3fYs+bf+Cjf/BQTxF+xDbaFdaX4GGu6NdpJcatr97LdrpmiopAWOX7Jb3E
yPISdrvGsfykbieB5f4T/wCC1t942+Oes2OlfCfxPqnw28L6leaJrPiKwtr26ksri1t2mknJW2+y
CAsFjVXuFmIdXKKGAr6g+Mf7LXw4/aC1S3vfGvhDSPEd1bW5s1e8jLboC+8wsAQHjLfNsbK55xVe
D9kT4XWnxBPiqDwP4fttdadbl7i3txCJZlXYsrxrhHkC8B2UtjvXo0sXg1SSnBuVnrf7uv8AXY8a
vgcxlXcqVRKF1pbW3Xp10/zR84xf8FYfHjfs3aH8Xrj4d+ErHwL4z1OxtdBJ8UPNqKQz6jHZu11E
IFRGVWaT5JHVSArYJzWTqf8AwWN8Z6h8XofBnhz4d+H9V1TUPidr3w8sftGtSW0Uv9n29tLFcO4i
bbvachgAdoTjJNfQj/8ABPH4GPoWqaX/AMKv8JLpusx+TdWi2YWAp5yz7UQHbGPNRXwgX5lB61c8
C/sI/Br4ZXmjXHh/4eeHNIl8O6pNremm1hMYsr2WKOKSdADgM0cUanthBxWixuBV37N9bfdp9rp+
Jg8uzRuK9qktL7XvfW3u21W3Y8x+Ev8AwU28Q/Fj9sS78BWnw01s+DdO1y88K3niGOx1FxZ6jaRs
ZZJJPs32NbYzIYl/0nzTvjYxqGwP12/Z/Ofg14fPrbf+zGvz5t/2avh/Z/Fd/HEPhbS4PFUtwbuS
/iUo0k5i8kzMoIRpTH8m8qWxxmv0F/Z6Ofgt4dPXNqP/AEI17XDlalPFv2St7mvrdHzPGdDEUsBH
6xLmbqaenK7L+r+p2VUPFfiey8E+FtT1rUphb6dpFrLe3Up5EUUaF3b8FUmr9ch+0B4D0H4o/Avx
j4b8VahNpXhfXdGu7HWLyK8Fk1vZSQss7eeeIgIy+X42jJyMZr7c/Mj4I/Yf/wCC+p+J/wCzf8Yv
Hvxk8HSeFbr4d6TH4/0vR9Dg8y91XwhdZFldBZp9r3JaOQSDeifNGQF3V3niX/g4C+FHg/xpF4W1
LwN8WrbxfceJPDPhiDRDYaYbiebxDazXOmTLIL77P5LpCwYmUOjMoKdSOb+MH/Bv3+z/APEH4GeL
7r4C2GmfDjW/iD4GufDFpqmi6hNPomp2d2EkSaeJXZbheEdXU54UgnioPj7/AMEAPDfj/wAJfDmT
wt4hvdI8caP8QfCvjHxf4n1HUby91DWrbRLWe2itLaRnJttiTEQ7QAmAW3EA0AcX8bP+DgSbW/j/
AOBfD3w70248O6OH+I2i+PLXxPoSXWs6Fq3hnSYrxY4UgvRbyqJJPmCzlZQNokjOWHvX7HH/AAV8
0L9p3w/oWi+HvDXj34leMbHwhoXibxXcaJoljpVtpKapbia3Z4LnUCQzpuk8m3kumQAjcx634f8A
ghh+z3a3ej3cWheIV1LS28S3E9/JrtzPeaxdeILRbTVbu7lkZmmnliRcMSAhGVA6V0nwt/4JH/CD
4G6jot74JTxp4PvtM0XTfD17c6J4nvbCXxBY6dGI7OK9MTr5piQFQ42uQxUsVOKAPDv2iv8Ag4O8
AeFfDnxq8PfD/Tp9X+Knwu8Har4otrK5u9M1LSrj7DIscqyy2F/IYyjOGaKRopSisAC42VS8Rf8A
BdDS/gX4y8Lat8WW1Dwj4dvfgna/EvVtDg8MRXdwk82oQ2aNDfRalINssk8YjtzbkhZFaSdGDRjq
fCv/AASv/ZD8NXPjyIa4L7S/C2g6t4P8SabeeM2ax8L6fq7i5urSXEgNqWPzqzuJAGzu+7jX8Ff8
Euf2Uv2rNAs9Qt9Tg+Mui6R4H/4Vi0w8Xf2vbtpK3iXscEktvJkTRSpFskDh0WNADxmgDc1j/gsx
4H0DU59Eu/h78VovGcHi3R/BjeGPsmltqP2zVrKW8sXDi++y+TJFC+W8/KNwyryR7H+xf+2R4e/b
h+E194s8O6R4m8PrpGuX/hzUtL1+2hgv9PvrKYxTxSCGWWM4YcFJGBB69q8p1f8A4J8fs+/AfUfD
uteKddvLHXLrx1pHiO01vxR4udr7XNasreW1063MtxJiUJDI6JBGBnk4JyT2Hw/1f4A/8E8rzW/B
snxF8F+DNT8Za9feMbnTPEXiq1t724utQnZ5ZY45pFfymkVgoAx8pA6GgD6BorC0H4n+HPFPi7VN
A03XdKvtc0SGC5v7CC6R7m0inDGGR0B3KkgR9rEYba2CcGt2gAooooAK+AP+dpr/ALtV/wDdur7/
AK+AP+dpr/u1X/3bqAPv+iiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAr4
A/4L6f8ANlf/AGdV4G/9vq+/6+AP+C+n/Nlf/Z1Xgb/2+oA+/wCiiigAooooAK/FX9uz9jTxh+1F
q/gbWPBPitPBWteG7S6szqsV5NBOkFyYDJG0So8d1C3kIWhk2Bio+cAmv2qrwyP9gfw1FGqLr/ij
CDA/eW3T/vzXzHEGCxlarRq4NJuPNe9uvL332Z9pwpmmX4alXo5g2lPktZP7Lk91tuj8iNV/4JZe
J5/2mrnxM3jiXV/CV34uPjMabeajPDDbXjRhWU2iRlJRgFA/nRnYwXHy5bi9K/4I8ePbX4Ta14Su
vG+mXegQ3lldeF9GfUb1o/DUlvJLIJrO7K+bbHc67YykygA5Lnay/tZ/wwX4b/6D/ij/AL+W3/xm
j/hgvw3/ANB/xR/38tv/AIzXhrL88SS5V06x6H1Es54Zk225a36S67/LyZ+NGrf8EjPiB8QvDVnY
eMfipY67fy+C9a8N32stp5W7ae+uIZomIGPPVBFteR2V3B6DtQ8df8EefGPxM1m58Qap4j8D2+ra
p4i8LX15pdlaTppiWWiwSwYUsCzyzI4+UqFUDblhzX7Tf8MF+G/+g/4o/wC/lt/8Zo/4YL8N/wDQ
f8Uf9/Lb/wCM01gM8W0Uv/Ae9/z/ACFLN+GJfE5P/wAC6K35N/efmV+zx+wRe/Cz4JfH7wPqWt2V
rY/GLxNruqWE2kKyto9pqNskCqFYKBLHhjhfl6YNfNujf8ELtfTwvqOn674rsfE01v4Zt/C2mXF3
q15Gfs0F5BcwlFSL/RAjQkqgM6gt3Gc/uP8A8MF+G/8AoP8Aij/v5bf/ABmj/hgvw3/0H/FH/fy2
/wDjNRTy3PINyjFa2b1XQutnfDNSMYzcmoppaPZ6s/I/4Yf8E6vir8P/AIifCPxhqPxK0fxZ4i8B
za1Ffz6laOJWtdSihiG2ZBm5mgWMkPMqmXIB2AAV5Lq3/BGT4ueMLzxZfeJfibofiTWPEHgzUPCo
1C9ubxzI017HPDIISpjt4ljTaYoflBAI3ZJH7lf8MF+G/wDoP+KP+/lt/wDGaP8Ahgvw3/0H/FH/
AH8tv/jNXHAZ3F8yhG//AG73b/NsipnHDU48spTt/wBvb2Sv62S/ps/IXxR/wTQ8efEOGfU9X13w
XY65eeLPCeryW+nrcfY0stDjeMfOy73uJRIeqhVCqMnGa5nxZ/wSQ+INxoNlL4b8caP4Y8W2HiLX
9Ttdf0+6u4Li0tdTu/PMJQKUnTaFDxMq5I4kAyD+0H/DBfhv/oP+KP8Av5bf/GaP+GC/Df8A0H/F
H/fy2/8AjNKOXZ3G1or749rfkOedcNSveUtfKXe9/W+v5H4za1/wSD8Uar8QfEmvyeIfCNxfar8S
/D3jW1u2tpIp4rXTo5FniwqYR5C4KqpKDuRgVu/CP/gk9feB77wXcatceC9Sl8PXPi+a/f7Kzter
rGfswy0fzeVn5t3T+HNfr5/wwX4b/wCg/wCKP+/lt/8AGaRv2DvDSDLeIPE4A7mS2H/tGlLLs8a5
XFfeu1vyHHOuGYy5k5X32l/Mpfmv0PxDtf8AgiL4v07w/wCG7ZPiIJFfwxpvhvxDYQX89laSLZym
RJIysTmZMnd5TrHhxnfzx7Wn/BObU08c6ZrwvvDQ1Cx+NV18SXuhE4uH02aCSMWe/ZnzdzISCdny
9elfqf8A8MK+F/8AoY/Ev/f61/8AjNPH7BnhtgCPEHig5/6aW3/xmipl2eT+KK69Y9QpZ1wzT+By
6dJdP6ufnR+zD8Ffil+zf4K8P+C4b3wBf+FtG1q9knu3W7/tC60+ee4uF2oMRx3AklVSCXQqpOck
V9A/aK+lv+GC/Df/AEH/ABR/38tv/jNH/DBfhv8A6D/ij/v5bf8AxmuKtw9mlSXPKCu/Nf5np4fj
LJKMFThOVlorxeiWlj5p+0UfaK+lv+GC/Df/AEH/ABR/38tv/jNH/DBfhv8A6D/ij/v5bf8Axmsv
9WMz/kX3r/M3/wBecm/nf/gLPmn7RR9or6W/4YL8N/8AQf8AFH/fy2/+M0f8MF+G/wDoP+KP+/lt
/wDGaP8AVjM/5F96/wAw/wBecm/nf/gLPmn7RR9or6W/4YL8N/8AQf8AFH/fy2/+M0f8MF+G/wDo
P+KP+/lt/wDGaP8AVjM/5F96/wAw/wBecm/nf/gLPmn7RX2p+zqc/BHw2fWzH8zXA/8ADBfhv/oP
+KP+/lt/8Zr13wP4Rg8BeEdP0a1lnng06IQpJMVMjgd22gDP0Ar6LhrJ8XhMRKpiI2TjbdPW67Hx
/GfEWAzDCwpYSTbUru6a0s11NWvOP2x/B2p/ET9kT4q+H9FtJNQ1nXfB+r6fYWsZAe5uJbKaOOME
kDLOwHJA5r0eivtD84Pyl1L/AIXb8ZP+CYfw6+Depfst/EXT28CxeGtB8RDVNRtg9/aQWrQ3F3Yx
WeqWz3BjkhjPlSzxAiVWIbaQPHPiR8Pvjj+zL+zb+zN4VSx8QW3xT+N1p4m+A+radqd+ZtQ0rR73
VJLq01Ndk0oMlhYxyMGMrhEmGXIUE/t7TJbWKaaOR40eSEkxsygshIwcHtkelAH5Y+M/2IvjXpX/
AAVYsPEUth41n8GeHPEvhkeAdX0NftOn6P4ct4oob/Tbnfq1ukCMPPMpayuZJdysjA4QfR3/AASB
/Ygu/wBmT4Tar4q8WReL7b4k+MtT1VNXttY12e+gtrRNa1GWyW3gaRooFaCZHxGBu8zLc9PsOigD
8efAX7OviP4v/wDBOv8AaA+G+h+EP+En+K/gr9oS48aeNvAuozJZN49tRr0Wow28kkvyi3vNPSHy
5DlHMGOecel/Gz4beNv2nPhn4ev7v9krxl8Ofh8nj22ufG/grQNZ02y8Q+NtOj0i5ihuX+x3MKCK
3vWtgYmnDyJCrcBQtfpwltHHM8qxoskuA7hQGfHTJ74p9AH4Tftd/wDBK39sX9s79nz4EeBNU8P2
OpTfCrwXrWpPceI/Exgkt9Svp5odNtzNEsxub2xs4rdixIQu/wDrSck9Rff8E2f2iP8Agp/+1tYe
IPiv4Zf4PWXjH9nSLwP4x1bUtDtNd2anFrYM0Fqn2hRBcTRotzHP84jRioG8gr+2NFAHw54I+Hza
H/wWH8AaN4JvH1HQvhH8FZPC/jG5EqyGEy3ds2lW1wV4Fwy29zMFPIQlsAOM/cdRxWkUEskiRxpJ
MQZGVQC5AwCT349akoAKKKKACvgD/naa/wC7Vf8A3bq+/wCvgD/naa/7tV/926gD7/ooooAKKKKA
CiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAK+AP+C+n/ADZX/wBnVeBv/b6vv+vgD/gv
p/zZX/2dV4G/9vqAPv8AooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACvmP8A4Ka+ONC1
z9lPWbC21jSby8F/aA28V1HJLlZ1yNoJPGOeOMV9OV88ftef8E/NB/aIW913SGj0TxpKi4uiW+y3
pXgLMgzgkcb1G4YGQwGK9fIquHpY6nVxMnGMWndK+zvr5eav6HlZ3TxFTBVKeHipOSas3bddPPyd
vU/L77HD/wA8o/8AvkV+t/7Inj3Qpf2cvh1pya1pLX48P2MX2VbuMzbxbpldmc5GDxjPFfn5oX7A
XxP1z4rXfhI6EbW5sVWW4vpn22CxMcLIsvSQHn5VBbg5AIOPvr9mP9ibwf8AszWsd1ZQHVvEjx7J
9XulBl5HzLEvSJTzwPmI4LNX3nHOPwGIoU4Qq3ktUo2e66u+n4vyPiOC8FjqFecp07RejcrrZ9Fb
X8F5nrmpajBo+nXF3dzR29taxtNNLIdqRooJZiewABOa+Tv2Yf8AgtZ8Fv2uPiMdD8JRfEFNJnju
prHxZqnhO8sPDOppbI7zvFfyKIgqLG5zJsBxxmvqrxLp9xq3h3ULS1mit7q6tpIoZZYRNHE7KQrM
hwHAJBKk8jivx++GX/BsF4pk8WeP7jxB8RPA3w80jxd4Z1Pw9Lp/ww0nUdPs9fe7hZEuNQtbq7lg
VYWIkWG3VATxuAAr8sP0w/UW3/bK+EF54PuvEUXxW+G0ugWVylncamniayazgncFlieUSbFdgCQp
OSAeOKsTfta/Cq3bQFk+Jvw+RvFahtEDeIrMHWAZDEDbfvP3wMgKfJn5hjrxX5YD/g28+KV14W1e
/wBT8bfDHWvHs2s6BqNnq09z4nimLaRa3ltbXRul1DzYLhI7lAiRgxxrGVwfkZPZbv8A4I0fGxfi
j8F/EMPxq0htW8HaLZ6R4x8S/Z72DVteii1SfUJrf7Okv2K6hk88x7ruJ5Ml5XaR24APtPw/+2d4
Eb4fXfibxVr+geANMtfEGo+HVl8Qa9p8EU9xZ3MsD7ZVnaPLGJmEZYSKOHRGDKNrxV+1b8LvAuq6
bYa38SfAOj32tW9veafb33iG0t5b6C4Z0t5YleQGRJWjdUZQQ5RgpJBr4/13/glJ8S/BupeFvGvg
Hxf4EHxG8G+MvG+tWNv4ksLq80C507xJeTzSRyxxMkouYUeMBlJRiHUgqwI5f4mf8EHr/Xf2bfEH
w+0rxR4fvpLj4KeGfhdpOqaxau09td6Xql9fTXZ2qxjikF1GqIhJXywDwASAfoN8SPi34V+Deiwa
n4v8TeH/AArp11crZw3WsajDYwTTsrMsSvKyqXIRiFByQpOODXLav+2Z8H9A0HSNVv8A4r/Day0z
xAjyaXeXHiayit9SRG2s0LtKFkCtwSpODx1rxr/gqL+z98TvjV4A+CMHwtstFv8AxR4J+J+jeIpp
9X+fT7G3tra8R7idBLFJJGryRgpE3mHdkA4NfIPxN/4N+/jPf/Ayx8F+GvjToqaf4kt/EV94z0u4
m1fS9Jk1jVp/PNzaRWFxE8kMQJiWG6aSLblmRy7LQB+mmt/tO/Dbwz4rvNB1L4h+B9P1zT7Y3t1p
1zr1rDd20Aga4MrxM4dY/IR5dxAGxGbO0E1kw/tsfBq58LTa7H8XPhjJolveRadLqC+KbE2sVzKG
McDS+btErhGKoTubacA4NfMngj/glV458DaR8c7jRvH+jeG/F/xK8B+FvCnh7xFZ6f8Aabvw9c6V
pUllPMRKo+SVnBG07guTwwFfLnw7/wCDcD4qaf4w1zWvFPxG8Ea1c+I/HvgfxjfK8urX3nR6Gbs3
cTyX0k80jzfaRtLyFeGG2NdqAA/UnwB+158J/ixr9lpPhb4ofDzxNqupW8l3aWeleI7O9uLqGMkS
SxxxyMzopVgzAEAg5PFcL8d/+Cn3wM/Z/wDhH4g8aaj8R/CWtaZ4Yubaz1CDRNas767gluJhDGhj
WUYbduYgkHbHIedpr5l+Hf8AwQ0n8O6rp0V7rfh2x00eM/H+s3s2i27W1+mmeI9OnsobeCTZhZYP
NDHPyDYMZwBXmPwk/wCDeP4heB/gp8QPBmq/E3wxqslx4Ns/B3g/WXXVrieO3stTg1C2W7gnuXgg
iD24Ux2qgDzpGUj7pAP0jg/a3+FN1rmi6XF8Tvh7LqfiRIpNItF8RWbT6okpKxtAgk3ShyCFKA7i
DjNM1P8AbA+Eui3WsQXnxS+HVpP4eleDVY5vEllG+mSJKYXScGTMTLKChD4IYFTzxXwn8bf+CNnx
q+Ov7TE3xA1X4k+C4bP4gS+Hr/x5odpNrlpYR3ukmEJLYxQ3aJMuLeJ0W7DFJAWyQdtdF+0n/wAE
YfEHxh/Zl8ReF9L1H4fp4uv/AI0at8VdP1PUIdRgNqLm8vJ7VVuLKaC4iuoRcpiTMiAow2nIZQD7
38B/EPQPin4Xttc8Ma5o/iPRbzcINQ0u8jvLWfaxVtssZZWwwIODwQRWxXjP7AX7OvjH9lf9lnw7
4L8ffEC4+J/i7TzPNqPiGazS1e9kllaTGBln2hgvmSM0jkFmOTgezUAFFFFABRRRQAUUUUAFFFFA
BXwB/wA7TX/dqv8A7t1ff9fAH/O01/3ar/7t1AH3/RRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRR
QAUUUUAFFFFABRRRQAV+f3/BfmVYIv2LZHYKiftU+B2ZicAAfbsmv0Br89P+Dhf/AJF79jn/ALOi
8Ff+g39ZV6jp0pTXRN/ci4R5pKPc+9f+E90X/oLWH/f9f8aP+E90X/oLWH/f9f8AGvy5/ah/bL+L
mjf8FK7j4M+B/EPw58K6Bpvwob4hTaj4m0ae9SS4TUJrZoZJEuoBDCUVCXwxXDHBzxx//D7vxRfe
A/AWoaH8G9Q8U6nq3gnTfGfiW0sri+8yyju5poliskhs5/PZhbTSL5rwqU2DeSTj87hxVm84xlTp
Qd0n10T2vdpa2fU+nlk+Di2pTkradOm+yP12/wCE90X/AKC1h/3/AF/xo/4T3Rf+gtYf9/1/xr8g
f2+/+CsfxS+EPwf+POteEvhwdP8ADvwf1uz0I+L18QWhlnupZdJYRLZTW0hBaLUG3MysoCjB3E7O
kg/4LOarb/GzVPhnefDCSLx14d8bTaTqmnjWGYw+GYrF73/hIVPkDcrQoMQcfM6r5mSBVR4nzmVN
VY0YNa9drKLu/e00kv1E8owSlyOpL7vNrt5M/Vr/AIT3Rf8AoLWH/f8AX/Gj/hPdF/6C1h/3/X/G
vzO/4Jz/APBVfWv27fHo03UfhH4j8E6Lq/h4eJtB1xpLi7sL2385YjbyyvbQxpc4dJNkbyqUY4fI
Irrf2tP2ofiv8J/2wPhJ4F8D+GPCGt+HfG+maveancapq0tndQ/YzbF2i2wyL+7jmDhTnzWbbmIL
ubCfGGawrvDzpQUkm9X0SbevNbozRZHhJU/axnJq9tu+nY/QT/hPdF/6C1h/3/X/ABo/4T3Rf+gt
Yf8Af9f8a/Cn9iP/AIOFPGNl8FvCtx8cvAdxdtr3grX/ABdp3inTL23U+IP7MmujLALKNALfCQ+W
GZ+WXcRhs19lf8E6P+ChniL9ty48R2/iT4V678On0qzsNT068lkuLnTtZtruNnAinltoN0sWAsiq
rKCwKuy4J3xvE+c4VSlVow5Y9U7re2nvXevlddUjOhlGBrcqhUld9LeV+39dD9DP+E90X/oLWH/f
9f8AGj/hPdF/6C1h/wB/1/xr83/23v8Agpzq/wCyj8ebTwT4f+GGtfEN7LQrbxLrrac90bq2sp7y
W2RbaGG1mE03+jzvtleFMRgb8nFcCf8AgtNq9l+1daeCbz4R3Mfge8+JY+GMfixNfjL/AG6S3SeB
jZNEJBlWJcEgKAMMxyozp8V5xUgqkaMLNX36L/t77lu+hU8mwUZcrqSve23/AAD9Xv8AhPdF/wCg
tYf9/wBf8aP+E90X/oLWH/f9f8a/K5P+Ct3ju7/Zr8TfGG3+CtrJ8P4ZvJ8MT/8ACYQi/wBbYazb
6Xtmt/I/0YuZnkX5pAPKKuU3KTh/FP8A4LM/EL4E/EzU/h34y+A39k/E/VbHSbzwNoEHitbyPxa9
5epaTwC5S32RPbli7Y35VGJ2jmrjxRnMm4xo07p2+Jbq1/t9Lq/brbUUsnwSV3Ul9z+XTrbTv0P1
t/4T3Rf+gtYf9/1/xo/4T3Rf+gtYf9/1/wAa/Hhv+C4PjzU/GuuaTZ/BvREsI/HXiP4baTqsnjAs
Z9Y0y1kniaW3+yBkt5QgDOrMUyeDgbov2R/+CtXxG+IXwU+APj/4nado+kab48tPF+p6oPDz+bHe
2OkWD3CzGCWJpIpA8UqiKOY52qxZt/lrcuJM5jDnlSpr53e0n0k/5WQsqwLlyqpL7vNLqvNH7Gf8
J7ov/QWsP+/6/wCNH/Ce6L/0FrD/AL/r/jX5R3X/AAWT8S+Evgr4t8R+J/hNaaZrmn+CdI+Ifh3S
rPxOLyPWtJ1G7FrGJp/syC2uUZl3JtkU7uHIBI+gP2KP2sfEv7Sg8f6X418BH4b+MPh7r66NqGkL
rMWroUltILuCYTxqqEtFOuVAO0jqe3NX4vzalB1J0oWXnft2lqtVqtE3bc2p5Hg5yUY1JXfl6+Xk
z7c/4T3Rf+gtYf8Af9f8aP8AhPdF/wCgtYf9/wBf8a/Lv9rr/grH4p/Zs/aE+IPhXSvhdp3ifw38
LdE0fxD4h1aXxP8AYbpLO+uDC3kWxtnEskZG4KZF3AEZBwDoaL/wVcvtU/bGm+HA8E6deeGLq+13
SdN8S6drFzco97pVrJczQTBrNLdXKxOCkVzK8ZwHUHIFrizOHBVFRha19+lk/wCbs07bkvJcFzcv
tJXvbbre3bufpp/wnui/9Baw/wC/6/40f8J7ov8A0FrD/v8Ar/jX5B+HP+C0vxN179mzwp8RZ/gd
oGlR+PIHvvDWnT+NJru61y1gt5JruSKKz0+eVTHtXiSNV2vuZk6VmePf+DgLVdL0iPXfC/wSvfE3
hq0+HWk/EjWLl/E0FlPpVld3DQSxmN4j5rxlcLsPzk8hAMnZcSZ23yqhDe26te9rX57b6euhm8qw
CV3Ul93/AAD9j/8AhPdF/wCgtYf9/wBf8aP+E90X/oLWH/f9f8a/HnVv+C+9/omoeJfC978F9TsP
iRpni/TfDGn6FJrouYbiLULKW9t7qae2gmKEQwkvFFHMwLKAW5xd8Jf8Fffib8Qf2gvhBZJ8LovB
vhTxR4Y1nW/GGl+JnurTWtHOmzqtzJb5hHmosDLJGpjXz/MxmLblh8S50leVGCVr776c2nva3Wz2
H/ZOBeiqS+7zt27n68/8J7ov/QWsP+/6/wCNH/Ce6L/0FrD/AL/r/jX49WH/AAXn1y+/Zx+IPxOb
4J6rb+G/D3hiHxX4duZtRuY7fWreS/itPs88z2axw3IWaOXbC1wpUkB/lOPtr9m74l+Mvit8GLDx
D4z8GQeBfEGoeZKmjJrEeprHDuPkO08ahcum1iADtJI5xXLiuMM2w0eatSgle2/Wye3NfS6v22Na
OR4Oq7U6knpfbp9x9V/8J7ov/QWsP+/6/wCNH/Ce6L/0FrD/AL/r/jX5Y/A3/gpT8WW8I+HtV+JH
w+8FWdl4r+K0nw4sLvR/Ek0jREX+oW0jyRPbAfufsaKpD/vtxbEP3K4XV/8Agu14rvxpEHhj4OaX
reoamPGU7xXPi/7FHDB4dlIkcObRgzTRqzBcAK2F3EEsOhcT5zKTjGjTdut9NLvfm8mZvKMEkm6k
lfy16eXmfsR/wnui/wDQWsP+/wCv+NH/AAnui/8AQWsP+/6/41+KFt/wXw1C38TeI/HK6Dfap4Gu
vh74a1rQPCwRIbtdW1LUZLN43uQjMYwy/e2sCqZVSWAr7U/YM/a71v8Aa9+Geuap4l+H2ufDjXPD
utz6NcWF8twYL0Rqjpd2sk8EEklvIr/KzRIcqwI4rPF8V5xhoe0q0YJKy67tJ2tzX0vr08yqOTYK
rLlhUlf+vI+2/wDhPdF/6C1h/wB/1/xo/wCE90X/AKC1h/3/AF/xr4A+O/7SGv8AxB/a88P/AAJ+
G/iRvDevWumz+JPGGrf2WlzPpGnhEW0WFLkeVL9onk2mRBIEELqdrEY8y1f/AIKl+O/FHwJ+IXxM
8O/DKzsfhT4e0/Xo9H8WX/iSL7fqF3YRzxQzDTRCf3M15EsKgy78uCUANTT4wzScYtU4a23ut9t5
LezaSu2lew5ZHhItpzlp6Pbfp06vY/Uz/hPdF/6C1h/3/X/Gj/hPdF/6C1h/3/X/ABr8k5v+Cinx
Q+CfinV9J1nTL/4jeItIfw/4HtNMs4BFb6v4kn0k6rqlw32SzmuIktoANyxrKMMAEBBI6Pxd/wAF
WPiH4e+HOiXUfwSEHi7/AIR/xN4n8RaPrOvz6RHounaNLHELtHnshNJFcmVTHvgifrlRhiNHxVm9
1y0qbvs7tdL9ZLp176b6ErJ8Hreclby87dF/W+x+pP8Awnui/wDQWsP+/wCv+NH/AAnui/8AQWsP
+/6/41+Xv7PX7enxp/aV/bot/Dmj+BPDGmfCvTPBWha74j/tDUJU1jSrvVLc3KIrCMpIyKChhKpk
ASGQZ8seq/tvft7Wv7FPi/4b2ep6Kuo6X48udVtZrw3vkPZS2mmT3sMaJsbzpLiSIQquVO6QY3HC
nGfGOaxqxoeyg5NXsm3pa/8ANvbWxccjwjg6nPJJO17edu3c+7f+E90X/oLWH/f9f8aP+E90X/oL
WH/f9f8AGvyQ8D/8Fute+J/wAHjPw98J7bUr+w0e3Or6SviUCSx1671xtJstFV/Iw8spjkmLkKEQ
JkEOrHj/ANsf/gst8U/gOnxE+xeBtH0fxT8OvDGmnUPD17rcV/b2+r6vqMkVjGZIYd08q2kSzGKO
VEImdScoGrqhxJnUqns/YwTvbfrdL+bu1rtqu5jLKsCo8/tJWtfb/geT+4/Z/wD4T3Rf+gtYf9/1
/wAa0LDUINUtEntpo7iGTO142DK2Dg8j3BFflJpn/BUn4kWnxW03wDJ8G5/FPiPwxNpGnfEOfw9c
6hd22i3d86ZFq62BhlEVu6TyefNbgBiimQqTX6e/CQ58AWJ/2pv/AEc9elkWf47F4z6tioRinByT
T7OK7vRqV/PQ5cxy2hQoe1pSbd0nf0fl5HSUUUV9meEFFFFABRRRQAV8Af8AO01/3ar/AO7dX3/X
wB/ztNf92q/+7dQB9/0UUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFfnp/
wcL/APIvfsc/9nReCv8A0G/r9C6/PP8A4OGP+Rd/Y6/7Oh8Ff+g39c2N/wB3qf4X+RrR/iR9UZX7
Vf7OX7Nvx4/ap8F6P8U/BWieKPiV4q0W7i0b7XbzytJp9i3nTI7IRGsavc5Af7xkIGccejeO/wBi
v4U/Eq+0q41bwXpMk+jaUmh2bWzSWZj09DlLM+SybrdcnETZQZPHJr47/wCCj/8AwTK+Kv7WH7Zz
/FDRLrw/faF4U8O6To+leFtS1B4LLxUg1T7VqNtfFUJjheIIPlyJDGgYbcg8Zof/AARa8e3X7edx
478Za02reFLTxyPGel6paeKVtJNKsonEkGlfYTp8khSNVEO1LyOEx9EBGD+FQp0nQhL624tRbtdu
z7LVW0a+adr6pfos5TVSS9hdN7913ej6/wBd/wBAvHX7I3wz+J3w/wDF3hXXvCOk6p4e8f6lHrGv
2Mu/ytVu4xbhJnwwO5Ra2/Qgful9883468P/AAd+Gf7V+ga3f+GLKX4seP8AR7jQ7e9ttNkubqbS
rYRvOZ2UFIrdN0StJJgEvGgJJC18gf8ABBf9h6fwT4Vf4l+JJdeeLw9ca34T+Hemanay2i6Zokmq
z3Ml75EoDLcXMrlS21T5USDkMa73wp4H+IGu/t+/tnebYXR1zWPBOjWHw6vL3zIrA2zWN0HjjmwV
QC+YNIE5BwSDxWVTDqnXq0FXcowXmrtuMbbvbRy8otdEzSNVypwqOmk5P1tZN/5pet/I7H9jf4m/
si2Hi3wRefBhtDg1f4g2epWnhqDTdO1BGazt7g/bTHbumLO18+3wXZIoneMBSxxn6L+Kf7Png341
a/4d1bxPoVvqep+Ep5LjSLsyyQz2DyBRJseNlO1wiBlJKsFGQcV8L/sE/sf3H/BFvWpk8S3mma18
N/EmgWEUviBrSfUNf0zXVQm4sIlt7dpG019jyoCQI3zwS5J9N/bOuLj/AIKTfA+00H4LeJDPqHhD
xNpfiDXNG1my1LRLHxXp8TyGTSpp5LcERzkAnCSD92Ay4bNPF0YyxalQqydP/n423o+70tvZpvfX
RMKNRqg1Ugub+Vabfn3/AOCjs/Gv7LX7Nn7Op+GWl6p8OtCtLKae68DeF1OnzXlna/2oJmms3BLI
sdyXmUmUbSX25BIB9a+CH7LHw/8A2b5LpvBPhmz0A3lvFaSeTLLIFgiLGKFA7MI4k3ttRMKNxwK+
RfjLrWp6A/w0+GFv8KNJ8JQ+H9Vi+KXj8+D7KWfQvDlrplwb22tYJVghW4vbqW2gQokYbG9tuCpP
098OfFPjj43fscRaxrfhy18N+OPFfh64uY9Cku5bUafLPE5t7eaYK0kciq0ayOqEq28heAK58Z7Z
UouVRtSet5Xvq7O135vd9Hf3ka0fZubUYpW8vJXX5L8OhqfGP9kf4a/tBeJoNZ8YeE9N1rVrWybT
RdO0kUr2jPva2kaNlMkJYkmN8pknjk1Uu/2K/hRfatDfy+CtGe7h8UJ40il+cFdZSIRLej5seYIw
F9MDpX56fD3/AII8/GnSf2PvGPhB7jw1oN/PqmkS6XYwarZy6rq2nWszy3VleazDpcIkSZjC6Ge1
uCrQtv3LJhfXP2VP+CSJ8Hat8NLPx9oOl6z4S8LweItdv9G1nVYfEMKa1qUlpBFEo+x20LwR2kEz
kiBAJZ2wp+8empRpUoNLF3UW0ku1r6e91emml+pjCpOcleha9nr627fPufTlj/wT6+CmmjWFtvh7
oEEWvy+bewxeYkEj/aorwlYw2yMtcQQytsC7mjUnOKf8VP2PdH+L37X3wy+LmrX6SXPwqsdSt9K0
77FGytcXqJG9w0x+fKIuFQcAsW64x8N+Hf8AgiB46ur/AOOi3HibSfD9tPqniXUPhHFYXEi2+iz6
yAst3cKigxSJFGkEflgmNZZWGTtxzHwl/wCCDXjCH4cXuleIRHp//CXa54ds/E1i3i1NWtLvR9Pu
vtVzMI49OtEE0jwwIit5jBWfc5PXZUqCvN427Wm19JKzteX8ujt107Mzc6mkfYee/VbdO+3lr5H2
h+zN/wAEpvhn+z38R/FnjK+s7fxn4o8ReMdY8XWeoapbAtojalgTW8CbigAXcvmbQ7BiDxxXo3w6
/Yb+Efwjt9Fg8O+BdE0u28N3F9caXbxh2g0976IQ3YjjZiirLH8rIBt5Jxkknk/24P2T5Pij+wR4
x+Fvwz0fw5oV3eWkX9i6fHEmn6bDNHdx3QBEa4jVnQklV6sT1NfM3wr/AOCb/wAdPA3x01zxZr2s
+F/GEV1bSfEDyry6crqPjr7FPbW0RRlIi0+1WfETcsPs8DYyma5KdWWJpyq1cTZ6qz6pJW62V7tf
fvd23lBUpRhCldd10vv0v0X9WPpfxZ+yn8DfgR8PrnRh8MJ7zRfHFxYeH7u00fRr7VmMUcpe1jk8
kO1vZQvlskpBFnJ25rt/2YvH/wAMfjLpfiXx/wDDOe01G28UaxLDrGqQ288H9oXtkFsnJEyqW2CB
YwyjYwQEEjmvju6/4I+ajaat+zTp+kaV4L03RfhL4cu7zxRcLGgn8R+Jf7PSC0uJwI8zqk5nlMjk
keYwA+avEof+CInxctP2Wvg34XisPDVm/ge31Gx8SeHdJ8URWMXiC5nkDR6u93LptxG8gXdH5Ulu
zIm0JL1FdSw+ErQtPFPmb67W97dN7vlj1srq5i6taEvdo6Lt8ttPN9Ojsfbnxw/YB+Fcn7QPxB+P
3xMx4g0oeHbKS70u9gZ7LTo9K825+0lUb9+f4tjqwBQYBNdp8KP2UPgn4p1TSfit4d8D6Xbaj4jj
m8RWt6YpraQNqdsRcTGAsFiknilIk+QMSx3fMM1yP7Rv7J3i/Wv+CYy/A7wJeRDWLrw5p3g+a91H
US5hscQ297IZTGDK5thMBlF3MwyFGRXzD8Vf+CRvxZ1L9nu38M22uw+KtR0f4hajrd9PLrUWmah4
602aApYy3l1JZ3UUc1p5hiWE27RBIh5flkLjGhONamlUxPLrypf3UklpdKz21frpdq6sXTleNG+l
/nfv5b7f5H2/rv7CHwf8S/Djwl4RvPA2kSeHvAsUsOgWiSSxDS4pUKSpG6OH2Oh2spYhhwQa5/xv
+xp+z58HvhB4mv8AXvBvhnRfB1l4QGha1NO0q28ehWjNOLdzuz5SHc3HzZ9elfGusf8ABO/xXovj
b4D/AAc8OXl9o1rfeCtc034l332ltRNloc2r2l+bKK8WC3jaSeXzrZQIkAieUiPA5+vf+Cg3hNv+
GffCWkWGkwzeEbXxx4Xj1/T7e13wro8erWvmJ5SjHkKViMi42+SsmRtzUTUoVKdOOIclNvZtWXNa
+7V5NNr7+pUWpRnJ0knFL8tttlszh7/T/wBkX4g2dz4i1vw9oNtceOfDkPxPubjVdLvLW7/s3S41
toNUZmUNatFHcKsZBjlZZDtDfNj0j4NfswfAv4oeE/AHjrwt4Ktza6R5+qeGr+6sb7T72IXTB5pG
W4CTlZioZhMpDjBIIPPyh+23/wAEr/ir+07+3B4q+M8OraJDB4Hj8Or4C0C6vDLpniK3s5jdX1tq
cJjIRWmZvLI3YIViMgY+uvCv/BQj4WeMdb03SrHWNbfU9UnjtbeF/DGrRoZZGCqpka2CKNxA3EhR
1JAqsVzexhLC1JzbXvJNtR0WjsuztfRaNW7Kjbnkq0YxXTRK+u/36/NMlH/BO74JDwjrnh1fh7oo
0HxBaNY3ulq8wszbtOlw0McIfZChljjcrEEBKL6V3P7P3xn8K/Hn4TaV4k8FXf2zw9P5lpATC8Lw
PbyNBJC8bgMjxyRshVhnK+nNfE37NnwL8d/sP/Gn4ufGv4saR4ai8OXcV/qNpZaMU8Sa7dajd3Ym
dLK4TT7e8EDjdGttNJORujwyLGc+lf8ABNTwF43+BdjaeB77SLS1sb2wuPHni27uFlEtrrWs3s9y
NKtuiEWyAiRjk8x8DzOMsXQ/dSk63PazTvpqve6vVe6tH1t6XRqe/FKHLe/TXfT5bnrXjD/gnv8A
Bfx3omv6ZrXgDRtQ0zxPqw1zUbOaSY281+JJJPtKx79scpeWRi0YUsXbOc18uX37GP7MfxV/aJ8P
6d4b0XVZdA+EOsan4D1bwhonh2+uNJN/q8CXEzXM0Y/dQIqjfISIQXCMRuCns/2k/wBh/wCIXxI/
4KCQ/EGbR/h98VPhpq3huLw7/wAI54vvZY7bwnJ56vPfwW3kTRXEjoCAf3T5bbvVRk/Ptl/wRT+L
Gu6vp92/ibR/Ceo3F98QfFt5fWN9JI1pruuRCx00x7VVilvapG/mKQyOWC5613YGpCMOapi2rrvs
2mnpdu9ly3snqmro58TGTlaNFOz7bpNfLz3e2p986t+wP8FdcstRtbz4a+EZ7PU9Gs/D9zbNZL9n
awtJPMtbcR/cRYnwyFQCpAIORS3158Jf+Cevw0m1Cc2/g/Qdc1q1tpZsXV/NfahctFawKcebK7ti
NAeQqqM4UEj80vAH/BAr4lP8K9Y0fW7qHT9T8SjRfDeuSr4xXUbbUtKg1KC9vboQpp1ttlb7Oqxr
K8zkSyBn6E9V4v8A+CMXxL1DxLZanF4Y+F+o6Mnx3uviFceF5LoWlmdFWOCKzt0Zbd0XKxu00WzD
/IDuwTTeEwrl7OpjOaN9V3sl1cmtdl2tqL21ZLmhQs/68k/M+0vjr8A9N+Gn7Zei/tLnW/HMl5pf
hgeBdR8O6F4dbXBq9nLdPNERHDE9xEUuJFkeSPjbCoYqu/d01v8A8E/fgrpOl6/bQfD/AEeKw8Qs
0+o2ULTfZ52NzHdOVhV9ibp4opGCKNzIuc4qp+1b+znf/G/W/g5pen2WmR+E/BHi+DxPqsJkEWEs
bO5NlBFEF2lTdtbkjgKsRxngV8s+EP8AglH4y+Hnw78FXGkWHhS38e6F4F8YS6pqkNwIZtV8T62E
Eccsyx75LWHzLjDtk/JH8uenDQqRqUouWI5JLT5Lmcb2a2a3d37y6I6KkHGbSp8y3+btfv0flsz3
HRdc/Zw/aO8Yr8PL3wzqFv4u8UtP8UzoWteHtV0nV1eKb+z21Q+bGklvKSgjQbkdoyCqlGBPffDb
9nH4S/E34bx6na+BLuxsPE3hqfw1Na63ZXun6g+lzXEk01rPDcFZk8yV3dt4DsWySeK+IfHv/BI7
4mfDW8+Itr8NvDHw81VtX+EWk/Dzwpr+oaobO+0OWKFrW/kCC3ciSeKedvOWRSNirg7jjnPEH/BG
v466t8efhXaSX/gqT4c/CXVvDKaVe2s1taahLpWm2sQmSRVsvtMlxJPGTva82ASMBFg5HoPD4WS/
d4vlW+rv0XRNa6pJPXRnMqtZP3qN3tovPv8AJv5o+7PBOqfBmP49a14w8L+HNTuvGcfiCP4faxqe
j6RfzxxXVvaxkJc+UphWGGGRE+0SAIhOzeDkV6T8Y/2ePAn7Qlz4an8aeHNL8SSeDtVi1vRzdgsN
PvI/uTKAQNw98j2r84fh1/wTB/aG8J618O/Eur6f8PPE2seC4PF3iu80vUNVkfT9Z8Ta3cTRLHN+
7y1tHZvGS3UkMmACCKkf/BLL44J8BJNM0r4d/B/wr4t8XeKZNS8dXVnqlnO2t2/2aQW4szPpUsOn
wwSSlEgjhdwgP70M7ucqmCw/OpU8UrrS913a7p2stLL7SW12XHEVOVqVHfW1vR9rXv8Alfsj7Ruf
hL+zf+y5448I/D7/AIR3QfDmtfFTxY/iXRNMt7S5k/tjWbFVujdMyBlRogquDKyoCBjmtnUv2Qfg
p+0rD441LXfhrBeSeMNZi/t99a0y5sp9VutML29vcAS7XKIu4RSx4V0bcpZWBPxR8CP+CRXxR/Zy
/wCGfb9NA8BePtT+GHgvXbW6/tbVTEum69e3DXUE8Ia3kEsULbI0A8sp8zgg8GFv+CQfxptvhXoP
hS6X4beNLfWPhuvhO7l8R30zxeA9WnuZrnUNVsoRA4uJpZJyVkVoX3RLlttXKjQUrwxbv3vvaT1S
vdaRi7N+l3ZEqpUtaVDTtbbReXdtaL16n6Cj9jj4YR/Em28XJ4R06LxLbCzBvo5ZUkuTaKFtXnAc
LO8QVQjyh2XaMHgV9Y/CE5+Htif9qb/0c9fkP4e/4JhfES4+J8uueILbwpq14vxQ8LXlrrFzcibU
bTwv4ftohC8chQvHc3M8IMkSsBiaXLHJz+u/weOfh3Yf703/AKOevf4LjGOa2VX2n7qXy96npu/T
pseZxA28Gm4cvvr56SOmor420H/gryvxR/bG1X4afDj4OfET4h+EvCHieLwd4u8faZ5C6T4e1R3V
JIjG7eZMkBdfOdBiMZOCME974Y/4K3fs5+M/BeoeIdK+KWjX+k6bdQ2M00NrdMz3Mss0UdtGnlb5
Z2e3mxFGrPtQtt24Y/rR8UfRlFeE67/wU2+Avh/SfDN7L8TvD13D4wt5LvSRp5lv5LiCJxHLK0cC
O8Ucch2O0gVUYFWKkEDqfDX7ZHwz8Z/HK9+G+k+LbHU/GWmu8V1ZWsUsscEyRiR4GnVDCJ1jO5od
/mAclQKAPTaKKKACvgD/AJ2mv+7Vf/dur7/r4A/52mv+7Vf/AHbqAPv+iiigAooooAKKKKACiiig
AooooAKKKKACiiigAooooAKKKKACiiigAr88/wDg4Y/5F39jr/s6HwV/6Df1+hlfnn/wcMf8i7+x
1/2dD4K/9Bv65sb/ALvU/wAL/I1o/wASPqjxr9un/gp747/ZZ/bQtfhJ4d8HaN4ovvGngmO/8EwE
Src6n4gk1IWv2eZxIES1jh3Tu2AwWNzuGK4rwn/wV0+M/jb4n6hqGk/CPw7qfwn8F+Jrnwh4p1Rd
ZgttSW5skJvbu2iluASilXZLfy3ldFB3ZOB9UftIa/8AD74a/F/4b+JdX8D/APCX/EzUL+TQPCX9
nWdtNrFussTvdSRvNJGIreOFXaVy4AXjksFPzn4M/a7/AGMvEP7by22h+A9NufiPrWvT6Eni638A
yGzvNVYvDPEL4Q7WlbLq8n3WUtlypJr8CwdShPDpxwrk1F3er1u03o1ZWWj782jtp+l141I1bOso
3ei0Xy1Tv6drbHnnxu/4KNftO/EH9ljwv4y8DJ8G/Bw+MV9oNl4Ojt7+XVde0dtTvljtxeRyxm2b
zIknLNsxGY5FAZl3Ls+If+Cz3xC0D4l2+l2/hbwLqWjeEviBpPwq8UyPeXEOp65rlx8t3LpluMiO
2hdJGUzkmRR/Dg19KR/sofss6R8J/EekR+CvgxaeC/7Tgn1uGO1sYrCK9jJWHzyMKkiGVlQMQR5p
AA3HOto/wU/Zxi+JuqePrDw78IB4t0eMHUNcggsftlgpUwh5Zh80ZKq0e9iDhSueCKP7Sy7laeHb
Sbtpbflsm7t7aeV72u9D6ribpqqul9e172Vv622Rx/8AwTi/bA+KP7b8Gq+PNQ0PwHpXwdvL3VbP
wzc2lxdtruofZr9reGWaJx5McZjilJKszMxXCoAQfqrd71wPwr074efBTSIPh74P/wCEU8O2vh22
a4j8P6fLDCdPgZjI0nkKcohZy24gAls966Dwn8RNB8fRSyaFrmj60kCo0jWF5HciMONyElGOAw5G
eo6V4GOrwqVZTow5YdF5dL+b/wCGPSw8HGCjOV5dfXrY8G/a3/aP8QD9q34SfAnwbezaRq/j77Vr
2v6xEqGbS9EslzIsG8MvnTylIgxVtil2wDtI8e8AftXeLPjH8UPilfal+0F4e+GOieAfHNz4Q0Pw
pFp2nXOoamliwWZrz7UrTvJcbZCggMe1ctk4IHWfttfFH4VfCv8A4KAfAvVfEmnfFdPieEutP8Mz
+GNGN1Ya3BcgpPYXLsjK6pgTMqFXiG1ywU81fEHxB/ZSl17wt8Vbn4ZaFfeL/ix4uuvAlhfJ4Vhl
1q91IS3Flc+YcblUeRKrzFvuEZOGr3cPyRoU37Fvmjvyp3lzSb+K6s4q1+lnpuedVbdSXvpWe12t
LLt5vbrdeR8rfBr/AIKlfGvwV8KfB3xC8aXl74ktL3wx4l+K2raUGhtBHpsl9FpuiacrrGFWEzMJ
CzZYIzsS23A9f1z/AIKi/tNeD9L0fw/rvwj+HmlfEDxp410fw54XH9tC7067t7y3uJ55J0t7iSaL
yEhX96cLIsm5UwCK9Gi/ab+A/wDwyj8VfGY+CusS6L8Ho5vhr4s8Lt4fsJdQs9NsGV3tvJM5gksY
45jOMSlSgYgFgFr2v9nr9mD4I2fgLwZ4n8BfDfwfommuI/E+hyWujRWktvJc2oUXAAUFZTA4Qk/M
F+XpxXRi8fhI3nVwttWlpp/MlpJLS+ujvG1tjKhh6ztGFa+i/wAm9U+3dWfqfEXg3/gqP+0j+0l8
Y/gr4M8LWvw08L6t4o8ZeKrDVZzb3F1p+q6bomxDKvmEyxxSu0qfJiQvEpyilhX6llsKSWAwOT6V
4Z8Uf2IPhNqPgjTGGhaD4JuPBRuL3QfEen2NlFe+E5ZZfPmubWS4ikiidpBvZnRgTyRnmuV8Lfs5
eG9Z0JLvxd8f/GXxc8B+Ig2lvo/ie+8Pz6FrDvkLGTa2EDSOGUkKsvJXkHBFeZjcRhMSoyoR9mo3
TXK23dtrVaPSySbW3Y68PTrUW1UfM3bW+i0S29bvRM+Y/Cf7d/xe+GX7Evg34++OviPeXHg3Wfiw
tvqH2jRdOUW/g83VxaRkrDbI5ldljcup3EbNu0Fg3U/Fj9sf423P/BPa8+N9leXvhvXvG3j7RW+H
vheSxtyx0W41C2tYLW4XYXeW7heWZ8uSu9AhTbivfPid8M/2cf2ff2KfENvd+DfAD/CSOGbxFJod
nbWj2WtSwR+ePIjZlimnbyF2DdyUXkAVf+E2heEv27PC/wAKvjRa3vi6Dwsmlxaz4a8K30dnFYaf
cujLDfyQojs13EjsqAzvFHncqbwHrtlmGGf+0ewSipvVxSTS1ULLq9m+y82jBYar/C9pd8vd77OV
+y6Lue2eDPiR4e+I8OoSeHte0XXk0i+l0y+bTr2K6FldxYEtvKY2OyVCRuRsMuRkCtrd71578K/h
t4O/ZK+D9loWnSWWh6FpzZmvL6aOJ725mk/eXFxKdqvPPM5ZmOCzvwOQK39G+KXhvxHPaRaf4h0K
/l1BpVtUt7+KVrkxHEoQKx3FD97GdvfFfM1GuZukm49HY9aN7JTtc+Yv+CjX7f3jv9lHx14bsPCO
ieE5/D0zwRa94g1kXd7baZc3E8cNrZSRWW6a1aXfuWeZDGcqAGOa4X4Sf8FaviB8WPFuu+PY/h1p
Wnfs4aONeifX7q/iTWIm0u3ndpmiM+SJJIGTyVh3Irq5cjNfQXiL4Ofs6fGX4l3vxD1TQvhH4n8V
eFjFPe69PHY3dzphg5ikmlOTGYtnys5BTZwRiptJ/Y1/Z/8AHmueKde034efDLVNQ8SfadN1++st
OtZHvTLj7TDO8Y5Z+PMB5bPzZzXuU8bgIUFCrRbklZu3f5rXs3p/d1PPnQxMqjlCorX0X9LbuvxP
k7Rf+CvPxh+Fnw2+EvxD+L/hT4Z6N4H+L2lXV5o8GhT31xqrzjTnu7SBxLtRJLiTyo1RfM5b74JG
Ojt/+Cgv7UUvxV/4Q+1+EngDXtV8CNo0Hj/7Hq62qJdaisVx9nszPdKUEVvcRKJXEiyzLIqqMAV9
eeMf2afhx4w8NeFNO13wb4Yv9J+H00F34ft7uyjeDQ3t0CxSQAjEZjVQAR0AFfL8v7VH7KHxw8Vf
D34yf8IboHiXxL4j8cReCdP8QSaVZnUdHv4BdPDcXLvIGjhQWcjRy5ZgNjKMcjpo4vC1k50sLe17
6NpO7cftL7N09d0mtjKpRrU7RnW7evRPo+traeXU9g/ZD/aE+J/7RHxM8dahqmh+CbD4U6Lr+s6D
oGoWt1ctrGpyWN6tpvkiYGJYt8N4C6vliI8IoBLfQm73rgvCGufD34Q/DrSI9G1HwnoHhbUJ3bTG
gvIILK7muJXmYxNu2u8kjyP8pJZmY85rt95r57F14yqOUIcsdkvTv59/M9OjBqKUnd/1+HY+ef2z
/jlr3gT4+/BLwno+ovpOma9f6r4g8TXiuFMOj6VZiacHIPyvLNboe/zjkda+XtZ/4KvfG/S/gj4n
1bxJ4R8DafLqHwfi+IWgzaHcXTXNjPf3v2TTYbhZsqHk8xW2oTtaJ/mIOB94/Ffwv4AvLu31Hxrb
+Gln1KzuPC9vcaq8UZuIL3YZ7FGcjcJvIQmNeW8ocHbWBdfDT4N6pc6bpE2m+A55te0vT7TT7Nmt
2fULDT5TcWSRJnMkMEhMiBQVU816mEzDCwpwVWjzW3dt7Sbf4O3y9Tjr4arKcnCpa/8Akkvx/M/P
HxN/wUO/aY+Cnhj9ozxTrWv+FNY8H/CC103wTZ6eLMnUbjxHc2tqpmilVQzstxcgv5hKY4ROM132
g/8ABaHxXov7Ufg7wm2neF9c+GV5fan4fv8AXmS8i1T7Ro2nfaNUuAz7UkWKRWzsiKEEYkJJA+qd
e/Z4/Zr8TfFzxDeaj4b+E15431WZbrWzKtm2oXEluyXAedc7yUMMcpLDjywx6Zrmfil+zr+zT8Kt
P13x9D8J/h/r2t39rJeXf9jWOnDUtStdVf7HPOGkkjVoplmkDMXCupkA3E7T6SzLL6iUZ4d8zVlZ
JK7iknv/ADJu/W+qOR4TEw1jVVk76tvZtvp20t5Hxx+zd/wVp+J3iDQ/D+peJvFfh3Rnm8D+Ifij
qF74mR4tLsbS41drDR7ORLZfMkQIpKpHmV2ZBuYmvSvFP/BTz9pT4c/DnTrfxF4L+F9p8RvEFjf+
KtN0eO01JhH4ctIUZr26XzdsEjO/3JJ1ZBgFS5Kj6o1/9kL9nXxZHceHNR8D/DG++z2Fvos+nS21
szRWlkBNDbNH1CQiRZApGFDq3cGsab9iP9lTUfhvp19L8PPg1deE9MaZbO7ksrKSxgacqsgWQ5TL
Mqjr1UY5FKebZbOfN9XaTe3Kut2ktV1e3VJWtrdxweKjG3tVt39L9H0/Fnyx4N/4KsfGvxx8ZYfF
99b+EfCnws8GfBW1+JPjHQpYGublpruOWWCOGbAkEzLGrIuQgSQhwz4qa6/4LFfEHwN4Ui07StF8
Nazf/DLT/Cg8fSeIryWPUNa1LXRE62WkxxABmjWRzvl4ITAU4LH6D/ZX8Lfs7f8ABSz4D6P8XdL+
Eejf2d4j0ybwzENd0W1jv/sFpO9t9lcRPIvkgw/KocjbtHHQexa9+x78JNc+Jun+OtT+G/gW78W6
KkP2TWrnRrd7y0EAAiZZWXcDGANjZygHBFTXzLL6dV0quHs46NaKzT1T1u7+8rvVaPWw6eFxMoKc
Kt09b+T+WnR29drnzv8ACb/gpF8QPiz+1b4e0aw0XwLN8MvFHj/X/BenXCTXQ1ueHSrCSaa9wf3A
jFxCydcsJEAVSCx+2t3vXjfw6+HnwQ8Fab4a1zwvZ/Dyxs9Evb+HQr+xltxFbXV4S94kEitjzZdh
LhTubac9K768+LfhfTvC9nrlx4l8PwaLqDKlrqEmowpa3LMSFCSltrEkHABOcV4mPrUqk4/V6bik
rbat3f42tfzuehhoTjF+1km3r+C/C5x37dPxz1v9mb9jz4kfEPw5ZadqWteC9BudYtrW/Dm2mMKb
2DhGVsbQ3Rga+O9U/wCCv/xb8aw6FffDz4deE9e0n4q6uNE+G815eNbPqTWdm8uq3k++VFaJJ1MU
ESsjS7HbdgLu+3/iP42+HviPQNV8MeK9a8I3Onaukmkahpuo30Gy5Ekah7eSN25LJKmUIyRIvHzD
PAfEH4Nfs5av8O9M+G/ijRPhLN4b8GSqtjoGoiy8nRZPKeQeXE5zC5i3txglNx6Zrqy/FYanTtXo
ubu3ez2sul1e0kuuza6prHFUqs5Xp1FFW/G/o+l/nZnh3hH/AIKE/H74qReGfCemfD/4V+D/AImp
4Xl8VeJ4/E3icz6Rb241CaxgjtZLMyb2leByxZyIdyht7HFcDoH/AAUc/aE8F+MvEM2pw/DvxVa/
Ej4oXnw4+G+mu8ljb6RcWcskU1xc3Cpukth5MvBDTPIMLsXAr3v4k3v7L/hv9oL4VeCdU8G+Arnx
bY6BJrPgMw6XZ+TZWltKhjjtJCVVC0pDRIvBZWIwQTVrwv8AA79mr42fCqx8Ra/8L/h3okPxZvl1
2TT/ABDZaat3qOoAy4kby5JI5LgebKd0Ujn963PzGvQWLwkI808PaMvLzb0vK9tOnROLetzmdGtJ
2VXVefkt7K19fxT8j53+G/8AwV3+O/7QfinwL4C8BeAPhpN8QNa1fxXpuqX2p3t8nh6a20byYk1G
1kjBmEEs8rJtZXJaIrld29f2S+CIlHwv0sTtG04EvmGMEIW818kAkkDPqTXyH4Q8H/B34cfELRbT
QrP4faJ4o0DT38M6Va2Rtbe7sLVilw1lFEpDIp2pIUUc4DY719f/AAZJPw308/7U3/o56+n4IxdC
rnDWHpciVKfq7zg/uSskePxDRqQwS9pPmfOvl7r/AFPnr4Kf8Eyb39l39oPxX4m+GPxY8S+FPA/x
D8Wy+N/FXg6XSbG/i1DUpmVrgwXcqedbQzbEDoNxwDsZCQRzPwg/4I6W3wM/Y9+HPw08O/EnVbXx
B8KPG93488O+Jn0iGUR3tw18HimtGcpLF5OoXEeA6tnawZSMV8e/s+f8FZPDX7Lnxu/bp+H3iXxX
46vfilqPxD8SX3gLQ7DSrzU7uWKGxYxpZu8MtpERJC5SOUhCyjKkHB8o+C//AAVU/aR+Knw/+NGp
fDv4m634xtfhx4G0H4qWcGsrZ318Fgvc6vpEtxFpNgp3WolV41gk2SQgRzEljX6+fDn2L8TP+DbD
wB4/8J+EdNh8c6zYX3h+9v8AVbzXhp6rrU99fXn2u6uLW4hliFrmQ4SNkmjQKuEJLl/ZfhV/wSD0
L4Xf8FINR/aNg8Zap/bGoLeedpdlZJYRakbiIRf6c0b+Xc+WoBVvJSQsqM7yMCT8E/Gj9uj9qzwx
8Ivg5441/wCJ2qfDz4efH2/8ReMf7efTYY4/BmnzJC/h7Rri6TS9QESeS3mszW5aYyMnmqE3175/
wTZ/aO+P/wC1f+3pY2PjD4smPwv4S+Gnh7xJquj6P4eWDTPFV7dC+t5Jla7toby3RykU+zYh3BVw
q5DAH6eUUUUAFfAH/O01/wB2q/8Au3V9/wBfAH/O01/3ar/7t1AH3/RRRQAUUUUAFFFFABRRRQAU
UUUAFFFFABRRRQAUUUUAFFFFABRRRQAV+ef/AAcMnHhz9jo/9XQ+C/8A0G/r9DK/PP8A4OGv+Rc/
Y7/7Oh8F/wDoF/XNjn/s9T/C/wAjWh/Ej6o4bVfhR4wb/gslb+N7nRr+88GH4RyaLouqlTLY6Vqn
9p+bPG6j/VySw+Ud3G5YyuTjjxjw9/wSG+JupfEbxVrR8c+FfhLYeI9D1nTb7R/h9JqbaXr95f20
sS6hPa3U3lW0kUknmgQAksPvj7xqf8FP/wDgqT8UP2Sv2pfFvhPwlq3wx0jQ/CXwui8eqvibT557
jWbv+0ntTYQvHcxBXkTbs+VjkHjByvM61/wWx8cQ/teeDtB0r/hFNR8I+IPH9j4C1TSLnR2s9T0e
eeKEysszX5lmaOSQgv8AYlhIAUSFq/n/AAmHzd0YVcOopShbvpFX6pq7UvS+ujP0mtVwXtHCrdtS
/F6dNbaf0jY+HH/BBxdG8DW+l6mvhmzk1PX9AbxFHDruq6vBqei6bcNdPbAXmQrSyrCFj2BUXf8A
O2QK9N+LX/BIG2+Jv7dtj45tdW0rw38Jzp2kS6t4T0q1+ztq+o6XNcPZpIiqIvsg89XZOSzQIMYO
R5D+z/8A8FNvj18Uv2LvCnxK8Q678LtCvfiX4lk8P+F4bPw68xja1OqNdfaftepWluhdLOMoxuVA
CONru6qNHW/+Covx2+IX7Ovgfxh4FsvhhYahdfCrXviH4ii1m1u54JDpN7BbyR2nkzfL5odyodmA
3D5zt50q/wBtutJSqxvdwersnbXdf3LJq9nEiDwHs1aDtZSWnT5f4rtdUzH+H/8AwQp8dfCbwz43
bTfFuga3451LSNZ0zRvF2qa5q4nkbU90U009pl4IJFgkkG6PzC7ojfKckfVv7PNv4P8A2A/hN4f+
GWk+BfGVzc+GNIsNP1HVdA8EXUsGtXEVrGjXLTQxbZnYgksSSDkHkGvl7xr/AMFbvjb8M9A8cab4
g0j4ZxeI7bUvCI0i/so5zpmk2WuxyyZuvtNzAJHhEO3e0sEbPIuSq1oWv7b/AMcPGnxZ+A9pqHjf
wD4J/tPxH4l0LWylraahp/iIWdrFc2r7bfUZUt5pIZAiwC5do5ssS64Qxi6WZ4qNsbOLjq9HvaHP
fRPS2ySsm9kiqNTCUX/s8Wnotu8rdWtb9eqR7V44/ZP+Ivx4/wCCl/wo+OdxceGLf4cfD7Rrq30v
Rb17yDWY5b22KzXMkDQ7ElBYJ5ZcEKgJO7K1U/Z1/YS8Q/syftBfEz4peLdUtvGGiafe65qfgDw3
pNlJPcaOup3j31421lGbuVvLhUx8BAw3YY18reCv+C4vx18X/C3xD49fwx8NbTw7e+HPEl/pljLe
20WqeH7/AE2O4kggmtzqDXV2rJbnzcW0BQtkfIAzei/FT/gpd8d/g38Efhr4m8Sal8KLI+JvDqeL
NVuNP0t797a3uTALO3+wy6hb3IQhpvMuIBcYYKBEO6q4DNYcuGk4JNclk7uycm1onrdtNrV3srpj
jisG71UpN35r272V/TZrtbujp/CHwC+I3hj9lD4kaP4j8JXN18Uf2rvEk+pa3pttp5v9H8GWd81t
Zyw3FwGEbG2sQ8mSw8yUFVDADP2l+zz8Grf9nX4JeGvA1nrWv+IbPwvZLYQahrd0Lm/njUnb5kgV
Q20YUYAwqqO1fN3/AAVT+M3xJ+EPjD9n0+BfiDoPgHS/FXjtdC1qfVtK+2W0wks55YvNJmixCPJc
NGGVnZoyJFCFX4j4W/8ABTb4geIP2ztB8J6hJ4D1bw34p8ea/wCBk8PaZazJ4h0BNMRymp3MhnZW
im8suU8pQqSxkOxyK86vTxmNwqrRceV802lfTluraq2kY6avTd3aOqnUoYes4NO6tG+nXXv1b109
Fa59YftjfCbxH8ev2XvHHg3wlrlp4c8SeItLks9P1K5h86G1kbHLDBwCAV3AErncASAK+IvgF/wR
Q8X/AA+0K70vxHrPhDV9I1D4peH/AB3cadc3t3qsUlpY20kV1byPcQjzZJWcY3KFIGDtACjpf+Ck
P7Utz8Iv2020PVvjxqHwV8L2Hwpu/E1hJDJY7L/WI79o4kMNzDIbomPP7iPDuE471zXhvxh8WvjL
8Ff2U/HmtfFr4l+E9b+Out2Wl+IdM0k6fbWMFu2jX9wJrWKS0donmazglO5nX99JhVBUL05fDHYf
BJ06kYwqa6p3uk5b210i9m7Ptza44meHq13zQblHTdd7d/P5/Ix7r/ght4+0rwzHbadrnw11DyYv
Gml2umapb3LafpNprkm+3uLXbGfLuYB8pUIFwThuOfuj9hb4C6n+yx+x78OfhzrN5Y6jqng3Q7fS
7q5sy5t53jXBZN4Vtp9wDXyr8K/2/V+HXxI/av8ABvjH4z+FtM8Q+CNR+y+B4fFmoWyTokejpL5v
2eMLLcJ52XcRoxJ3BR0WuP8A+CUH7ePiz4tftL6d4F8f/Eq/8d+LtU0C71mabw7r+ha54Uuo45EU
PstLeK706Vd6hYpSQ2TnkjF5jDNcVhZuvJOMLT2ab5k5XWmqXM7+flqLCzwdGrH2ad5XjvtZpa69
bKx9k/8ABQT9mbUf2wv2W9Y8A6ZdaXaXOqahpl0z6iGa2aK21C3uZEYKrE7khZQMYJYZwMmvGPDH
/BK2PwH8X7fxT4es/AWgz2Pxck8cWk1jpwguLXR30ZrI2CFIxgm4YymIEREEnO44rwP4oft2fHb9
nr9tH4w6jo+r+Gte+GOlfFfwx4TvNJ1z7XcX1lDqFlahhYFZFigQFncgg5d844IO38Nv+Cw/xP8A
FHijxp4m1zSPB3h34caJH4ntWtLhIX1rw/caXHI1u80C35uroyGFzLElpFsBBDlcvSoYDNKOGUaE
4uDV9+s4xbjbq7Wsvu1dgqYrB1Kt6kXzJ2/8BbV/S/8AWhz8/wDwSF+KPwW+EPxv1671Wx8aeIvF
nwl1vwmLXTr68u7rWb+eSKaGWOCSNIrdWEbqIIuELAAvyR9l/sYfsl638Cvin8SvG+vN4X0y9+IR
02CPQfDUMkel6dDYwPEk3zqhaeXzCXwoChEUFsZr4Ytv+C5Xxb8OReMNBvoPh9q+pR6n4U0/RvEn
9nra6fpEWstLvutQgt9Ruk8uFY1wq3CMGdd4XO0afgL/AIKP/GHwR4TutA0zxH4e8YeI/FvxX8Xa
ZD4tvY459DtbbToIJI7S0iudSgSNJWcmNDdsEjSXaJCAK7cdhM3r0pQrygr9e8bRl20SST/m6JWM
KGIwVOalTT0/B3a+bd35dT9WJQJo2R1V0cFWVhkMD2Nfn58Ov+CPWveE/hv4G8DanL8OdY8MeCfi
63j15Hs5PN1zTXXUN1rcQNE0fmo14iou5kKo3K8Cn/s9ft8fHn46/tI6B4cvR8JfC2g6F4E0vxj4
33eZqTjdd3VveR2VzbXEkBUi33KSXCcgljnH3F8Mvih4f+M3gHSvFPhbVrXXPD2twC5sL+2YtDdR
kkB1J6jINfN1KmNyq9NNe9Zu2qTs7a7Xs3bXVanqJUMZaVnpffTtfT1SPz7+NH/BEjxZ47+GPg7R
dI8Y6fp8Xhh/E9g2j215JYad/Z+q6vNfRCJxbTFGjheOJoxEAwUBXUIN36BfCDwVN8MvhP4X8Nz3
s2pTeH9JtdNku5XZ5LpoYVjMjFuSWK5yeea39w9aNw9a4sbneJxUI06zuk29urd3+J0UMDSoycqa
1aS+7Q+av+CnX7EGrft3eBvhdomm3mg2sHgr4jaV4v1OLVkd4b6ytYrlJbdVVGDO4nAAYBSAcmvH
Pib/AMEc9X1z9u62+Jmh+Lvs/hGXWtE1j+xFu2sF0IaYIljt7aJLeRZIiIgVUSQBN7jDA198bh60
bh61phuIcXh6apUpWSTW38zTf4pEVsuo1JOc1q2n92h+cvh//gmx44+Gvxs+EHhm6tdC1Xw5p6+O
bO88YaZZSNqcsWqWc3k3Gpu+AZi85QAMwYoTuGcDQvP+CVXxb8ZfCfUdC8Q+J/h0b1fhv4c+H2my
adHexxKmkauLwTTb1YlpIR/CAA527cDef0K3D1o3D1rolxTjG1LS6trbqpOV/LV9NNDJZTRSa1t6
+SX5I+LP2lv+CSq/tKfD/wDaC06fV9C0DxF8W/Elpq+keIbfThcX2n2kFppsZs5nIR/LklspNyI5
XbIDycrXi/gD/ghf418Aar4M8Sx+JfCmsax4W8Z3Hii78O+ILq41TQ9aM9pDbNLIy28O2eMRB0xA
wBPLd6/TvcPWjcPWlQ4px9Kn7KEvd9F/Ko/ikvzVmOplOHnLnlHX/g3/ADZ88/8ABKv9j/Xv2DP2
IPCnwv8AEmp6RrGsaBcX8s11phkNtILi9muFC+YqtwsoByByD1HNehfte/Aif9qL9mPxx8PINbuf
Dk/i7SZtOTUoFLPalxwSMjcpxhlyMqWGea9E3D1o3D1rzauaVqmKeMk/fcua/ne+3qdUMNCNFUEv
dSt8rWPz1+Cv/BG/xJ4T0LSbXxVreg+IYh8RdI8X6vYajeSaraXlrZWN3asiq1rCnmSCeIbDHtCw
jLtxjsLD/gmb4o+Ht74e1Dw/B8Ltei8Ma74ylsPDPiKzmbQ7XTtc1QXkBhVIz5VxbRIsW0RlCssq
hlGGP21uHrRuHrXoVOJsbOXNKS9LabNfk2u5zRyuhFWS/q6f5o+Nvid/wTV0nXPgz+0o/iHRvDup
a78Szc32i32i6Os2qaVGuj2ltHDBuXerC4tWdI0cjDKM5Jx826N+wd8VT8F/2YNbv/Bdv4j+KGte
Obrxj4/PiC0Z7S3nl06aGBb/AGh2WKONbeLoxVgeMnFfq3uHrRuHrV4fifFUo8rs/X/Dy29LWb80
iauVUpu+3/D3/wCB6Nn52/s8f8EXPE/7Mes/B2+03xN4R8WS+CdG1zR9ZXVbSW3SEalcLcB9PCiT
aLdt4RXK/eZsqWIGBZ/8EQ/HejfAvTfC6eI/h7rt7qXw2h+HeqvrdrcXNv4e8u4ll/tDTMLkyN5v
KOIvmjRt/GK/THcPWjcPWqfFuYOXO5Jtu+y7t/nJ/wDDB/Y+GS5VF29X2S/JI+D9C/4JB6nofxb1
DxVJqfhTVNTT4geEPE+m6vdwOdUisNItreC6haXyyyyT+Sx2qxRt3zEV+snwWOfhrpx/2pv/AEc9
eF7h617n8FDn4Z6d/vTf+jnr7Tw6zSvjM4l7d35aUkv/AAKmv0PA4owtOjgl7NWvNflJ/qfHui/8
Fe/F/gf9pL9oHQfi38ILL4f/AAw/Z9sE1TWPGNp4pXWbie2uZGOmuLCK3EgNxAkkjKruYiu1uSDV
f9uD/grp8IZ/2cPFFhB4R1v4mQL4j8P+DvFPhLVdG1HRrlLPXHIguHhnthJJBLEshQBNsxXZuG4Z
7D4pf8EeNG+M+tfHu48R/Fv4oX9l+0RpcOkeI9PEOjQwWsFsWFn9mZLASI1vG7xqXd96uTJ5jgML
nxq/4I5fD/43eIPH2rXnijxxpep+PX8Izy3FjPaA6ZP4beV7CWBZLd1JZpmMolDq2BgLzn9xPgDU
h/4Kwfs6/DLxrpHw6XxM+i3NnqVj4QS2TQ7xLHRtRmiT7NpU0qxeVBcBSi+WxHlnCttPFeV/G7/g
uv4ZvfgD4Z8X/BDwn4o+IkvjDxhZ+D9OudS8OavpukvcTTXMUhWcWrm4eNrWQGOAO2WXoTiuhm/4
IP8AwZm/aR1H4pubq68Va5rdv4k1Se/0PQ9RkudRiMbNPFNc2Mk1r5rxh2S3kjVWZjGIycjrfg3/
AMEjPAHwT/Zm+GHws03xB4xudD+FPjoeP9Murme2a7ur0XVzdeVMVhCGHfdOMKqttVfmzkkA1dK/
4KvfByx+MsPw18TeJZPDPj5bS8nmstQ0u8tIJDZQPPeGKSWJcokcUrhmC70Qlc1NB/wVZ+Ds3ws0
7xm174xt/D2v3FrbaDc3Xg/Vbb/hJWuklkgNiJLdTcK8cMr5T7qLvbapBPj/AIT/AODfD4OeFfjM
/jE654xvpZta8Q63Nazx6YrXT63aXFreRTXcdot5LEsdy/lq852EDk856rxn/wAEYvBfxR/Zo8Kf
Cfxh488eeMfCHw/n06bwta61aaJdpoy2ME1vDGY20/yrpTBM0bfaUlyFQjaw3EA+j/2e/wBofwp+
1F8Mrfxd4M1GTUdHnubixcy28ltPbXNvM8E8EsUgV45I5UZSrAdMjIIJ+Nv+dpr/ALtV/wDdur60
/ZL/AGWPDf7G/wAF7PwN4Ujhj0mzuJ7pRDpljpqF5ZC7YgsoIIFGTj5YwTjJLHJPyX/ztNf92q/+
7dQB9/0UUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFfn1/wcC2Y1HT/wBj
K3Zion/am8ERkjqMi/Ga/QWvgD/gvp/zZX/2dV4G/wDb6pnBTi4S2eg1Jppo9i1r/glL8OPEv7UI
+MGppLqXjNfDyeGUku4UntY7RLk3KlYWyolEhJEg+bBxXaX37DfhDU9fGrXNjpFxqqypOLyXSIHu
BIn3H8wjduXsc5HavaaK+VnwPksrc1FuysvfqaLt8Wx6yz7HK9p767R3+48Wk/Yc8IzeGItEey0h
9Ggl86OwOkQG1jk3Ft4jxtDbmJyBnJJ71Nb/ALFfhizsVtYoNOitktZLFYk0uFYxbyMGkhCjjy3I
BZehIyQa9jorP/ULIv8Anx/5PP8A+SL/ANYcw/5+fhH/ACPHbj9i7wzdx3iSxafKuoRR290H0yFh
cxxjEaPn7yqPug5A7VVH7Cvg0aRZ6f8A2fov2DTpvtNrbf2Pb+TbS/8APRExhW/2gAa9soo/1CyL
/nx/5PP/AOSF/rBj/wDn5+Ef8jxS5/YV8G3mpXt7Np+jS3mpI0V3O+jwNLdIwwyyMRlwRwQcgipd
R/Yj8Kaw+mvd2ul3TaOqrYGbSoHNiFxtEWR8gGBjbjGBXs1FP/ULIv8Anw//AAOp/wDJB/rBj/8A
n5+Ef8jyXxJ+yNonjLTGsdYlt9Vs2YObe8sI54iwOQdrZGQehqKx/Y38O6X4in1i2Wyt9WukEc17
FpsSXMyjGFaQfMRwOCewr1+ip/1AyFKyoaf45/8AyQ3xDmF7+0/CP+R4x4l/Yi8J+M9Vt7/WLTSt
WvrRQsFxeaTBPLCAcgKzglRkk8HrWnffsq6Xqcto9zdrcPYS+fbNLZo5t5NpXehP3W2swyMHDEdz
XqlFD4ByHRew2/vz/wDkg/1hzD/n5+Ef8jxC8/YM8E6h4jfWLjS9Cn1eR/Ma+k0W3a5ZsY3GQjcT
jjOelXPDH7FnhjwRNcS6LBp2kSXRzM9lpcNu0x9WKY3fjXsdFU+Asias6Dt/jqf/ACQv9YMendVP
wj/keOXn7FvhnUJLl7iHTp3vLiO8uGk0yFjPPGAI5Xz951AG1jyMDBFI37FXhd/EU+sGDTTq11GY
Zr06XD9plQjBRpPvFSOME4xXslFL/ULIv+fH/k8//kh/6w5h/wA/Pwj/AJHiFj+wZ4J0ywu7S20v
Qre21CJYLqGLRbdI7mNTlUdQMMoJJAOQCakm/YY8HXPh6TSJLDRpNKmm+0vZNo8Bt3l/56GPG0tw
Pmxmva682/a++JOrfCH9nLxN4j0OaODVdMiha3kkjWRVLTxocq3B+Vj1reh4e5LWqxpRo6yaS9+p
u9F9oxr8S46lSlUlU0im3pHZa9jH039jHw3ozs1pHYWrParYsYdMhjLW65xCcf8ALMZOF6DJ4q5o
v7Kml+G9KgsNOu0sLK1XZDb21mkUUS+iquAB7AV8Jf8ADzv4wf8AQc0//wAFcH/xNffn7JHxG1X4
t/s6+GPEWtzR3Gq6nBI9xIkYjVis0iAhRwOFHSvZznwbyzLqUauJoJqTtpOo9bebR4+U+IlbMKjp
YepJNK+sYrS/zIv+GcIP+gtP/wB+F/xo/wCGcIP+gtP/AN+F/wAa3fj18d/Cn7Mfwg17x7451X+w
/Cfhm3F1qV99mmufs0ZZUDeXCjyN8zKMKpPPSuP8K/t4fCvxL4Xl1q88S3Hg7TI7wWCzeNtGv/CH
2mcxNLshGqw2zTERo7ExhgArZxg185/xD3h//oH/APJp/wDyR7/+seY/8/fwX+Rp/wDDOEH/AEFp
/wDvwv8AjR/wzhB/0Fp/+/C/41c8S/tXfC3wZ8P9G8Wax8SvAGleFvEZC6TrN54htINP1QkEgQTv
II5SQCRsY5xVdv2x/hEviZ9FPxV+HA1mO7Fg1gfE1l9qW5LxIIDH5m4Sb54V2Y3ZmjGMsuT/AIh7
w/8A9A//AJNP/wCSD/WPMf8An7+C/wAiP/hnCD/oLT/9+F/xo/4Zwg/6C0//AH4X/Grnif8Aav8A
hb4Jl1GPWviV4A0h9HvW06/W98Q2lubK6WA3DQSh5BslEIMpRsMEBbG0ZrkPH/8AwUi+Bvwz+IVn
4S1f4meFYfEuqeF38ZabYC9QnVdLU8TW8ufKlZ8EpGrl3VWZVKqzA/4h7w//ANA//k0//kg/1jzH
/n7+C/yOj/4Zwg/6C0//AH4X/Gj/AIZwg/6C0/8A34X/ABqDwN+2p8LfHfgnwVr0fjnwxplt8RIh
N4dg1PVLe0udXBJGII3fMrZB4TdWpa/tXfC6++Io8Hw/ErwDN4ta9l00aIniG0bUTdRANLb/AGcS
eZ5qBlLJt3KGGQM0f8Q94f8A+gf/AMmn/wDJB/rHmP8Az9/Bf5FL/hnCD/oLT/8Afhf8aP8AhnCD
/oLT/wDfhf8AGtT4tftNfDf4B3VrB47+IPgjwXPfRPPbR69rtrpr3Easqs6CZ1LKrOgJHALKOpFL
q37THw40Dx/pfhO/+IHgmy8U65GkunaNPrtrFqF+j/caGBnEkgbsVUg9qP8AiHvD/wD0D/8Ak0//
AJIP9Y8x/wCfv4L/ACMr/hnCD/oLT/8Afhf8aP8AhnCD/oLT/wDfhf8AGm6v+2v8GtAbVVv/AIt/
DKybQvMGpC48U2MR0/ZMIH87dKPL2zMIzuxhyFPJxWhe/tVfC/TfB+k+Irn4keAoNA1+3nvNM1OT
xBaJZ6jBAMzSwymTZIkY5dlJCjqRR/xD3h//AKB//Jp//JB/rHmP/P38F/kUf+GcIP8AoLT/APfh
f8aP+GcIP+gtP/34X/Gui0745eCtYutZt7Txh4Wup/DlrHe6tHDqsEj6XBJH5kc04D5ijaP51Z8A
ryCRzXnHxN/4KV/AL4P6D4L1fxB8XPA9ro3xD1V9E8P6nDqSXdhqF2gzIn2iHfFGqcB5JGVEJUMw
LAE/4h7w/wD9A/8A5NP/AOSD/WPMf+fv4L/I6X/hnCD/AKC0/wD34X/Gj/hnCD/oLT/9+F/xrdv/
ANoDwHpfjq+8L3Xjbwjb+JtLsm1K80iXWLdL+0tVUs1xJCX3pEFBJdgFAGc4rmrj9ub4J2nhJtfm
+MXwsi0JJ4rZtSfxXYLaCWWPzY4zKZdm94yHVc5ZeRkc0f8AEPeH/wDoH/8AJp//ACQf6x5j/wA/
fwX+RY/4Zwg/6C0//fhf8a7jwb4ZXwf4bt9OSZp1ty53su0tudm6f8Cq7p2o2+safBd2k8N1a3Ua
zQzQuHjmRhlWVhwVIIII4INTV6eVcK5XltZ4jBUuWTXLfmk9G07atrdI5cZm2LxUFTrzuk77Lf5L
zCiiivoDzgooooAKKKKACvgD/naa/wC7Vf8A3bq+/wCvgD/naa/7tV/926gD7/ooooAKKKKACiii
gAooooAKKKKACiiigAooooAKKKKACiiigAooooAK+AP+C+n/ADZX/wBnVeBv/b6vv+vgD/gvp/zZ
X/2dV4G/9vqAPv8AooooAKKKyNc+IGg+GL0W2p63pGn3LIJBFc3kcLlSSA2GIOCQefY1M5xirydh
SklqzXornP8AhcfhH/oavDn/AIM4f/iqP+Fx+Ef+hq8Of+DOH/4qs/rNL+dfeifaw7o6Oiuc/wCF
x+Ef+hq8Of8Agzh/+Ko/4XH4R/6Grw5/4M4f/iqPrNL+dfeg9rDujo6K5z/hcfhH/oavDn/gzh/+
Ko/4XH4R/wChq8Of+DOH/wCKo+s0v5196D2sO6OjornP+Fx+Ef8AoavDn/gzh/8AiqP+Fx+Ef+hq
8Of+DOH/AOKo+s0v5196D2sO6OjornP+Fx+Ef+hq8Of+DOH/AOKo/wCFx+Ef+hq8Of8Agzh/+Ko+
s0v5196D2sO6OjornP8AhcfhH/oavDn/AIM4f/iqP+Fx+Ef+hq8Of+DOH/4qj6zS/nX3oPaw7o6O
vj//AIKY/tJan4R8Hav4AvvCE6WXiWCJrDXFvd0EoSVJHXZ5fDrswV3dGU9DX07/AMLj8I/9DV4c
/wDBnD/8VXO/FO/+Gnxn8E3nh7xFrnhi/wBNvVwynU4Q8TfwyI27Kup5DD/GvRynM8HhsVCtXSlF
NO17P1WvTs9GefmlOeIw06NCooyatfRr0fr3WqPyAr9Av+Cbn7TWseLvCOheANN8FXM9j4dicajr
rX4S3t1aR5F+Ty+XO7AQNk4J4UEjxS4/4J/Wn/C9zpEXjrw2PAxX7QNZfVLZrgR5GYTGGH77JxnA
THzf7FfdPwu1D4a/BrwVZ+H/AA9rnhew02yXCoupQlpG7u7Fss7dSx5Nff8AF/FWU4rCwpUpKpJ6
rWyj62a18unXz+F4UyXG4bFSq1ZckVo9m5el+nn93lyP/BSz9lvWP21/2FfiR8K9Av8ATNM1nxpp
i2Vrdag0i2sLCaOTMhjVnAwhHygnmvlbUf8Agjd4i+LfhX4c6D428PfCeDw74S+JVp4w1nRRr2t+
KLLXbCKynt5IHGqrId5aVMR8RkKSeev3x/wuPwj/ANDV4c/8GcP/AMVR/wALj8I/9DV4c/8ABnD/
APFV+X/WaX86+9H6V7WHdHwh8KP+CO/iL4JWfwxJ0f4R/E3TPAGj+KtAi8I+KPOi0TT4tV1xtRtr
uzJtLgRzRW+y2kQwAMg2rIoX5uE+IP8AwRdX4Rfspftk+KNT8N+FNf8AiV8RJNQ8R+Cb7wfoEl3r
mi+Va281nY2mYxOCL20jdYomI4XkkV+lX/C4/CP/AENXhz/wZw//ABVH/C4/CP8A0NXhz/wZw/8A
xVH1ml/OvvQe1h3R+Zvw9/Yl+IcnwE/ZC1HxX8NdN8efEnxX451X4g/Ey28RWMlvYLqOoaDqbA6k
Vtrj7MITJa2yhoSFkhiQAEgjW8B/8EJvFvws0vwhFb6j8OPFl1p/wg8RfDa+n1SKa2bSLrU9Rkv4
LuwxBMWitPNa2jRjEwh6MuSlfo5/wuPwj/0NXhz/AMGcP/xVH/C4/CP/AENXhz/wZw//ABVH1ml/
OvvQe1h3R+RWvf8ABtJ8RNX+CNl4Un8V/CzV7+8+F2k/D2TVdTtLqafwhcWWqNetf6WfLy/moShQ
mAhm3byAVbudT/4N3NfuPjG/j1Na+H9x4zi/aC0v4o2/iO4t5v7X/wCEftUTztNacRF/NklQSbA3
lFuS2a/Tz/hcfhH/AKGrw5/4M4f/AIqj/hcfhH/oavDn/gzh/wDiqPrNL+dfeg9rDuj4I/4Kofsi
+NP2nP8AgpH8IhoPw58PeM9GHw18XaRcX/iqxnl8OaRdXX2VIXuJEt5gJQN7JGdjPtYB15YeXfFv
/g38+Kvjzxr4Slk8eeBdfsPBFv4Fg0HUr2OfTtR0gaDHDHeblggf7W115bMjzzfudxULzuH6kf8A
C4/CP/Q1eHP/AAZw/wDxVH/C4/CP/Q1eHP8AwZw//FUfWaX86+9B7WHdH59X/wDwQ31PTPg142i0
q3+Fj/ETxp8WbrxhqetSWAgu9Y8OTah9qOjSagbWW4t2I24dEcIy5XrmqHhn/ggpc6r4O8H+HPF1
t8ONX8KeFvEHjzWrfw9ePc6zZ2Ca7Ao0+KN7mEGR7WYb2kZVO751+Y8fop/wuPwj/wBDV4c/8GcP
/wAVWj4f8ZaR4t84aVqum6mbfb5v2S5Sbyt2cbtpOM4OM9cGqjXpydoyTfqNVIt2TPyL8Ef8G03i
/wAGeAtb0PTPF3gLw4fFHwRsfh5rVxpVtcKdW1uDVUvZb64URp5sM0MaQM7kybeNpAArrbf/AIIB
eItFn8HarpVp8N4pvDHxM0zx7d+HtU1m71PTdXSCyltbuLzTYxpbmcGA7UtCv7hd5kKg1+rNFaFH
5Q+DP+Dd/wAQ+Dvjv438W3viXRvFuq6/4l8ReIdJ8UXusXVnqVjHqtlLbG1uLVLZ/tJUSBTIbtUK
9IAQAdfXP+DfaPS/2Ifg54A8OaH8ONN+IXgHR7mPVfFGmXbaMbvVpreGE3zqdPuY79SseHW5hWQh
VCyxgsG/UeigDkvgD8Pr74S/AjwV4U1O+tNT1LwzoNjpV3eWtotpBdSwW8cTyRwoAsSMyEhFACgg
DgV1tFFABRRRQAUUUUAFFFFABXwB/wA7TX/dqv8A7t1ff9fAH/O01/3ar/7t1AH3/RRRQAUUUUAF
FFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAV8Af8ABfT/AJsr/wCzqvA3/t9X3/XwB/wX
0/5sr/7Oq8Df+31AH3/RRRQAV8Pf8FX/AIuX/wABfCfxD8a6XBaXepeE/BMur2sN0GaCWWBLqRVc
KVYqSoBwQcdxX3DXxt/wUV+G+l/GTxH4i8I64k0ujeJ/DC6ZfJFIY5GhmNzG4Vhyp2scHtXj53JK
hFy25l+p5+ZNKkr90fmp+y7/AMFuptV8NeK774q2vg290/Q7rSrOz8QeBbqT+xru6vwxWyeXUGhS
KaIIzSO8ojVQckYG73bwZ/wVP8CfE+TwxbeE9E8WeLNT8VatquiW1npLabceTc6dDHNcBp/tYtmQ
xTRujxSujA9QeK9B+Kv7KfgT4z/BiLwDruj7/D1u8E9stpcPZ3FpPAQYriKaIq6SqQDvUgnkHIJB
wPhZ+wv4E+EWr+ENR09/E19qfgq51C8sbzVdcuNQuJZr6BLedpXmZi/7qNFUcBdvAznPzc62Gkm1
Fp9um3+Z40qlF3drP/gf5nkHwE/4Ka+I9f8AEHiO/wDHHh66t7DV/H134A8E+G9K0+2bU7u7tZJl
m826a/MJZViJcsIY1P3HlB49X8I/8FDvDvxC1vwxpXh/wl461jVvEsGpztZwwWMUmkjTr+OwvFuT
LdIgaOaQf6tpAyqSpbgHnfFH7MvwMn8L+JfBN5rIsLzT/EzeNLqa28QNaax4d1PUp2ZLmGeNlltj
K7sqYIDBivIr0D4VfsieB/gtqvhu98P2V7bXHhbSL7RbR5b2SdpYr25iurmSZnJaWaSaFXMjEkkt
60qlShvytP8ADbT9BTlT3tb+v+GPDfDf/Bcr4beK/Cmh6zaeB/iw9p4m0vVtW0jOm2AbUIdLLm+C
f6ZgNEkbP85UMBhSzfLX1R8FfjFpPx7+EXhnxtoJuv7G8V6bBqtl9pjEcwimQOodcnDAHBAJGe5r
56sf+CZfwP8AhX4R8E6TL9v03T/ClrrHh3RPtetFC41zfHcw7mx5kshlYRj7wJGAa9p+APh/wl8M
Phzp/gLwffRXGm/D+2h0MW/2oXE9kIo1CRynrv2YPPJzmpxEqDV6Kfz7a/8AAJqulb92n/X9I9D8
/wB688/ak/al8LfsgfBy+8ceMJruPRrGeC2ItkRpZZZpVijUb2VBlmGWdlVQCSQBXbed7/rXJfHL
4I+Ff2kvhlqXg7xppMWteH9VCGe3eV4mDI4dJEdCHR1dQwZSCCOtc8Jw5lz7dTKLXMubY+fdF/4L
T/DHxfe6PYeHvD/jrxRrGt63qOgW9hpMem3TG5sbWO6lxOLz7NJG0UgKPFK6tgjIra+Dn/BW3wB+
0Tc+HrHwF4b8f+K9b8Q6Bc+JhpVtZWlvdWFlBevZSPMbi5ji3faI2UIkjseCBg5rT8Df8E1Phn4C
8Q+EtXhk8YanqvgzULzU9PvNW8RXWozGa6tVtZN7TMxKiJFCqMAHJxkk1xmif8E6P2evDOueHPh1
o2p6toXjLwvo91c28ej+L7nTfEE+j3N68s8c7W8iSy2bXMp+8CFY4BBJz2OeEfwp/wBX/DY6W6HR
P+v6R02n/wDBVXwhqXgbxj4qTwX8Rx4W8CeKW8I6vqzWlh5EF4l1HbSOEF35phRpo2Z9nCHOMgga
en/8FMfCPifxFpOleG/DHjjxTd69quuaTpn2CGxjjv30gJ9rlR57qJfK3MVQkgsY24A2lrkn7Efh
rwZ+zX8Vvh/4PiFqnxRk1fULptUme6hW/wBQh2SSEfe8sMFO0dMcHPNeba1/wSp0i/0D4G+HLLxJ
rOheHPhNo+o6bdvomoXGlalqct3DErzJPA6sm+VZHkUkhhIQc0lLCu99N/y/zEnRf9eX+ZoeGP8A
gqTD4n+Nd35PhnUz8K4PhdB8RzrRjt1vLeBnnaSSRDc58pUiMexIzL5qtwY9rmXwz/wWb+E3jK3u
ItKt/EWq62t5pVha6Rp0mm39zqE2ouyWyRywXb2ytuRg6yzI0ePmAyM93qf7A3wz1DxF4c1CLS9R
05fDfhs+D1srHVLi2stS0jY6CxvIVYLcxLvcgSA/MxJJOMcnpv8AwSl+Eml+A9S8Pr/wnE1ve3Fp
c2tzceLdQmu9Fa0kMlt9ileUm38ticFMEgkEkYwe1wj3T6f1uHNQe6Z2v7FX7SXiH9omH4myeIdM
j0aTwj44v/DtnabEWeG2hjhZFnKSyxtKDIwZo3KnAx617b5/vXmH7OX7NXhr9lzw1q+l+GpdcuI9
e1WXWr+41fVJtSu7q6lRFeR5pi0jFhGpJYk5zXWaX8Q9E1zxdq2gWer6dda5oMcEupWEVyr3Ngk4
YwtKgO5BIEcqSBu2nHQ1zVZxcm4LQwqNOTcdjT8W+L7LwR4V1PWtSmMOn6PaS3t1IF3GOKNC7tgc
nCqTgV8yfDz/AILFfCz4qaFrt5oVp4k1W40Hw03i6SwsJNNvrybTkkVJXEdvdyeXLGGDtBOY5tp4
QnivojxLrGh3MsPh7V7rTGl8RRTwQ6ddTIH1KNU/fIkbHMgCHLAA4B54rwTwt/wSt+Evgzwvr+ha
ePGiaH4hsRpUunS+Kr+e2s7HzUle0t0kkYRRSGNVcL8xTK5AJBujOik/ap36F03Ts+e5p+GP+Cm3
g7x9oPgnUPDfhnx3r8fxK1O807wlHb2drBJr6WkbyXF3GJ7iMRW6CN/mnMTNjKqQQTgar/wUbvPh
z8fvHGkeK/B3iSLwjoMPhdUubS1tXuNBm1Z5oiL/ADdfMvnCJR9mWXb85ORg1u61/wAE1vhfqmiN
p9tD4l0GC11mTX9GOia7caZJ4YupIjFMdPaBlNtHKpbfEp8sli23PNbdz+wt4BvdE16wuE126TxL
b6Hb6hLc6rNcXFwNIl82zZpXJdn38uzEl8nJrX2uGWyf9Nefb8fIvmo9n/T/AMvxKMH/AAUr+Hs3
7WEfwaP9oHxdNNdwJ5N3p11CHtoHncOkN088JMcbECWJDnAO0kCuX0//AIK9/Dx/Btzrmp+HPiBo
VoPBsHjqwS9sLV5dY02a5itUMAhuZP3hnniTZKYz84IyvzV0/hv/AIJ6fDrwp8cj8QLNvFY1ddXv
tchspPEF1JpVrd3sM0V1LFZsxhRpBPISQucnggcVjfEP/gm74D1z4YHRdL09Zbuw8Bf8K801dUu5
5LVNOE8Nwgk8pkk8xZYI2EisGBUEUKeFuk79P+D+gKVG636f8Ek8Zf8ABVDwP8MrnxFZ+LdA8W+E
9V8NajpOlXNlq0ulW+6fUoJ7i3AuPtptkURW8jO0syKuAMknFeo/stftVeFP2wPhND4y8Hz3E2lS
XdxYOs4j8yGeCQpIhMbvGwyMho3ZGBBDEHNfOvwT/wCCUWkWXg3x1Z/E3WtT8W6h401LTdQS7g1z
UnvNJbT4GitpYr6eZrnzh5kp3BlUK4QLtBB+kfgT8EtC/Z1+Hdv4Z8PPq81jBLJO82p6nPqN3cSy
NueSSaZmdiT74HQADipryw6jane+nptr+JNV0krQ3/D+rnfef71ifEz4k6Z8JPhzr/irWppIdH8N
adcapfSIm90ggjaSQhRyTtU4Hc1e873/AFriPFfxI+H3j3wpZ6LqviDwzqekfEIXOi2cDahFJFrp
2SJPbxEN+9YKsgZVJI2t0wa5oyu9tDFbnzH+1x/wV9k+Hfwc11PBXhTWNM+JVnFol7baX4otLdol
sNTuUhjuyLe7KsMts8syq6uy7lChiP0o/wCCZs/iG58J6nJ4raFvEj6Xpjal5VqlqgmJuiwESTTq
mDxhZpBxw7Dmvhuy/wCCV/whtvAmp6DNZeI9SGrXFhLPqOpa7c3+orFYyrLaWqXEzM6W0TKMRKQv
rnrX3/8AsNNu1zxh7Qaf/wChXdevgKlF4qlGkur/APSX/wAE9HCTp+3goLq/yPoaiiivsT6EKKKK
ACiiigAooooAKKKKACiiigAr4A/52mv+7Vf/AHbq+/6+AP8Anaa/7tV/926gD7/ooooAKKKKACii
igAooooAKKKKACiiigAooooAKKKKACiiigAooooAK+AP+C+n/Nlf/Z1Xgb/2+r7/AK+AP+C+n/Nl
f/Z1Xgb/ANvqAPv+iiigAr4A/wCCzOneKNc8DePdP8G6VHrniW/8Ix21nYPO0H2kvJOrqHWSMhvL
LlcOmWAG4ZzX3/X5/wD/AAWX+KGvfBXwb4/8W+GYrCbXPDfgptRtBeuVhVovtL7iArbsAEhcAMQA
WUHcPHztv2Mbb8y/U8/Mm/Zq3dH5ZTfB3xH8H/gtoHhjxB4b+J8nhHUvjXpz6PodxqEdvrF9YSaH
P58UTQ3eI1a4WU7PPHfPJOZPiN8FvEljoPwu8G654K+IeqjUNJ+Ilz4c8J2OumPUtGtnvtMbS47q
cXaCQQrIhO6WTZvUYbZx9TaD+3P4iu/2kbD4X6p4B0s6raeFrfxfq+qweI0NhplpJO8JcGa3jZmU
KGIAGNxGcLuPnun/APBZzQNW0vx9eWnhSHW5/Ami2msxTaVqkktpqMdzfJZ+VHPPaw5ZXIJeNZIm
xgSEg48CNfENpqF+u/e6XXz9TylVqt3Ufx76I4q0/ZS+NVjpfxDbWrLUtZ8Tax4f+Hlo2pwXKbtT
urC8ifUCH3AsY0DlmON4yRnNavi/4IfEWy8S/G6/j+GfjfxH8Sddn16PRvEc3icx6FeaNPEy2lok
CXaFXWMrGsYRCJF3+YOtej+P/wDgqX/wqPwNr+oeLfAN54f1Pw14wt/CWppNqYuNN0zz7SO7ivLi
6ghkKQGOVFJWJyHYDHORQ13/AIKw/YU1660zwVYa/pXhXwhZeNNTvrHxKkkUllcTyQn7KRb4mZBG
Xw5iJGQdrDbUKpiXryL7/Rd9tvvJ56z15V/VvP0PnfQf2AfFN98N/Flhqvw++I+teEND8eeGfEGh
6Hqmoxw6lcWIVU1YQJHeGNGIzhDMGwAQQ9a/iL9lH4oPrOsCPwJ4/uPhTdfEex1G98K2mtrbalfa
CmjRwxxhvtSl1hnUB4/OyzLnLY3V9H2H/BTyw1v4qX2k2HhC/uPDWl/ENPhjd6w1+kc6asyn5ltt
h3W4cBC/mBsnIQjmvNfH3/BTP4oeJvDXwZ8ReE/AejeH9C+I/ju38Nxyatra3DanEXu45ExHCWtx
utwfNIZgDwh5I0jiMU3rFfN+XrvpfuWqtdvZff8A8HfQ8a8VfsJ/HX4ieAtFs/Etl41m/sjwF4sX
SLe38QNHc6dcNcLLothcTRzZmkUInDM68BWY4r9Gv2SbfxNpH7LHw2tPGn2z/hL7XwxpsOt/a5BJ
cfbVtYxP5jAkM/mBsnJycnJrs7S6me1iadI452QGRI3LorY5AYgEgHuQM+g6V4F/wUq+PPij9nz9
nSy1/wAI6kul6tN4o0bTnmNvFcAwXF7HFKm2RWX5kYjOMjOQQa4Z4ueJcaVktdPmcsq8qzVPRan0
Z9p96/O3/go/+zp8YPGH7X3jjxj8PfBMviW1v/hBb+HLaRrw20Vxdf2/b3E0Csk8Mm8WyyOAHUNt
25Odp7vxd/wWN0bQPjfqngPS/DNt4u1e1tdbmtf7E1eSdXm0yCSd7aZ3tUjSWRIyAsLz7GID7cgm
tP8A8FrPDEvwwuPGdp4Vu5fDMEGhRG/n1JIYotR1TcfskhCNsW3jUvLINxHACHNa4eliaMlOML37
+b9eppShWpvmUT5g8Q/BD4rfsr/sr618QQ/i7w74h+GPxMS88A6d4i1BHk1PS79La2ksvKSaVMSO
QwjDkqUbHJJPS/Gr/gnP8ZvA+reCdB0vVPiZq/hjQPB8DWmo+HL2K4u7PxI11JcXczJLfWoUyM5C
zN5qrHhNo617l8Mv+Cyth+0B418G+GPCPw5n8Rax4r1fW9JXOtQxWcc2lwwztNFLJEPNgkinVkcq
jcH5M4Ffbvn+9bV8fXote0ik3f8Ay/O/rdmlTFVabXNFJ/1/wfvZ8f8A/BOz9l3xZ4D/AGmfjf47
8fWXiO21DUvFF0fDkl1qbtaXFjOEaSVLdJDECzRp8xXcAMDAJz9l/afevGP2tv2tbf8AZTtfh7Lc
aLNrX/Cf+NdN8GRiO5EH2J7zzMXByrbgnl/dGCc9RXhPir/gs5oXhKWzTUPCo0WC917W9CTU9Z1Z
rTSRLptx5JQ3KW8m2ab7yo6KoH3pBXHKNfEtVFHfT7v+GOeSq1nzpf0j6c/ax0rxV4p/Zi+IGm+B
55LfxhfaBewaO8cgjk+0tCwjCOcBHJ4DEjaSDkYr8/vDf7JPjLQPD3xug8KfCHxx4e8JeN18FWf9
mapqQutXmtrWe5fU5bdhfZeVGZWCPMisGOVIJU+hxf8ABV7WPBPxa8XWEmiaj4z/ALQ8aeHPCmh6
Umo2EFvp8mp6c9yPKuYoiJo9ygF3dwc5VgvB3PDP/BZy18axeHNP034b6ofFOr2eu6hf6fdavFFb
aTBpLTLOTcLG5kZzCyoFjwSRkgfNXVRhiaUbRimnZ7+ku67fnY2pxrU42Svez/J/oeY+DP2NfFsM
PwK1Hxd8OfHXiiy8A+J/E1pHa3OpxjUtN06aXfpLzeXdKpjRwpbZI+1Rt+ZQFLv+Ca/wA+N3wv8A
2vfDfiDxP4T8X+FNO1XSdVh8ZQy3wn0eS780NZmLfeXEkp28+Y2CCxA4zn7q/Zm+OkX7SX7P3g/x
7Bp8mkw+LdLh1NLOSYTNbCRd2wuAAxHrgVW/a4+KWqfBr9lr4i+LtFaBdY8M+G7/AFSyMyeZGJob
d5E3L/ENyjI71nLMKsm6LirvTr1b/V/kS8XNt02lrp+L/wAz077T71x/7Q2neJ/EnwG8aaf4Kvl0
7xhfaJeQaJdMwUW940LiF8ngYkKnJ6da+Pv2df2nfj74/wBF8AaHr3ifwDLrXxs8Dv4t8MavZ6DK
reHJYVspZYby3M22aNo7sKjqyHehyMEY574E/tn/AB21L9nnxH498T+KfB+qJp/xBsvA9taWmgG2
Zca3bWVxOzGVgQ8Ur7VxlTg5OKzWEnF3utGu+utu3dP7iPYSTvdaNf1seY/D/wDYL+OXjLwX4w06
DTfHvgK3T4fWU7pq/iVb6TW/HFpcRXH22D9/LsjkMbxs+UVhL930sfEb9ij9oPxz8MfBmua4ni8t
498Sa54m+I2g6PdpLdaXLOiR6ZHHD9rthLHAkYOxZgEdyxD4xX0r/wAFR/2uviv+y9a+F5/A/h+7
/wCEYvjK+ueJrXQG8QSaQy48uNrRZodkbAkmYsQMYC56/RXwB+I5+K/wM8HeJzqGnaq/iDRbTUHv
LCGSC1umlhR2eOOQl0QkkhXJZRweQa6Z4+tGEa1lZv16W/4PfRG0sVUUVUsrP+v+CfGH7HP7HvxF
m/bI8I+JfiZF4/vtG8J/Dy3gstR1fU1glm1SDVJzCt1Fa3DxyyC0dCQ5kU8FiXHH6EfafevPf2k/
jfH+zp8AfGPjyewk1WLwjpNxqr2ccwia5ESF9gcghScYzg4r5o+LX/BYK3+BMOiw+MPBlh4b1TXP
D0nim1tr7xKmy4shtEUcTxW77rqU7wsRCoNnzSDPHLJ1sU1KMfLT79jBupXfMkfamoQxapYT2s6l
4bmNopFyV3KwwRkcjg9q/KX4W/8ABNjVpvCXwk8JXHwu8ceG7jQ/GWoyeM9UTWTFFe2bxaittLbS
x3TOiBJY42KLGT5nO7JI+0PCX7e5+Idx4l1XQvB9zc+CPBllY32s6xc6ikFzGl1psWpfubUI3m+V
bzxF8yIcsQgciuT1j/gqFceEPAE+va58PZrNbvwCvxD0aC31tLhr6yM0EXkTEwr5FwPtMLFR5iYY
gOSK0w8sRSvGC3t18nbr5/qXSdaF1Fb+f9dz41g/Yx/ac8XfCr4Xaf42f4njR9A8MX1lHDo15Fc6
ro2rJqtw1tO6NfWwZjZ+QqTM8gQLtKDJNfsj+zP4t8X/AAw/4J//ABW1y4v72Dx74b+GMV7JezRw
tcx6nBpt65lZU3RFxMu4hdyZ6ZHX8+/23v8Agpp8Qfhx8OPiP4e8PeDT4Q8e+DfCcXii81KfVLa+
t9Jimvlt4FRPJdLiZ1yxVgqKCfmJAB/TP/gmBrsPxD+A+qaj4reyvLfW/Cmj3GsNdpGltMstvctO
ZFwECEM2RgKAT2r08JVqzxVGVRJJuVrf4W/u1O7D1Kkq1NzSWr29Gz5o8Mf8FD/i3q3w3/4Jk3X/
AAndxPqHx0vvL8clba1LeII1tI3feBH+7AkY5MQTBOPavPfGH7dPx/8AhB+wZ4g/aRtfjjrWp6xo
Pxov/CB8E6zpmlTaTrmmJrr2KWVqqWqXS3Iiw+8TsSsUhx3H3d+y7/wTr/ZE8B/EHS/Gnws8LeBL
zWvBRlOl3Wn67LqsPh3zQ3mfZ4mnkitdwZyfLVM7ia5zwl+w9+w6Pipp+r2Fv8M9X8RDxC2u6faX
PjOTU4E1eafzDcQ2Ut08CztM2QUjB3HivrT3T5H/AGtf23Pj7L+2b+2B4T+G/wAQvi/P41+GeoeF
4Phh4O8N+DIdY0W9ku9Pgmu4tQm/s+URRklnDTXUGAXILBcD9NPFfwx8ZfG39n7wrBq3jjxb8MPG
ENlbX2tXHhBrDe139mxPbZvLa5jMIlZiNqhvkX5sZBt/Aj4ZfCy18fePPiV8PBoV/rXxLurRvE+s
6XqZvo9UnsoBBAGIkeNGjhIXCBeCCQTzXZaN8SPDfi3X9S0TTtf0TUtV0v5L+xtb6Ka5s+2JY1Ys
np8wFAH5qfsb/t6fFH4Lf8Eifhx+0H4q1/xh8dfGvxT17SPD50HVbrTdNtbSS61iTTwbNoLWLY7K
yEid2Usi/NGNxqx+3F/wXi+K/wCxTeadpeo/ATwtqvifS/C7+LPGOhWnxCgutQ8PWoup0x5UEEjs
i26QytO6pFmfaDlTn688R/s/fs5/Av4HeDvhNraeDvCvgvwpf22ueHtE1PX2tBbXFrd/a4Z0aWYS
vsufn+ZmUnggjiqnxq/4Jk/s4/tq+M7j4ieKfAuieLNX8TaMNKudasdUuoF1nT2UBY5GtZkSePAX
aW3Y2qQRtGAD5v8A2uf+C5njb4IX2uXngX4Gjx94b8N/C/RPipqt9P4nh0uTTdPv5J96PG8bGR0S
EbRHuyS2cADdzn7Y3/BxNrP7PXjjwHH4d+Cx1Hwd4w8KaX4qHiPxR4jXw7YTi+iEq2dvcSQtbtPG
rpu8yVeWxjGCftvXf+CfHwd8TaJr2m33gm0uLLxP4PtPAOpxG8ugLvQ7Xf5FkSJAQqeY/wA64c7u
WPFcn43/AOCQ/wCzp8SV06LXvhraarZaZYWGlxafPqt+2nzW9jGkVok1r5/kz+UkaBWlR2+UZJxQ
B8e+P/8Ag4W+I/gX4kfEq9X4B6Zqnwg+E3xSHw48QeK4PGEaXUYkuY4IbiOzaLfIx8wMVUlfmA3d
SO88ff8ABeHVfAvx01a9b4Q3Nz+zt4d+IifCvVPHw1yJdQg1slEdl0wr5r2ySuqlwdxXLAH7tdP+
z9/wQX+GPg/45/Fbxx8S7TTfiRd+NviRceP9BtZftdtZ6AXYNFE9ss/kXEkbDIkePvgADivc9d/4
Je/AHXfjVJ8RL/4baJP4nk1hPEcsrz3AsZdTQAJfvZ+Z9la6GAfOaIyZGd2eaAPiHxr/AMFs/wBo
P40fso/tU+Kvhf8ABPRtNt/gRf8Aifw//wAJXP4ptnS1m01YCLpLOaLdLJHBJNcmNlMbGGOMMxdt
v3L+wR8cPiX8V/2LPDnjb4v+ELbwz4uutMF9NYaRerqzX9v5KyR3CCFB+8mU7vJVcqW2im+Ff2Xv
2f8A4H6b4s+EtjpfhXR1+Pt1rGu6x4ZudVZ7jxdJPDHHqc6QyymR08poxJ5QCIGXhc8+h/s+fs6+
D/2WPhlZ+DfAulz6P4csGLW9pLqFzfGLIA2iS4kkk2gAALuwoAAAAxQBx/wa/bc0X42+PLfw/ZeB
fjPoVxcxySC78RfD7VdHsECKWIa4uIVjVjjABOSeBzXzN/ztNf8Adqv/ALt1ff8AXwB/ztNf92q/
+7dQB9/0UUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFfAH/BfT/myv/s6r
wN/7fV9/18Af8F9P+bK/+zqvA3/t9QB9/wBFFFABXxd/wUQ8LaZ46+JWpaHrdpDqGkaz4cjsr22m
z5dxBI1yjo2OxUkfjX2jX54f8Fp/Aut/FjQfGfhTwzrMGieItf8ACCWllcyzeUoZpJwULYJUOu5C
wBKh8jkV4PEbX1aN3b3lr231PMzd/uVrbVani3w3/ZS+Evw11Z9c0bSoJbq/0ZvC0l1fazdamLqw
MrzG0Y3E0gdd7OcHJA+XO0ADB0j9gL4D+FvDV/DbeF7KDStd06DRpt+tXjRS2kVz9qht0LTkIizD
coQjAG0fKNtfOPh3/gnZcar4A0fwvfaKuneEpPiDp3iLVNDm1uyjhitY9Ouba5aBbGOFYw7PACqn
c5DMduSDZP7BuoeH/C3gTQb/AMG+HvH/AIE8Far4tS08J3mvrDFa297f+bpdyrPkSNDbh49rndH5
25cstfIupBPSu7+vZNrXm3v+e54HMr/xX/XzPqn4h/s0fCz4gTa4uuWEX2jxHqaajqLw61dWU092
ltHaht8UyMh8hY0KKQCOoJYk+Zv/AME2/g7B8cZtfvlsTotnoen6FZ+FkupLWxshZyyTo0ipKvnh
t5YxzKynbuIJya8m+LH/AAT78MX/AMMP2gfGHimw06w8W6iLu/8ADWqw6lNdPptvFpVmIyEViCwu
bZ/4DIwC9eAPD734KX/j/wCHX7PnjPxj4Tg8Z+Nfi54zuPEfizTZmFvDdIdNlitYJC3EMYgSLh+A
zv64rWg04+5Xdtvwvpr2Vr6dupdPVe7Ufb8L9/Kx97eI/hf8BtK/ac07U77TtDh+JGoQv4ltIY5Z
x9tMQ8o34tkPkSXAD7RKUMpzhSccWh+zN8Gvif8AALwl4Wk0BR4OsLz+1fD9tPc3unXdncmSR/Ni
d3juo5N0sh+8GAcjpgV8efAD/gmt4y+FWq/B6/8AFum+EvG974V8L6votzM2pRu/h+ae9a4sWhaY
BpVgWSRQQcqZHC5GM8/rf/BMz4k6h8D9E0HUtM8L+KNRsvh1beGtEFxr626+CNXS5eSS9iYA7gyl
Dvjy5KbCNtDVG6SxG3W/m1prp/k/MGoXSVXb/g7an6f6dqumaYsGmQ3kHmW4FvHC1z5kvyqPlO4l
mbbgnOSeprn/AIzfDLwd8b/Dcfh3xlaWup2ENzBqy2sl28BWS3kEkcuUZWwjqD128YORxXw/of8A
wTf163/aJu/iNqS6VfeLLP4heH9YsNZGsFZH0uC1gh1AmPcF3SMjfKy7mGOa9Y/4KN/sp67+0fqn
hDVvAuoaZY63tuvCuv3Ut2sTL4fv1AvCn96VPLXYO3mMRXHajGrFRq79eztfv+P4GFqanFKfz7P7
zvtO/ZA+CHwj+LOk+OtP8MraeKDqU8un3Ftdahdw21zqQZJpBbJI0MUcvzbmKLGOTlTzXm/7O/wj
+APwx/ZwvPh9f+IdB8a6R4n8f3NtcOlk1sp12WdnjhjWHLQNF5IVJAwC+UCHFcB8MP2LviPBp1o3
il/D9xeaD448LW+mmPUY3DeGdDdhFIxP/LZhLKzJ1LGsfRf+CZEdrpV94Xl8FeErTSLv4sx+JbzU
LDUo7Y6l4fzdFLX92UmQwrNt2ZA+dtpIzXWqtKzjOu3t1XTtd9L9DfnjZqVRvb+vxPsLwR+xx8L/
AAh4s8L+KNJ0J5NZ8KNeT6RqU2r3l7NEbyFIbhy8sz+aXijRcybsBRtxXplr4ksL4oIb20mMjmNN
kytuYDJUYPJA5I7V8v8A7Iv7PfiD4I/sOeKvhtq0sK3LT67b6Ha2usqrQWNxJMbWJLghjEQrjDEM
UJzg4xXy143/AGe/G37Df7LWteLPD+l6JZeIfCHizRdT8GWcUMFxqV+/ltY3KXi2YWCQyR3Mg3qF
Zgu5zkDHPGEK03B1btOyv1u/XRa6/MyUFUk4893ey8/xP0S+N/wr+Hn7SPgqPQPG1lpGv6RDdx38
MUt0Y2guIn2pLHJGyujqzFdysD8xXuQeDvf+Ce3wIm8NjRpfCVlHpKX00slkmsXkVvNNPJ5skUqL
MFkVnO4QuCgzwoFfOHxT/wCCXdr43+H+kaK9hpmpHw98KdS02wlfVmt2/wCEqnmS5S6OxlyDOZZN
zZQE9OlZ3iD/AIJpaz9u8R6Hp0FmPBniHxN4P1y5t5PEUjyzvapMNXnLtIZBK5ZPmDAvgYIwK0py
pKNo4hry+aX829tSoOCVo1Wv+H9T6xi/Yb+Ct34oh1e38JaWuoPrNh4kgNrfTxRre6dEbe1mjiSQ
IqwxsUCKoj5GVJxXk/7Wv7Dnwe074OPqK6p4e+Hnh7wrJqc9/qz289/cWcuoOonZZluFkQl3fMTG
SFjL80RAArx/w3/wTF8QfDL4laVrHguSz8OzaV4v8RpYXY8QyyjTfD13YyJZxJGzsAFuZC5QDdnk
kmuQ8Lf8Er/GVl+zd4+8LNYWlrrXiXwdb6ZcQz+IbKbSdU1a2u4ZortY47dZPNKrN+/mff8AOFIb
G8b06lOMlL6zpp27tdW1ovU1hKKaftu3+XfsfoX8DvDnhb9mn4A+G/B+m6z9v0rwXo0NlFMzrPdX
EcMX39kQJd2CM21FJJyADW94vtPDHxl+G9xoetql5oPjTTntZbO4aS0kvbaePDx7TslQlGwQNrLn
sa+H7D/gnFbeJfjN8UfFt14H8N+Hba/8EW2l+B9Ng1WMR6LfiyubeVdkLCMLmUAMwIwxIxzXUfD7
9kTVvDvxW8A6v4s8I+HfHUXh/wAKeGtJ0y6m1qOKTwVeWJJu5IkI+cOxRw8Z3MY9hwpzXJNULuaq
3e/TffTXp697GElTvzc+u/Tf7z3D4F/s9/BP9kb4lp4f8G6JZ6B4p1XQpbtPOuLu8uP7LtZYI5FW
e4aTy4UkngHlh1BJU7TtyNG8/ZH+Ed98I9S+HsmiWo8L+KdTfxDc2Catcxvd3bTrctcJIsolH71F
f5GCjHAA4rxD/gpJ+yT42/aq1+SbwV4ls9DQeBdU0SVmu0jTU5Zr/TZ1sZSP3iQTR2soZ4ypGFBJ
VmU8Y/7DPinWP2tNM8cavawSWFpeaBdaGNP1axjHhO1tYY0udOPmxPKYMiX5YH2zB8NtPzCoThOK
qSr2k9Xrrdbdfu7WHGSlFTdSz/VbH0Ncf8E/Pgdr3h7RtOk8PPdW9n5p0+X/AISTUWuZEZi8ief9
o82SPOSUZ2Qegr2zwx4f07wX4csNH0myttN0vS7dLSztLeMRw20SKFSNFHAUKAAB2Ffn1+yP8KvG
mjftD/ETUdOttOvvCnwG/trw58MdLupzZxXt1ez/AGqUPKwJ2RqyW4kAxt6ZKkn708N+JnvPD1hN
qjWVnqUttG93bxXCyRwTFQXRW/iAbIB7gZrnxtRxai6nN8++u1+1r+d10MsRJxdnO/8AX+RJ8Svh
/onxf8Aaz4W8R2Q1LQfEFpJY39qZXiFxDIpV03IVZcg4ypB965D4hfskfDv4oxaGNY0CRpvDdmNO
066s9Ru7C7t7YBf3HnwSJK0fyrlGYqSMkZruP7dtP+fq3/7+L/jR/btp/wA/Vv8A9/F/xrljinH4
ZW+ZgqzWzscRL+yT8OZfiHbeKf8AhG4o9atreG2LxXdxHBcpDF5UQngVxDOUjwqtKjsoAAIwKxdH
/YG+EOhaDr+l2/g+P7D4lsBpV7HLqN5NizDiQWsJeUm3gDgERQlEG1eOBj1H+3bT/n6t/wDv4v8A
jR/btp/z9W//AH8X/Gq+vTW039/bYr6xP+Z/eecfHb9h74U/tLa9JqnjXwlBq+oT6f8A2TPOl7c2
b3Npv8wQy+RInmKr/MofO08jBr6I+EfgxbH9jL49+HNAsJ5Et/AD6bp1lbq80rAWN/HFEg5Z24VQ
OST6mvPv7dtP+fq3/wC/i/419If8E6ryO91Lxs0UqShYtPBKsGxzdelerkWJlPHUoOV0r2V/7rO7
LKspYmEW9Ff8mfl5+x5+z1B4w8H/ALAem/Db4KeNfD3xd+HWuWdx8TfFR8DXvh+3sdIVZPttnf3k
0EKXjTKQFQPJ/EM/Ng/VX7JP7D/hnw3/AMF9v2ldVm+EGhWHg2x8MeF7rwveP4Vii0y3vkhjaWSy
cxCJZ1kGWaIhgwyea/Taiv0k+vPw6/4INeJIPg3/AMEY/iR8DviD4b+OXhbx14sufEbwado3gTWV
1drefTY1WS0nNsLdbgiOTyg8qkuqjqRn0v8A4JCfCnxD+zd+1h8PPAvhXwjofxK+Hmm6LqKX3j3V
fgxf+A/Fng0iMeVb3d5coiX73DsUZULuShdiAoNfr1RQB+R3/Ba74RX/AIw/4K+fAHX76DU9M8G6
Z4G1e2v/ABB/wrOfx5p9jO8reXFLZJDKpdzgKSMrndWB+0baftBeOP2s08H/AAu+JPxi8G/CrQv2
bf8AhI9Mv/CnhJtB0/VNetZpWjhWzltttpNOFjzbIElVPkGATn9kKKAPyY+Knxr/AGgfiRqnwb/4
Tvx3+0B8HvDVz8HtF8QLqXw98Ay6zc694vlXN5Z38a2k5iZMRlbZ1jR/McFhjj2Lwj8Gfjf+1N+2
B+0vpl78ZPjJ8OvCXh3+yrTwdFZ2kNnZTzXfhmNZLpWkhLsILyRpjFDKqecpD5xgfoLRQB+M3wD/
AG+Pjb+1l+xF+0p8Xr/xD4u8EXX7PvwnufAa2lvdgW+p+MbS1nm1LWCR/wAtYytssY5AErE84x5D
8f8AQP2pf2s/2f8A49+CNB8U/H34t/C3WPhNpmv/AG7XvCbaZdy+KEu7WSXSbFGtIHnt2tt7MsSO
G2ghyxy/7F+Av+Cd/wAIvhn+yv4o+C2i+FWtPh340GojW9P/ALRupJtRN/u+1O9y0hnLuGI3B8qA
ApAAx674V8M2fgvwxpujadEYNP0m1isrWIuzmOKNAiLuYknCgDJJJoA/Lb4NS/FL4c2f7L6/DzUf
it8Rjpnwz8fTT3PjPQJ7WcaxFZacdPsZ/Nt4GiiSfzIYQQokRDhnA3V5F+zb8eP2vYbLWynin9oP
xo+tfBjXtZ8ap4r8Dy6OngnxfHbObS10qT7LCXfzAFWKIyKVO4ZPCftrRQB+YH/BIu+/aN8OfHb4
Nz/E7x18WfGuh/FL4N3GveI7HxXpqx23hfW7e8so4YY2WGMxSvFLMWSYmR9rMSccegf87TX/AHar
/wC7dX3/AF8Af87TX/dqv/u3UAff9FFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUA
FFFFABXgH/BRT/gnX4W/4KUfCzwr4W8U+KviB4L/AOEL8V2njLSNX8G6nDp2q2eo2sNxFBIk8kMu
zb9oZwyBXDohDDBB9/ooA+AP+HBf/V6n7f8A/wCHe/8AuSj/AIcF/wDV6n7f/wD4d7/7kr7/AKKA
PgD/AIcF/wDV6n7f/wD4d7/7kprf8EBVc5b9tL9v1j7/ABdz/wC2lfoDRQB+fv8Aw4Cj/wCj0f2/
P/Duj/5Eo/4cBR/9Ho/t+f8Ah3R/8iV+gVFAH5+/8OAo/wDo9H9vz/w7o/8AkSj/AIcBR/8AR6P7
fn/h3R/8iV+gVFAH5+/8OAo/+j0f2/P/AA7o/wDkSj/hwFH/ANHo/t+f+HdH/wAiV+gVFAH5+/8A
DgKP/o9H9vz/AMO6P/kSj/hwFH/0ej+35/4d0f8AyJX6BUUAfn7/AMOAo/8Ao9H9vz/w7o/+RKP+
HAUf/R6P7fn/AId0f/IlfoFRQB+fv/DgKP8A6PR/b8/8O6P/AJEo/wCHAUf/AEej+35/4d0f/Ilf
oFRQB+fv/DgKP/o9H9vz/wAO6P8A5Eo/4cBR/wDR6P7fn/h3R/8AIlfoFRQB+fv/AA4Cj/6PR/b8
/wDDuj/5Eo/4cBR/9Ho/t+f+HdH/AMiV+gVFAH5+/wDDgKP/AKPR/b8/8O6P/kSj/hwFH/0ej+35
/wCHdH/yJX6BUUAfn7/w4Cj/AOj0f2/P/Duj/wCRKP8AhwFH/wBHo/t+f+HdH/yJX6BUUAfn7/w4
Cj/6PR/b8/8ADuj/AORKP+HAUf8A0ej+35/4d0f/ACJX6BUUAfn7/wAOAo/+j0f2/P8Aw7o/+RKP
+HAUf/R6P7fn/h3R/wDIlfoFRQB+fv8Aw4Cj/wCj0f2/P/Duj/5Eo/4cBR/9Ho/t+f8Ah3R/8iV+
gVFAH5+/8OAo/wDo9H9vz/w7o/8AkSnJ/wAEB1jzt/bT/b+GfT4vY/8AbSv0AooA+AP+HBf/AFep
+3//AOHe/wDuSj/hwX/1ep+3/wD+He/+5K+/6KAPgD/hwX/1ep+3/wD+He/+5KP+HBf/AFep+3//
AOHe/wDuSvv+igD4A/4cF/8AV6n7f/8A4d7/AO5KP+HBf/V6n7f/AP4d7/7kr7/ooA+AP+HBf/V6
n7f/AP4d7/7ko/4cF/8AV6n7f/8A4d7/AO5K+/6KAPgD/hwX/wBXqft//wDh3v8A7ko/4cF/9Xqf
t/8A/h3v/uSvv+igD4A/4cF/9Xqft/8A/h3v/uSj/hwX/wBXqft//wDh3v8A7kr7/ooA+AP+HBf/
AFep+3//AOHe/wDuSvQP2Kv+CN3hb9i79qfUPjH/AMLf/aA+LPje/wDCsng37V8R/FUOvfZtOe8h
vPLjf7NHKu2aHKr5hQebKduWyPr+igAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACii
igAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKK
ACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooA
KKKKACiiigAr52/4KMftj+NP2Jvh54a8TeGfAHhnx3Y6z4h0/wAN3aan4tn0KWzuL+8gtLV0Een3
Ylj8ybMhJRkVQVWQnA+ia+IP+C8Xm+LP2VvDHhCz8MfE7xPe6v448PalNF4M8Na1qdxbWNlq1pPe
TG402F3tXSEMyHfHIxU+Vll4F/Fpxb0c4J9NHJKWvTS7v03KXwzaV2oya9VFteuttOux7Xpnxl+L
+iaL4on+Jvhn4RfCjSrDRpbyx8WW/jifxHpNjcg7QL2G4stKdY1B8zKS4ZUZTJGSpPfeNP2ivAfw
k/4Rq28Y+P8AwT4fvvFckdrpA1HV7fT/AO27hgMJapLJmVmJG1ELnkdetfFv/BRH9kHwb4a/4JE/
HWw8HeGPit8Rbv4paYuq6RpGu2eu+MdeTVHtIYbRlivUn1G3dDFG37/Bt33ZMWMDyz9rXxVqGqfF
y6j0HwX4m16H4o/Ayw8Ja3b+IfAfiu7/AOEdglnvFSeO007Sb2dJgxmMtreJZiUxQFJvlfY5uyaS
u07W2bfLKVrvRO65b7JWk1uOMVKzctHd33suanG+lm0lJyte7acY2ufq3XC/tJfH7Sf2ZPgzrfjL
WIL7UI9KhJttOsY/NvdWuCMRWsCfxSyNhQOgySSFBI8+/YHbwB8JP2dfhl8NPA0eoXGnaX4YRoLy
18GXmj6fO8DiG6efFulvaXr3PmNJayslxvMpMZKuRlftn/s5/FX4n+Km8T+CvHHgLT7HQ/D15a2W
h+IPAd5r8yXkscqy3VvLBqtmFmkhZYV3RSFAX2nErqc8xTpKapO9uazt2vrZ+ats7PdOzQYFqpyu
orXtdX720uvJ33Wmz2PQ/wBi/wDaOH7X37J3w8+KK6OfD6+PtBtdbGmm6+1GxE8YfyvN2Jv25xu2
Ln0Fem18h/8ABImLxX+zx/wTa/Z/8JfE201aDxJe6JZaXaWFn4J1O1m0NVtQy22pDdceRIgRw9xO
baJmKqERiFb68rux1OEMRUjT+FSaXXrtfyXr6vc5cNUlKlGU92k3/n8/61DNfOf7Hn/BRfRP2vfj
78WvAdnoV7ok/wAN7uA6beXFwJE8VabKZIhqVuuxdsP2m3uYhguCI0fd84UXv+CkXx6134Ifs2ah
B4U0jxvqXizxe66Dpd34c8I6l4kOgNcERyalcQ2MUkgito2ebHymQxhFO5hj42+KXws+Kn/BO/8A
bA/Zw+JUqt8S/DumaNP8ONa0n4XfBjxAl1Z+HTEskVzdst9qQY291HAyowilYSzFRJhwvNQtKp7+
kX7t/wC81dfc+WOvu2nJvWB0VU1TvHWXxW8k1f1uuZq2vNGK2lr+o9fPfi/9q7xf4X/4KZ+C/g0+
ieGx4L8W+CNU8TR6sLueTVDc2VxaxNCYtixRRYulIYNIz88R7Ru9+06/TVNPt7qNZ1juY1lQTQvD
IAwyAyOAyNg8qwBB4IBr4Y/a81rVbb/grh8PL+w8AfEPxTp+k/CrxRpE9zY+F9UbR5b68ksprWzf
Uo4DbRNKtrKpcygRnaGKllBhy5Ki5lpaemu6pzcVpr8SVrat2VnewJc0G4v+XXyc4pvXT4W/Ra3W
59O2H7b3wX1Sw8WXdt8Xvhfc2vgL/kZpovFVg8fh35yn+mMJcW3zgr+928gjrVrRf2xPhH4k0Pwp
qenfFP4c6hpvju9fTfDV3beJbKWDxDdIxR7ezdZCtxKrAqUiLMCCCM18A/8ABPf4Y6xN+2J8JNR1
r4f+N9F8IXfwQ1DwXJpN78Pb/StF8Lyx31k40h5LuNrmQCJZV8+8mZLjyy0R+dgez/Y5+B3jzTb7
4i/AsW1xp+m/s5W+r6Z8P9auSpt7pdXgMukOjZZw9haSTWzEqPlkUjNaV4qnByWr5ZStpryTlFq6
urySi42uve3klzOYSU5W2XNFa305opptaO0W2pXs9Nk27fbnhX9pP4deO/E3iPRNE8f+CtZ1nwd/
yH7Cx1y1uLrQ+v8Ax9Ro5aDof9YF6GqVl+1z8KNS8M61rdv8T/h7caN4as4dR1e/j8R2b2ulW0yl
4Z55BJtiikUFldyFYAkEivzj+Bv7H3h/V/hfo2t/Eez/AGlvE3i74TfDvUPCOp+DPEPw4sjoMNvc
WgSW0gNhocP9twm4giaJYJ7pg22RgCXJq/Cn9l3xD4a/4JifsjeIfD3hD4j+AdY+HEtgPiInh7wN
FD42ijt7G+gDpYalp8zXot726aYJ9nlLCSSSAM5VjcqcVzJS25Ffo+aU1zb2slGLetlzWcrK7mM2
0m4tXUnbreMYvl73bbS0u7XUXey/TG9/aY+HOn/BxPiJP8QPBEPgCWEXCeJpNdtU0Z42OFcXZfyS
pPAO7BryX/gmh+2T4k/bU+H3xE1jxLZeD7Kfwj481PwrZnwzfS39hc21qsOyZbmQKZt5kZt6xxqV
K4UYJPyd4V/Ztb9kX4vfCf4naJpnx5+Kfwjfxh4g8S+Ik1vwkz65pWsapZW8UGrRaDZ6fa3EUMbr
dIyJZCWN7uWTZtbdXuX/AARs8J694E034/WWqfDfxd4B0jV/i1rniHQpNY06LT4dUsruVdjwQ7/O
UDyyT5kaKRIu0t821U4Lnk3t7N6fyyU6WnS7s5W0V462Tuk8Q2qcHHrNa948tXprZXUb6uzsr2s5
fYfiTxLp3g7QrrVNX1Cy0rTLGMy3N3eTrBBboOrO7EKoHqSBXD3n7YPwk07wPrXie4+KXw6g8N+H
J47XVtWk8SWSWOlzSIkkcc8xk2ROySRsquQSrqRkEZ8x/wCCwXg6z+IX/BM34z6HdeEdR8dXeq+G
Ly10rR7Dw5Pr91cak8ZWzaK2gilfelwYnEgXERUSFkClh8veO/gHqXhD4afsreO/Cmj/ABR+HvhP
QfDrab4wPgX4e29x4q06/bTrS0tbu40m/wBLuriVIlguLdilq08azqV/dFzWEW3z30typdry5nr6
cqVu8k/I2cVeml9pTb7+7y2tv8XM7d+Vo++vFH7UPwz8EeGLXXNa+IvgXSNFvrBtVtr+9160t7W4
s1ALXKSPIFaEAgmQHaARzUmo/tL/AA40fwfoviK8+IHgm10DxJC1xpOpza5ax2eqRrE0xeCUvslU
RIzkoSAqlugJr8wfBvwH+Gn/AAT2/wCCg37NWoab4d+JfiXTJ/Cfji+Op6l4NbUPFUsc11YTxl7C
wsYrmOGOW6uBHbrahoFuHyiKz4o2v7KUngb4r/sx6j4h+DniyRZvjb4n8XQ20PgO81g+C/DeoC++
x2t3Pa28sdojXU1tO1u7qI2k3MoETMu8afM4KLtzd+j53Dlto27Lm6WUZX6GMp8sJTevL26rk5ub
rZXtHrdyjr3/AFFvP2q/hfp+veFNKuPiR4Cg1Tx5ALrw1ZyeILRbjxFEVDCSzQybrhCpB3RBhgg1
ftP2gfAV/wDE+68EQeN/CM/jSx2G50CPWLdtUt96M6b7YP5q7kR2GVGQjEcA1+cvxj/YO/4Sb47/
ABj+GPjLUfj54U8A/EDVtM1LwZY/DXwbpd14els7Kxs47a1N+dHuZNJntri2faJLm2gAdWjOWkJ9
F0fwt8RvhH+15a+HfhqnjTxD4U8deIdY1fX9I8YeBp4rfwNcyRXcT6zp3iARJbuJbhQRas88zxXe
UESZAh2cVOKbum0ut7JqL7Ne8pPVJq75U7rRxtdX1W/a2vvb6p6cq3aenNK0X9n6B+0l8O/FXjnx
D4X0vx94L1LxN4RTzdc0m11u1mvtFTGd1zCrl4RjnMgUYqhoX7XXwo8Uapc2OmfE74fanfWejjxD
PbWniKznmh00jIvmRZCwtiOfNI2e9fmf8Ev2L7DUfgx4VPxeX9pfxT46+CPhTVNF1LwlqXw8s7nw
1ci6sZILpYLiz0NH1q2nlCSJEl1czFzG8qhlkYH7EGkap8PNd/4J2aUnwv8AizoFx4I8H61pHjCR
vhrrljbaNdXdnFAsd5M1osaCS7gZmZ228JKxCMjm5U170Yyu1a1uraqWa7r3I7N/Fa97Gc58q5rO
2rd+luW6fm03bba9mj7n/Z1/4KsfAz9on9nvVvifa/EvwFovhDRdYutJvb7UvElnbxWJju5YLeS4
Z3UQG5SNZo0kwzJIpGetWP2hf+CoXwU/ZvuvhcuvfETwVHbfFy/EGh3769axWMtp5Lyvf/aC3l/Z
xtVA+7a0ksag5avib9nfw/4y+F/7M3wF8Maz8IviDYaz4L+JniZrvxHL4N1PVZPCUlxdar5Nzb2M
GPtKzw3KxrdyJJaRC4DksVO2n+z98IfG/wANP2f/ANkJrv4ffE+4f4U/GnxNL4gtpPCk8eoW1vc/
23HbXTQRwohglN1bnz4VFsolzuRAStxhCU1Z6c0F6p2vr53XyatumFWTgpq2tqnlZrn5fu5fO732
s/048HfEqx1fVvGUsnjPwdrGn6BeLHJDp5WObw8ot43eG+k+0SKZSS0oYpBiORAUbHmNn+Cv2tfh
V8SvhzqvjHw58Tfh94g8I6EzLqWuab4is7vTdOKjLCa4jkMcZAOTuYYr80NN+BHibx/4U/a98NeA
Phn4z8Oafq3xl0LxrBpF54JvvD9p4r0W2bS21KKza4gigneaS1u8orEyk7jlZQzR/wDBTz4ID9q/
RPj78UfCfws+IeoeHvEvwfTwdBpF58N9Wi1XxJ4mF80thcJpctqLoNZRgqLx4VRPPGyTCsRgrOEJ
X3in6fu4z17pybpLrzrXsapJycX0lb19/l+TUf3j3tH71+pPgD48+Bvix4j1vR/C3jTwp4l1fw08
cer2Olavb3tzpTSLujW4jjdmiLLyA4GRyK6uvz7/AGXNV2/8FYfDV3o3gL4laB4Rl+BOn+HTf3Xw
91nRtIiv4rz7WlpJLPaxRRyR28jYDkbWZo+JMpX6CNkqQDyelaVYKMVJdeb/AMlnKN/+3lHmXk1q
93z05ylJxkrW5X/4FCM7f9uuTi/NPRbLij+0p8Ol+MK/Ds+P/BX/AAsBoPtI8M/25a/2wYv+en2T
f52zg/NtxxXzLZ/8FJL/APaI/bc8TfCr4MePvgFd3Hw6vLG31bSNb1R7rVfE6uC+ofYHtbj/AEdr
JBtbdb3AabdG/wBn27j8+t+zV4z8Wfsgab8BNQ8IeLofjvpPxYPjNPFn/COXi6PCh8StfPrMesiP
7Luawdk8kT/afm8sxAZx9DfsQ+P21P8A4KR/tQed4V+Jek2Xim/0abR9T1jwLrOl6XqaWOmpaXJi
vLi2SBtswIUb8yr88e9Pmqaau4y33fk7KDv6e9KLVvsvVO6jrVvGUoLba/8A29Jfe0lJNPr1Vm/s
HXtesvC+iXmp6neW2n6dp8L3F1dXEqxQ28SKWZ3ZsBVABJJ4AFfClz/wWv0f4sx/BnXvhNdfDvxF
4J8dfEybwH4lvLnXjNqOhRK12YLgW0QCxi4gs5JlaeRCiPERHIGJX70cEow6kivxy8KeEvEXhj9m
79lPwD4n+Enxbnv/AAB8fL/xB4gjHw81bUrOzsl1DWHFyzw20iGIfa7R1k+44k3Rs/lymOaWtaEX
/NT+5zSlfukt9rdXYdWyw9SXVRnr5qlNxt58yXe7sl5/qz4Y/aT+HXjb4T3Pj7RvH3grV/Atmsrz
+I7LXLW40mBYiRKWukcxKEIIYlvlIOcVsfDT4p+GPjP4Ms/Efg/xHoXizw9qILWuqaNqEV/ZXIBw
Sk0TMjAHjgmvynuvB3xD8dSfG698OeG/jd4Y8P6J+0Pb+PZ49P8AAU1pqmq6G2mRWzXel2+rafJb
30kd9GbhoRFJIwh3qhd4i33B/wAE2v2ftB+DXh3x5r3h/Xfi54hh+JWv/wDCSX954/0WHQbya9aF
Ipmj05LCwa2UiJC2+2Qu+WGQdxuEVKHtHpeMXbqnKMJWf/gUley1g1q21FV7wmoLXWS+SlNffaMZ
W10mnokub6RvLyLT7SW4uJY4IIEMkkkjBUjUDJYk8AAc5NcB4Y/a7+E/jf4c6p4x0X4n/DzV/COh
zNb6jrll4js7jTbCRRlkmuEkMcbAEEhmBFec/wDBVr4UeMPjT+wp4y0HwPps2va48lheSaLFMkT6
/Z299BPd6eC5CE3FvHLFtc7W8zaeGNfJf/BU34e/DP8Aag/4J7/F/wAV+D/gF8S9U8f+O7HSNMWC
6+FutLqhvbKRvswWxltvMjeCCa5X7ZFEItrbPPbKLWcWne76pfe173pq0vNeavrGCbir7/1by019
E9N3H7z8T/tn/B7wT4Il8Ta18WPhrpPhuDUZNIk1W98T2NvYx3sbbZLUzPKEEyNw0ZO5TwQK2/HP
7QfgL4X6Vod/4m8ceEPDtl4nuI7TRrjU9ZtrSLVppBujit2kcCZ2HKqhJI6A18e6l4J0z9n39ubS
vi3P8OPEFz8IvGPwxXRLWDw78Pb+/v8AS9WmukluTe6ZbWrXkTXVsttG0kkHy/ZBHKY8KD5P4M/Z
Q8dfsmfsn+AdY03UfiH4K+JfglfE83hnT9P8DXPjbSo9H1TVRPbeH7+ztUkljIiW0G6F4hB5b5k2
IQaaUYpyve7TVtU05K1t7vlUl15ZaRbUVPGD5vLa3ZqUVJO/aLfJLpzLdK7j+id9+0t8OdM8ZaV4
cufiB4Jt/EOvWkd/pumS65ape6jbSOqRzwwl98kbO6KrqCpLqAckVf8AjV4n1vwT8IPE+s+G7HS9
U1/SdLuLuwtNTu5LSzuJo42ZUlljjkdEJHJWNj7V8C6lF8WPh38Q/Bvi3wt4N8R6d41+IVx4YtvH
fwqvfA8uqeEBJbW1l593Za1FGIdNayhbCGecxPJZMqRNJhj9U/FaD4seCfDnxC1vxP4r8I+JfAqa
RqBsPD/hn4baq/iMb0YQRiaLUrr7U4BCsIrFS55AjHFZY+MqeHnKL1XOr76pXVrXve+jV02nezul
thbSqQ5lo+R220e/pZp3vbyvuY/7Nn/BRPwj4l/YS+Efxe+L3i/4ffDGb4maHZ6hjVdag0qxNzPE
JDBA91KC5Azgbi2BmvUtU/au+Fuh/FfSfAV78SvANn451+GO50zw7P4htI9W1GKQMUkhtTIJZFYI
5DKpBCtjoa/Lz4N+EPFup/sg/s+eEpPhV8TvDWv2XwP1bwbea/N8PtVudTsb1o4I5tF+zXMQtbIT
GFJBeXcDxSCMJG3zHPqfizwhrvwV/wCCX37Lvx40vwf4ij+If7NmgaQ+r6HeaVNp2sXmlNZR2Osa
a0M6xyBghMyK+FMltGRkEGvQxEKftqjhpFTSVtfdlKpFNdbLki230ldJrllPjoym6cIv4nBvXT3l
GDt0Wrk49lKLTafMo/b2pftv/BfRvCWqeILz4vfC+10LRNWbQNR1KbxVYR2lhqKkBrKaUy7I7gEj
MTEOMjitvx3+0p8OvhbHbv4n8f8Agrw6l1ZnUIW1TXLWzE1sGRPPXzHG6PdJGu8fLmRRnLDPwl8f
P2bfGHw4+J/ww8Q6/qvxc0TwtqfgvVdO8Tah8N/CNl4rvLPXNTvIry9+0WM+l6jMba4yyebBDlfI
VXIQiuQ+En7C/gD4Mf8ABRT9nzwdB8LvH/irwd4d+FOveFb7xF4s8BT6jHcrPc27afbajqEVitnx
aJdoschUQo4iYI7hW56UOZxjLRtyT66xjNv/AMCcIuPdTWmictak0ryjqrJ+qbhr8lJ83Zxeqvp+
qEcizRq6sHVxkEHII9a5DV/iJZ6X8XINHm8Y+D7NItFudRudBuNo1d1SSEfbVc3A2WsYYq4MDZaW
M+amNr9dBAlrAkUaLHHGoVEUBVUAYAAHQAV+bf7Y2geHLD/gq74v1bUvhF458Q+Htf8AgdqfhjX9
T034Vavrena5qElzBPb2ks9vZSx3TfZ4ioyzqpAjyHwlc86nLLRX0m//AAGnOSXzaUfVq2tjanDm
i794/jOMW/km36LXS59vWv7ZHwhvp7iKH4q/DeaWz0ceIp0TxNZM0OmHpfMBJ8tt/wBNj8n+1Wna
/tK/Dm+8C6P4ph8f+CpvDPiIE6Vq6a5atYamACSYJw+yXAVj8hPCn0r8t/2TdAl8GaJ/wTi0y6+E
fxT0u7+HOm6lbeLjN8Kdbij0G4m01rdTcyGy2xl75UfeTjhZSwTD1wegW2keFR8BvEPin4XeOLPV
NE/al8S6haLrHw61Kz1aTSL9NWvoWs4bm1SeeJ1SGYwwKzB4kBTzFVa7KlCKrOmpK3Nbm6fxFC/z
Uk99k3qnpzqo/Y+05deW/L1+CcrfJwtt9paK2v6I/tyf8FD2+EX7FcHxh+DF78Ofifor69pulTaj
Hrv2vT1gur6OyeWB7QOtxLHLKgMZkjGN5L5UK3vPjH9oTwD8OvH+heE/EPjjwhoXirxRuGjaNqOs
21rqGrbfvfZ4HcSTY77FOK/L/wDbF+HHie//AGYv2lPFug/Dj4ojRvjT8TvCmreFfDVj4K1O51W4
jsH017/U5tPht2nshN9lmbFzHE7GFNwDyKp6r42fsqX37Q/x8+Mnhz4i6/8AtL6R4R+Mmq6X4k8K
J4O8F2dxp19bQWFl9ngub250a4utHvYLm3c7bm4tUXeCpDGWsqUeZpS0u03fdXjTfL6rmm1pd8sk
0ntpJxWt+jS7aSkubfbZOztqrO2r/QjxB+1T8MPCfiGPSNV+JHgLTdWm1VdCSyu/EFpDcPqDIJFs
xG0gY3BRlYRY3lWBxg1o/D/49eBvixfa/a+FvGnhPxNc+FLk2WtxaVq9veyaPOM5huVjdjDIMHKv
g8HivyC+Lnw0j0j9mb9vjQfDXwS+KMWr/EDxzp934Whs/hHrQbXFSCx3XEJSwCuou7e8laThdzeZ
/wAtlL+qftIeDPFnx5/ai+P+lfDnwZ8S9LXxx8CNC0PRb2fwNqei6dfXVtc3V1Pp63N5ZraxTmzu
EiCTfKHkMTDcjospJwU73vFPTo3TU/wd4+vmrMfW6trbX/r4oX+alzLyi973X6J+Hf2ufhR4v8E6
74l0n4n/AA91Tw54Xna11nVbTxHZz2Okyr96O4mWQpC691cgisT4l/t6fB74W/Cjx94zv/iP4Mut
G+GKsPEjWOs291JpM4XK20qRuWSdzhUiYB2ZgACTX5iftxfsi+Hvir+yB8X/AB7Z6N+1F8WviJ4t
8N6b4Ti0jxf8KEtpLG6tLtJrbybGw0O0MkkMb3Si+jEkKozRibLop9J+N/hzWPjF+0F+1FpPgb4c
/Ey30zxv+zba+G9BefwDq+i6bqGpwxai62aS3NtFCJlivIECMQQS0Y+ZHVc8QmqE5QfvJS87NRck
/SVtN17y1dtdsMozqwVTSLlFa6aOUIv7uZ6u3wO6XT7f8Cf8FGvgt4o+Avgb4g6n8U/hl4e0Xx7D
ENOlvfFtglvNeMgMtlHM0irLNE+5GRfmDKQVB4qGf/go18J4f214/gOfGfhdPHB0M6zJay6xBFKH
LKYrWONjmWZofNnKL8yRxhiNrgj4U/aH0fxd8W/gxpfh3TvhL8TNCv8AV/2dbjw3ba6fAt/f6hqt
19nxJobxSq1vpY3xK5e8gWacsqRMpUb/AEP9nPw/qXhn9r/w14l8VfDb4g3fgjxF+zXo3hy7Fx4M
vriNLm0uZnvbG7t2h3pKIpBi3kTzJslY0kOVrorqKrz5V7sXP0a5a3Lr0s6cW2/5rWsk58VJzeHj
KXxOMXpum5UL6dXapLRfyPVO6h9r6T+0P4U8IfBWfxr4v+Jvw4k8N2t3dRzeJoLyHTNEhVLmSNYm
lluZUEkW3ypCZfmljc7Y8+WuxB+0H4CufAmi+KY/HHhCTwz4klhg0jV11m2NhqkkzBIUgnD+XK0j
EKoQksSAMmvy4/YE8D+KvhV8Hf2YfFeq/Df4l6Z4E+DPiDxtb+IvDUnw/wBVh1XSJtRuJ30vULfT
DbC4uYEgmaPdaRSGP7SRgbZNmV+0B+yx/YGg6b4jufhL4y1jw94v/aU034geF9Gtfh3qer3nhjw+
os/7TuZraG1kfTluZY5Zmt5FjkkDjdGXDqtKmpV1SvZNxV+ylUhDXzcZOotfhi99WtpNxhKSV2uf
bW/LGctPnFR9ZLbTm/Wf4WfGXwh8cvDkms+CfFfhvxjpENzJZyX2h6nBqFsk8ZxJEZIWZQ6nhlzk
HqK6Svhb9hX4or8PP2tv2t9V1Xwd8WNH8P8AiXx9pV1os03w516ODVFbTbPT5J7cCz/eILmFg8qg
qqKJWYRYkr7prJr3ITX2oxfo3FNr5N2/MOb3pR7Nr5JtJ/NK58yft1ftmfFT9lDwx4/8V+G/hF4Y
8XeBvht4WPiTVNU1nxtcaFcXzIs8ktrZwR6ZdrK6RwoS0ksQzMo7E15J+0B/wUn/AGiPgr4B8EeJ
NT+C3wt0TQPFus+G7ZtXg8d6hrscVrqmoQWjxiI6VZAXSLcIwDShMFmBk2FD67/wWL1G6P8AwTS+
MeiaboHi/wAT654v8L6hoGk6b4c8O32t3lzd3FrKkSmK0ikaNCesrhY14ywJAPgn/BRPW2+LP/BL
P4N6fZeAfih4gku/FHg+S+0RPhzrdzqFtbadqNrLfm7sfshnhjSOCU/vY1EoA2b965eF5XVjz6pV
KSd9rSk+a/orP033HiLqC5NG41H84qPLa993zervbY+5vAf7QHgP4qeGtW1rwx428I+JNH0C4ms9
TvtL1i3vLbTp4RmWKaSN2WN0H3lYgr3Aqb4RfG/wX+0B4RXxB4D8X+F/G+gvI0K6loGqwalZs6nD
IJYWZCwPBGcivzE+Mngfx98a/jN+2DZ+BPCXxZ0Ww1jxH4H8RWUy+CrrSf8AhIrTSjbJqqafJqVk
bO4udsICRyq6T7F+V4yTX1n/AME4PgNofhPx78RviZpPiT46+JdQ+J66fJrNx8R/DNv4XkNzaJJC
vladHpmnMsgjKrJM0JWQLFtdtpIKUVKHO9NE/naLv6NuUVtZxtq3oqkuV8vW/wCu3qlZvyey6fWF
Znirxda+DbK2uLyLVJku7uCyQWOm3N+6yTSCNGdIEdkjDMC8rARxrlnZVBYadfL/APwU2+OXxD+A
UHwU1DwR4j03RdP8R/FDQPDHiG3n0hLy41GyvbtI3jild9sHyhwzeW7EP8rRkBqmC5qlOn/PKMfn
KSivxe9nbez2HJ2hOf8ALGUv/AYt/p/wVufUFeH+M/2S7fxB+0Nqni/wx8WviP4A8Qavb2j+INJ0
O80y6s9XhizHA8tvqFndG3BVJE32pgZvnyxYAj4u/aR/bG/aC8AWv7auvRfFWzs7b9m7UdJ1Lw1p
uleFLKGC/tprNLx7G9e5FzI8bxyiNpImil3p5iNGpMVVPFfxs8Z/s2ftk/tofFm18a+L9ffwf4J8
J3Wm+Gr1dMfS2e9ivPIictBFKsNtLKzqFuYd3mSGZ3yGVQV4qr5X+9JpNdb3tbVXWulmVNcqafe3
3SSb7q10++qt1S/TbwL4I074c+FbTRtKilisrMMV82V5pZXZi7ySSOS0kjuzOzsSzMxJJJNZXxk+
N3hr4B+EV1vxRfz2lpLOtrbQ2tjcahe387BisFta26ST3EzBWIjhjdyFJCnBr86vjv8AtL/tjfAj
9nT9oLxQ6eJ/DPh7wz4J/wCEq8L+JPiHpvhO+1WC/hZvtenxWuh3rQNbtEY2hmnR2jO4Seflc6P7
V/wN+LHiD4tfsoaj4n/aH8a3Fx4r+I6zWCaL4b0Gwj8PeZ4av5GMQmsrgzOJEnVTNuURXBVkaRFm
rSNOU5LW13FX9Xbbe+j3ttfVNXjmik32jN/+AxUt+q1V7X6rdNH6A/Av47eFf2lPhfpvjPwVqo1r
w7q3mC3uTbTW0geORopI5IZlSWKRJEdHjkRXRlZWAIIrrq/Orx1+2L8WPCH7ZPg5NN+I1/4o8Jar
8XY/h1qGl6f4fsm8M2li1pKxWW9lt4ruTWFmjJk+yzS2sZBjZFZWFeifst/E/wCN37YV5b/FXw78
QtN0bw9pvxC1fw1q3w/vtLtX05dG0+/ubF5FuEhN6NUYwrMC062+HCGEf6wzDlqR9pDSL79LqD10
7Ti7pW3FUbptxmtV+OtRWXnenJfd3PtGquu67Z+F9EvNT1K7t7HT9Oge5urmeQRxW8SKWd3Y8Kqq
CSTwAK/PT9nr9r79pr9ob4u+AvHnhzwf42u/hlr3iy/0fxJZ6lJ4St/DOm6PHdXNtFd2ckd62sm+
ieOHzEnQpITKFhjOzP6KSf6tvpWdS6o+0W+uj3TSvqvmvxV7p2pSj7Tk3S6rZ6taPvp6rR21Rx3w
B/aE8G/tS/CzT/G/w/1+08UeFNVknis9TtVcQXRgneCQoXUFlEkbgMBtYDKkqQT2VflZ+xX8T/F3
hv8A4J5/BPwv4Q8d6j4NvPFXijxm1xD4c0i31XxXqaW+rag6LYQ3dtcWUcSyFPPmugkaIyqJFd1N
dL4I/a2+Nutfs0fsm/tA+IvifrOk+DPEGp2eg/FDQrLQtIW1n+0XE9pb35ka1mmgBuvs0c6wzKmx
y0Zi2ljtKMXVcI6LmjFX/vXS281Z9m1pbUmTcVK+tlN6dVFv8Wk2ujs0nfQ/R7xdotz4k8Lajp9n
q+o6Bd3tu8EOp2CQPdWDspAmiW4jlhLqTkCSN0yBlWGQcD4N/B21+Dmg3cC6pq3iHV9XuRfavreq
+R9u1i5EUcPnzCCKKFW8uKNQsUUcahAFQV8R/Eb9qb4waX4h8IeG/D2u/FTxfL8cNU8R+INDm8N2
XhFNW8PaHYSQpawWJ1MWtlIsyzxzl7kXMwiJUAnMq8j4e+Ov7ZPjD47fA74X+NPGWlfB/WPiFoni
2HUfK8NaTqurwy6aFNjqMjx3NzZCSWK5tZHtowERo5RuZZF8uKd3to2vyTbXycbO2jklulda1IuN
lLZN/nZPvZq7V+nZtJ/pzXBftA/tQ+AP2VvD2k6r8QvFOm+F7PXtUg0TTWuizSahezttit4Y0DPI
7YJwoOACTgAkdnoVrd2OiWcF/drf30MCJcXKwiEXEgUBpAgJCBjk7QTjOMmvyj/bf+Lfjn9r/wDY
q1r4oXHji80vwtp3xr0vwrb+BYdNsjZRW2n+LbayW4nnaH7Z9teSETHbOsKxyBPJLDzDVOHPWhST
0copvyc4x9b+9pp6mbdqMqrVrJ6db8spJf8Akrvr8z9ZqjvbtbCzmnkErJAhkYRxtK5AGTtVQWY+
gAJPQA1+d3xW/a+/aa+J3xu8c3Xwb8IeNtXsPhj4+Tw02mI/hKDwrqthCLY3zX815epq0d1slmki
e3SOIAQgpKCzVS+Ffxg/ag+IfgH9pXxTN8cvDVrefBHxV4i0Wy09Ph7bPpmoQW2l2txCWT7R9oR4
5GcqftDgmR94cbFTnlUSoOvslB1PPlXJZ28/aRt312saxheqqS1bkoeXN711fy5Hf5Wvc/RPwt4j
t/GHhrT9WtI7+K11O3juoUvrGexuUR1DASwToksLgHmORFdTkMoIIq/X56+Af2mfil4fvv2PPil4
1+LWux/DP4t+Ebaz8W6WNH0eKw/4SCbSVurW4eYWf2iKKdluQUjlVRKsAXarMjJ8Q/2hPjh4Nu/h
n8MNM134yeMvFPxL0TW/G8msaJp3gy38SaRZw3NmlnYpFqQs9OKJHdp57GKWcsDt2g7o+vEUZU6s
qSV3FyjZa2ceZtbL7MXNbe72bsYUqinCM27KSUtdNHpf/wACtHS/vPqrs+nPiT+w9Z/Ev9s7wP8A
G2b4gfEDTNZ8Aadc6Vp+hWX9l/2NNb3RQ3SyrLZPcsZfKhyVnUr5S7NmW3e31+cWuftdftHfCj4Z
eBfE3x8svHPwm0Oy8PXieKdb8F6Lo3iW20rVY7meGO51mCP7ZJFZG2+zXH+gtiNzKssqoor9E9D1
ODWdFs7y2uor22u4EmiuIyCk6MoKuuOMMCCMetQ4OMLJ3SbWmvVv5Ju8kuqd7alSf7zXdpfgl8na
9m1fVWb0RxX7Qf7U/wAO/wBlP4ca34t+InjDRPCmgeHYoptQubyf5rdZWZIR5a5kZpGRlRVUs5Uh
QSCK7fSNVg13SbW+tZPNtb2JJ4X2ld6MoZTg4IyCODzX5BftY+GPEr+Hf+CpN5qPxI8a65p2i+Hb
ayt9Hv005rEJNoaXMYylqs6CAySJGscqoVdjIssh8yvavFv7cHxH/Yj8bfEmw1bxJN8RNH8P/AG3
+JukabdaZZ2UWlX8Er2sltC8KpI1rIRG+LiSWRMN+9IPEU/egn1klJL1hKbXraLa6dNy5xaaS2u0
3/2/ThFryvNJ9eux+jdFfHH7DPxH/aP1f9pC+tPiD4c8eP8ACnXfDg1Oz1jxlJ4SgvdP1cSrutLS
PQ7uYy2LwuXRrhWlQxkNLJuBr07/AIKP/tNa1+yl+zSPEHhyO2Ova14i0XwxY3F1CZrfT31HUbez
Ny6AjcIlmZwpIBZVB4NXKm04RWrk0kut3LlSfZt9+jT2dzOM1K7WyV79LW5r/Jfimj3mivzj/am/
aa+P37HHiL42+AtO+JS+NpNC+D938UfDfivxN4asZb/R57O4MVxYTxWCWdtKkyjMMhjVoyH3CcLt
rK8W/wDBQ34t/smX8OteJfFknxKtde/Z3u/ih/ZlzpNjp1tpur2P2JSLcwRpL9nm+17nSeaQqUJR
0U7RNOLqK8NdG152VVteq9jNa2u0rXTTNJRakoPdu340v0rQfpfqrH6Y1Bf6ra6UITdXMFt9plWC
LzZAnmyN91Fz1Y9gOTXxN+y1+0F+0F4J+Luvap8U/CvxVvPg3deGBrMOp65pfh3UNastVEyBrPT7
HwxPd3F1ZvDJvTfFJMnlndLICCOR/b78fXn7Tn7QH7IV94K8d/GH4d6VqnxKvdLntp/Cj+H7gyx6
LfTrc/Y9b03zXZQpjVnjaHbLIQpkCulqk3OEL7tX/upy5dVuttO909mZe0jySn0SbXZ2jzafr217
H35pniq21fxDqmmRRaktzpHlee82nXEFvJ5i7l8mZ0EU+APm8pn2Hhtp4rSr8w/2o/25P2hPhh8M
v24ZtJ+IfhqDV/gdrGijwxdnwjE8dnYXlpFO0PltMd9wPtCKZpWkQmIkQqH2r33xC+Kvxpsf2qfi
38L4fjVrllaaZ8KLT4k6Zqlp4a0YXuk3vn3UElpB5ttJE1m7W6sVnjmnAZgJ14Nc8qijT9rLa1/k
oe0f3Rv8012vvGnJu3nb/wAnjBffKUfk9bWdvv6ivzLs/wDgoZ8dv2ofAHwu0XwHo/jxPGWvfB7R
/iNqN54HtfC7edqF95kaRTJr13EgsRJC5kW2Vpv3igSxYG/72/Za8UeOPGn7OngzVPiXoVn4Z+IV
3pULeI9KtLqK6gsb8LtnjSSJ3RlDhsbXYDpk4rqq0JU5TjPRxk4+rTlFtd0nF6+a7mCqXcVbdJ+l
4xkk+zakn9/Y76ivhDxb8TPjp8TP22f2lPh7p3xkh8E6N8OfCWh+JfCz6V4V09jayXQv2MV494Lj
z4ibZRIU8liu3yzCQxfxn9oL/gpj8Y/F/wCyBpnxP8LeL7nwp4g074MWPxJn8KeGNBtNUl+2yeY8
smry39u0NvpTxx/ulhuIbuXbOY9/l4rKMXJc3+G/lzKbV/Tkle17W7am/s37T2a1f/7H/wAsjv59
T9VaK+Do/i58fPjF/wAFJdT+HOnfFvRfBvg6H4b6H4/s4LLwdbXE0Ty6gIri1mluJZDKkqW9wpdP
KZFnTaA0e9+I+EH7Yvxs8UftS+B9ItficPEmi/FbRfF8sN7J4TtW8H6Zd6dtaxk0h/LtNRvIkVh5
zTySRTHJhmVSCJqPkjzS7Tf/AIA5J/e4yS81ra6Moy5pcq/uf+TxjJfdGSb62va9mfpRRX5efs3/
ALYvx8+IXwn/AGN/F+ufFlp7n9ofUdS8OeILG38MabDZ2QFrf3UN7ajyzKl1GLQR5eR4GDBjASDu
09B/4KG/F7TPhmfAhvPFnjrxjd/G/wAQfCy08Q6NZ6BbeIptPsLOe8S4SO9a10n7aVjCZdFiIBYQ
u2EbSVKSm6drtX09JRi/uc4v0fdNIckoqUtE/wBYzl+VOXzXmj9Kb/VbXShCbq5gtvtMqwRebIE8
2RvuouerHsByanr8m/iPL+0f8Svit+y/o/xY8T/Ef4YatH8YtT0jTJoX8Lyajrelrol5c2epXtva
x3til6AskDIp8nBd1hRmRk9D8F/thftRftA/E6w8XfDjwp40ufB8HxA1Hwlq1rqQ8JL4RtdHtNQu
LCTUFc3ya0b+JollaMqsUgDRpEMrKzVJtLzfyWkGrvZfFre3LZ81rMc2ot+S+93mtO+kLrvfTpf9
IaK/NT9nT4ufta/Gf9jbxV8SbP4kHxn4j0fxLrvhWTw3oHhHSrC4nt7PxALZ77T3unZFvY7OG7EU
Ny8sLs8IfeyM0v13+wT+0Fpn7Qvwp1W9sPGHizxVd6HqzaTqUHivQItD8QaDcxW8HmWl9bRwwIJs
kzbliRGW4XYCgU0lC6bT2Sdutna3y1Wu2tr82gpvldv7zj81e/5Oy3dm7W1PcK4H4ofAZfi34u0y
71XxV4nXw3YeTJP4VgFkmlanPDOk8M87m3N4WR40+RLlImC4eNwTnwL/AIKOfFr4t+Af2j/2cfDH
w/8AHmmeDvD/AMUPFV34b1sHw7DqF+QumXd0s0U0zmNNvkcJ5Jy+0ligaN/CfHP7UX7WOt+L/HHh
74Zaf44+Inij4Gaxpvhu5uLKz8H6X4Z8aTCwsbq9m1Rb69TULR5FuJDF9hCRR4QkzfMqKjFzkmtG
n16JNJye6snKO+t2mldO1T093ul+Ldl01fLLysnd2ev6Y0V+Z3x8/br+MHiL9kn4z/Hvwl8QJfCE
Pw28cT+CtL8Hx6Np15ZSRQajb6dPcX0k0T3DXReWWWIwzRRKvlbopfmLX/2hv2nfjP4J0X9viDTP
it4isJvgtoumeJ/BN2NF0Z5dJ83TJb6W0w9kUnt2kTy8zK8oQYEofL1m3aHtHtbm+Vov8pp/J9bJ
uMeaoqUd+bl+abi/ukrfirrU/Q+fxda2/jG20JotUN7dWkl6ki6bctZrHG6IytdBPISQmRSsTOJH
AdlUqjldOvgrWP2nvjfdftaW3hHTvHnh200jXPgBP450yO58KpcfYdXjms4jcXBWdGuAd8pWONoE
USYIfaCPM/hh+2X+0HF+x/8As7+LdV8a+IvH/iH9pq202yisPDPh3w9p+peGpV0y+vrq4sJNQlhs
pZpligAS73IjRysiPuWEbujJRb3s7P156kPzpy+Vn1ssYVYyV72uub5ckJv8Jr8Vra7/AFBLbQST
gDqa+UvFvgD4Z/8ABWHXfBPjzwN8afFw0/4H+MJp7SXwedObTp9Zhh8t/Ne8sZzOEhuHj/cuIyJn
6uoKeN/Cj9p39pLXfH/w++BnxJk1r4WeKPG+t+IZrPxfdw+H7vxFf+H9OtreW3b7PaNd6XDqMr3I
V8xvGEtZWWEb1293/wAETNL1PQ/BX7Q1nrGqHW9Ttfjj4niuNQNulu14weAeYyIAis3UhQFznAAw
BNKP7299oc8bd1OnH8OZ3Ts1JLsViG400v5p8j9HCq39/IrNXTi33Prv4jfEjQ/hH4Kv/EXiXU7f
SdG01Va4upidq7mCKoABLOzsqqqgszMFAJIFc5+z1+054M/al8Malq3gvUb+8h0XUZNJ1K21DSL3
SL/TLuNVZ4Li0vIoriGQK6NtkjUlXVhkEE/N3/Bc/wAF6r4t/ZH8OPpvjPxL4TFv8QvCcUqaVDYS
LeGXXrCNHk+1W0xBhYiVAhVS6gSCRMocTXPif8YPiv8AEP48eDPCHxg1/wAK3f7OGmaXFZ6he6Do
91J4z1CbTmvpJtUDWgT7M4Mce2xWzYESsHGVC5KcVSnWqaKLa9FFQbl1uvfSskns1fVLb2blKEIb
yt+LaS9dL32tddj7qqtrOtWfhzR7vUdRu7awsLCF7i5ubiVYobeJFLPI7sQFVVBJJIAAJr82/wBl
L9rz9ob9uv8Aac8N6fD8RtH+GvhnxN8IfDfxQg0qw8IQXk9nLc3yx3FlLNcyO00cqQXC+YoiZVuE
2gNHvf8AS2tq1GdNWlo7yVt7OMnF+XxJ7Pp6GMKkZSt2UX8pRjNf+SyX3nh3hr/gp5+zX4z1+z0n
R/2hvgdq2q6hKsFrZ2fjzSp7i5kY4CIiTlmYnoACTXV/Gz9sP4Sfs1T6ZF8R/in8OfAEutxvNpye
JPEtlpTX6IVDPEJ5E8xVLLkrkDcPUV86/wDBNP4a+FfiN+yn8bPDfizRdE1fwnqHxZ8cQahp+o20
ctlLAdXuN4dHG3bjJ56da8q/4JJ6JDqn/BLb4k6yN2q6Pocni7wp4E1q4mkuJ7nwpbXV19hRZHJz
EDvVSPvJHHyQq45q9Tkoyq2+GCqeqcU+Xyd2rb3Sk7Lls+j2X7/2N/8Al46fzUpLm9LRbt0biru9
19Zad/wVA/Zp1jTtQvLT9oj4GXVppMSz308PjzSnjs42kSJXlYT4RTI6IC2AWdR1IFei/Bf9oLwF
+0h4Wm134d+N/CPj3RLe4azl1Dw5rFvqtrHOqqzRNLA7qHCupKk5AYHHIr4//Zc8BaPq/wDwQd+H
ev3On282s6Z8A2sra7IPmRwTaOhlj9CrGKMkHIygNeyf8E6PFul/D7/gll8CNU1a6Sw061+HmgB5
CpbBeyt0VQqglmZ2VQqgklgACTXfiMOqVXEUW7uk4xvtfmdRX8tKe3eW+mvHCq5QpT/nUn6cqh/8
n+Hnp6h/w1F8M/8AhZ1/4J/4WL4F/wCEz0uD7Ve6D/b1p/alpDkDzJLbzPNRMsBuZQMketd1X5Re
JdP8TfsF/CO9j8ceF9A+O37I2t+MD4wtvHGkiO18WeBbi51Y3a3V7azqVvFhunQefEVmVQ25MALX
6txSieJJFO5XAZT6g1zJXpqa66P1sna3Rq9uqdrptOy2m7VJQ6dPNXtf56O26vZrq3UV+dfgv9qH
486N4p/aq8Z+JfidpuseGv2avEeoND4Y0zwfbWsPiGwTw/HfR2jSvK88TpNNEwlWUljHKCNsiLFy
XiH9vP8Aam/Z2+GPif4oa74Q8W6n8O7vwOdXjv8Axq3hOC20bW5ZYFt/sMei3stxNppjmkkZbotM
qwgmf5iQopytbrGMvlOLlFX2u0rWvvZXKmuXf+Zx+cZKMtN7K6b021V9T9QaK+JP2lPir8cf+CfX
7PXxI8ean8R9P+K+h3Vpo8HhifV9Ftbe+0XVr2+js5WdbGK3hl05BPFKiuWnG11aVwQ1c18ePjj8
ef2Vvjj4s+G9j8UE8bx+IPhbrHj/AEHxD4m8M2Mt14YvdLmt1mtmhsEs4p7WZJwI/MHmRuCWeYfL
UVZqEXJ9FJ/+ARc5L1UU32fRu6ClF1GlHq4/+TOMU/S8ku6s9ND9AK4D4D/tTfD79p5vFX/CAeKd
O8VR+Cdak8PazNY73htL+OOOSSASFQkhVZEyYyygkqTuVgPif4OftFfHHW/hv+zRpmv/ABiafWf2
pdMsr1tYi8L6dbT+D1t9Ca9vFssxPBNPcy+WU+0xSJEfOIV12Rr3X/BHTQdW8L/Er9rjT9c12bxN
qln8ZLiObVJraK2mvgNH0vZJIkSrEJCm3d5aohYEqqghR2PDShWq0am8IyenVxnTg/kudp7O6VtN
8Y1ozpQqx+04/dKM2vn7v9M+3a8p/am/Yp+Hn7Z1h4dtfiFYeIdRg8J6kmsaUumeKdV0P7LeoQY7
j/QbmAvLGVBjZ9xjJJXaWOfVq5H4y/HTwx8AvDMOq+J766t4ruf7LZ21lp9zqWoajPsZ/JtrS2jk
uLiXYjt5cMbttRjjAJHI5KLUtrNNPs09GvNPbzNo82qj1T+62vyte/keLeLP+CQ3wI8dW3xHg1fQ
vG19B8XJ4rjxhFJ8RfEnl660XEYlUX+AqqAgRdqhFVMbFCjsdG/4J9fCLRfE2o6wfCb6lqGs+HLf
wpqUmq6tfamuq6fBDJBElylzNItxKsU0sfnyhpikjqZCGIrAh/4Ktfs+XUvgu3t/iZpV5qXxCW6P
h/Sra0up9Vv2thL58X2JIjcRyo0MsZikjV/NTygpkIQ9FY/t+fCfVPgVpXxHtfFE954Z1y+l0vTl
g0a/l1W+vonkSSyi01YTevdI0Mwa3EBlXynyg2nFOLjBxastn26xt+cbeqFd83nv+Ur/APkqfyT6
GFrH/BMH4OeIvgXrXw11HSfGGo+DPECCC7sLvx7r87i2ypNnFO96ZoLQ7VzbQukDbRlDVr4nf8E3
fhV8YYfACa/b+P7lvhfGi+GZbf4i+IrKbTXSNo1nMkF8jy3Hlu6GeUvKUdlLlSQcu/8A+Cs/7O+m
aH4NvpvihpAbx/JdQaDYLaXT6nfTW28XEJshEbmOWN42jaOSNXEmI9u8hSnwG/4Ku/A79pq08Wz+
CfEHivWI/A+hx+I9Z8zwJr9m1tYSRmSKVFnskMxljVnjjiDySKpKKwBNPmkryv8AC7t9nFPV9mlf
XorittG2+i8+ZpW87uyt1dkXdQ/4JgfBPUfFNzrL+FtWivrnxTF41At/FOr28FrrKMW+3W8Md0sV
vLIWJl8lUE2f3oeul0D9h34ZeFPjFq/jrStC1DS9b8QXQv8AVLaz13ULfR9TuwVP2ufTEnFjLc5R
D57wGXKKd2QMea6F/wAFoP2bPFHhnV9Y0z4h3Wpaf4c+znXZLXwxrEzeHFn8zZJqCLalrGMeU+97
kRrFxvKblzLqX/BUHwdpv7dtz8HZrbX4LDTPBf8Awlt74ibw9qEmlLG75ik+2pEbeO1EMc7NcyMs
JfbGshcMlCvFxhtvbpa0Lv092C+SiuwSfMnN67X67ysvX3p/Jyb7npHg/wDYm+G/w/8Ai1qfjXRd
G1PTdW1m7fUL2zg1/UV0W4u2cO12dL8/7B9pLjcZxB5u7J3ZJNek+JNBg8VeHr/S7p7yO21G3ktp
XtLuazuFR1KkxzQsssT4PDxsrqcFSCAa8Q+Hf7d/woX9nXQfHlr8S9T8f+G/Fep39roOo2+jy32p
69LHcXG+2srKwtFmuhCIpFUw27s0UAkZpOZWil/4Kpfs+W3hrwbqs/xS8P20Xj/VJNE0K1nSeHUL
y/idY5bVrRoxcQzRuyJJHLGjRs6qwUsAVOnp7FrRe7btfRK3ntYFPX2t+7v6Xbd/Kzd+lmZ3gD/g
kh8BvhdoHhfTNC8L+JLK28F6ld6rorHxvr0s9hLd7ftcSzPeNIbacqGltmYwSsSzxszEnH+NH7GO
haF+yXqP7NHw/wDhlrsvw/8AHem32nzajPrUV3o/hZLiXdKX+2XjXu4eZJJDHbQyRq6KpMS8j2/9
n39pXwb+1F4Rvtb8F6leX9ppWpT6Pfw3ul3elXunXkBAlt57W7iinhkXKnbJGpIZSMggn5S+Nv7Z
fij4zft/+JPgd4M8e+O/hFJ4J8P2Osx63H8MrrVdN1G9luLvzo9Qmu7MwR6asNqNs8VxbCWR3WO6
LRslN3lNU57S1d9rWvd9WrWenkWnJJ1Yuzg1r1T5raed279vefc+mPin+xr8OvjP8M/DHhPxBoU7
6Z4LaCTQJtN1O70jUNEkhi8qOS1vLOWK4t2EZKExSKSrMpyCRWG//BPL4VyfGrwX8RH03xXJ4x+H
1tJaaJfv401thAkp/fGWI3flXLzfL5rzpI82xPMZ9i4z/C3/AAU4+B3iHUbyyfx/b6c1jos3iFb7
WNKvdG07VdNgTdNfWN1dwxwX1si4ZpbWSVFDKS2CCdv9mb9vr4R/tjahLbfDXxhF4qaLTY9XEsFh
dw281q881uJYppYkjlAmglRgjMVKjcBuXNNzc+bW97389Vf8Gr+T7MxtFU1BqyStbstNPva07td0
ew187/E//glB8APjNrvia98S+AF1OHxlfwatrml/2zqMOi6rewyJIl3Np0c62b3G6NQ0xh8x1yrs
ysynoPFf/BQr4Q+Cfjpb/DnU/Fc0Hie41S30IldGv5dLt9SuIxLBYTaikBsobuRCrJbyzLKwdMKd
659B+Mfxn8M/AD4fXvinxfq0Wj6JYtHHJO0ckzySSOscUMUUatJLLJIyokcas7syqqkkCs1paqvk
/uej+5/d5GvvX9l17fetvvX3nEXX7CHwtm+Kw8Z2/h690nWpIIbW7i0nXNQ0zTNVihiEMS3lhbzp
aXgSMKi/aIZNqqoGAoxheD/+CZ3wh8B/Dv4j+FNM03xnDonxbuWvfFccnj7xBPNqk78SSieS9aaF
5FwkjQuhlRVR9ygKOc+Jv/BVL9nmP4OeJ7+8+OmmeAbjSIxbaiska2ninw5NISsYk0i+t3uYp2I+
SOezJbjCMCK9C079t/4dX/7Rmr/CSHUPE03j7QNG/t+8sf8AhEtWERscDFxHdfZRbTBidoEUjFnD
IAXVlBJXi+bZpr1WkpL00UmvJN9xRm4tOLtZprya92Pzu7R9bLcpTf8ABPL4QX/7K2k/BPUPCk2t
fDLQpLaSw0fVtZv9SNt9mnWe3Vbi4ne42RuihUMm1UURgbPlrpvj9+yp4G/absNGh8XaXfzXHhy5
N5pOo6VrF7omqaVKV2s1ve2U0NzDuX5WCSAMvDAjiuE1b/gp58F9B+F+jeMr7xD4itNB1y2a/ikm
8G62lxZ2SyNGb67tjaefZWe5W/0q5SKAjnfgg1V8a/8ABV/9nzwJrnivTLn4kWGp6h4G0231jX7f
Q9Ovdbk0iynG5LmYWcMu2IJh3c/LEjK8hRWUm5uUpPmu3dt335lu/XRXe+nkJRUVoraW+Xb0u9vP
zOo+If7Bvwx+KmhDS9b0jXLjTpIIbW8tYPFGq2kOsQxvPIIb5YblBfRu9zOZEufNWYyN5gfivW7C
wg0qxgtbaGK3traNYooolCJEijCqoHAAAAAHSs648eaNZ+Bn8TzapZReHorE6m+ovKFtltRH5hmL
ngJs+bd0xzXBeE/20vh14v8ABeqeIY9Y1TStJ0a0iv7qbXNA1HRWFvLLJFDKkd5BE8qSyROsZjVh
J8u3cGUlSk1zKXTV+Xm/u/AF7yjJarZfhovvX4HL/G3/AIJjfBT9ofV/HV94q8Kajc3HxMt7a18U
fYPEuq6Wmspbp5cYlS1uYlz5f7tmUBpIwEcsoC0/wn/wTS+D/g74uxeO4NG8U6h4mi8ODwibjV/G
uuatBPpPl+X9ilt7q8kgliI+YiRGzITISZCWM+if8FHfhB4h8Carr9r4h1ll0TVI9EvdIk8LatF4
igvpEMkVr/ZD2w1AyyRgyIgtyXQF1BUE1t63+2v8O9BXw8supa9c3fii6urWwsLLwzql7qBNrMIb
mSa1ht3mt4YZSqSTTIkSF0DONy5VrK2y2++O3zi//AX2ZTber/qzv+Din5ON90W/2fv2Q/An7L9q
9v4NsdbtLUK0dtb6h4i1LV4NMiYqTBZx3k8q2cGVX9zbiOP5F+X5RjsPiR8NtB+L/gfUvDXifSrP
XNC1eLybuyuo98Uy5BGR2IIBBGCCAQQQDXmfhz9r74Z+PP2kLXwppPxRSfxHbeEG8TXPhWOOIQJp
0rWzx6jcu8HmwOFlQIjTRhkmcmJyoZK3gL/go/8ABf4j+LZtE0/xottdppUuvW02q6VfaTY6vp0S
7pb2wurqGOC+t41wzS2skqKpBJAIJdRNr952b17JtP5Lld+1nezTSmCs/cVttu7Sa++6t3uraNXi
vf8Agm18ItW+EHirwPf6R4p1PRfHFrHp+u3F9411y71fU7SNmKWkmpSXbXxthvkHkCcRbZJF27XY
Gn4b/wCCXnwX8LfEbw74rh0PxTea14U8PP4T01tT8b67qVtHpMibHspLe4vJIJoWXG5ZUfJRGOWR
SJfg/wD8FPvgX8fdd8I2Hg/x3Hrv/Ce3F7Z+H72DSb9dN1W5tDL9oto7xoBbeeqwyOIjIHeNfMVW
Qhj75TkpLWS3/wAnH8m4+ja2bEpK9l0/Vp/i4p+qXZHmn7P37IfgT9l+1e38G2Ot2lqFaO2t9Q8R
alq8GmRMVJgs47yeVbODKr+5txHH8i/L8oxe+O37MPgb9pYeG/8AhNdEOryeENVXWtIlS9uLOWyu
hG8RcPBIjFWjkkR42JSRHZXVlJFd7RScm2m3qrNfLVfc9UCSSaS0en36P70fL/jr/gjh8APiVdeP
5da8PeNrxfildRXniuAfEfxLDb63JEf3QlhS/WPZGAqoiqERUVVUKqgbbf8ABLf4Ov451fxM9n8Q
pdf17w0ng+/v5PiV4lee50pU2LbFjfnAHLbxh97vJu3uzH6FoqLLl5Om1ulrWt92nppsU27387/O
6d/W6T9Un0Pn3Sv+CXXwW8P+A/A3h3TdB8UaVafDWGW18M3lh431201bSLaQgvaJqEd4t4bU7UH2
dpjCAiAIAqge76DoNn4X0a20+wgS1s7NBHFEnRFH6k9yTyTyeat0VpKpKV+Z3vr83uybJW020+XY
+Bk/Yc1H9oT/AIKqfGjxJ8S/hT46tvhj4m8NaJo+ka1F4whsLDWWsGu/tEF1a6fqS3M9rOLpMQXU
DROIW8xF+UN9EfFr/gm78F/jfreo3/iHwaZJNY8NDwfqEFhq9/plpqGkhXEdrNb2s8cMqxCR/KZ0
LQliY2Q817jRU39yMOi/G97t9LtNp2tp8y3JubqdXb5W5bW/8BT9Vc8U+Gf/AAT1+Fvwi+OY+JOi
ad4rHjH+w4vDRvL7xrrepQvpsS7Y7Vre5u5IGReWGYyQ7M+d7Mx5mw/4JJfAjRrXRodO8NeKNJHh
t786M+m+OtfspdFS+jMdzBaPFeq1tbupOIIisSE7kRW5r6Rook3L4ten3tt/e236t9yY+78Om34K
y+5aLy02Pmfwh/wSE+A/gLS/h3Y6RoPjWysvhPqEmq+ErZfiL4kaHRLiTh2jRr8qQyl1KMGXbJKu
NsjhtHw//wAEq/gf4a8E+LvD0HhrxDcaZ441pfEmqi+8Z63fT/2qrFhqFvPPePLaXeTkz2zxyHau
WO1cfQ9FNyb1v/V0/wA4xfqk+iFZWt0/4f8A+Sl977s8f8S/sGfC7xp4V8L6RrWhaprMXg7Vk1zS
7y/8Raldaml4sJg82W+kuDdXBaFmidZpXV4zsYMvFOt/2E/hlp/xT1rxjZaNrGl6v4ifz9Tg07xJ
qdlpd9cADF1Jp8Nwtm10NqkXBh85SikOCoI9eopNt38/1sn96SXyXYdlp5bfK9vzf3vueL/Bj/gn
58Lf2fvhNe+B/Cml+JbHw5faw3iCSC48X6zfTx37Sea9xFcXF1JPEzS5kby3UM7M5BZmJ7L4E/s7
eEf2bPC95pPhDTbmzh1O8fUdQur3UbrVNQ1S6dVVp7q8upJbi4lKIi75ZHYKiKDtUAdtRT53rrvv
8rW/JfcuwnFNptbf8H/N/e+55Z8c/wBjD4f/ALR/xL8D+L/F1l4hu9f+HF6dR8OzWPinVdLh0+4I
KmUwWtzFFKxQshMqPmN3Q5RmUt8bfsU/Djx/8Zv+FgX+j6pB4pmt0s72403X9R0y31qBAQkV/bW0
8cF8igkKt1HKFBIAANeq0Uk7WtpZtryb3fq+vcctb36q3yWy9EfA/wDwVq/4JxW3jL9nP4i33wZ+
FniLxD8TviZqGmNqNlonihdJ0y6e3vILh7+7s7q+t7B5vLtvL84RPcEsgzt3Mvvfjn/gn/8ACb9q
K61Hxb48+H2qQ63488NwaJ4l0q7125hjvLVVYpbXtvZ3Rsp5oDI4WYeY0ZyY5cYNe+0UlpDk6X08
tOWy8mv6toOTvLm27+eqd35ppW/z1Pm3U/8Agkj8B77xla69beGfE2g39h4dPhK0Tw/4517Q7Sy0
koFayhtrO9ihihbAcqiDdIPMOX+auo0v/gnl8I9I/Ze0j4NR+G9Qk+Hvh5o30iyuPEOpXF3o7xsW
ie1vpLhru3aIn920UymIYCFQAK9qopuTta/n+Ll+bb9W3u2J9PJW+Vkrelkl6JLY8Y8c/wDBP34V
fEr4eaJ4b13RNb1KLw3qCatpmrS+KNVHiGyvFQRi5TVxcjUBL5YEZf7RuZBsJK8Vtfs5/sbfDH9k
ubxNP8PPB+m+G7zxnqDarrt5E0k93q9yzMxlnnlZ5JDudyAzELvbAGTXptFPmavZ77+e3+S+5dkD
SaSey28t/wDN/e+55d+1P+xv4B/bQ8KaboXxDs/EOo6VpN9HqVvbaZ4o1XQ1+0xOskUrmwuIDK0c
iI6eYW2OoZcNzWV46/4J/wDwt+JOp6dfaxpPiG4vrHTYdGnuYvFmr202u2UIIjttUeK6VtUiG58r
fGcN5kmc72z7NRUrRWXe/wA7Wv620v2G29/K3yve3pfX1PJPC37Dnw28FftM3Xxf0vStbtPHl5pM
ehSXK+JtUNgthGMR2qaebg2aQocsqJCArszgB2Zj6lrOlRa9o93YzvcpDewvBI1vcSW0yqylSUlj
ZXjbB4ZGDKcEEEA1ZoolrHleq7eur/Ft/MS0fMtHp+CSX3JJLySR8u6B/wAEbPgF4b8OXmhw6L8Q
bnw7qd5NqGoaFffFDxTfaPqk80hknkurGbUXt7kyuS0nnRuJCSWzmvZ/iF+zV4N+JfwKm+Gl5pt3
pfgmazj07+zfD+qXegeVapgLbxy2MsMscW0BSiOFZCVYFSQe7ool70eR6rt00208hp2lzrfv111e
vmzxXQ/+CfHwv8Nfson4I2Fl4wtPhr5P2VdNi8ca4txFbYA+ype/bPtaW20bPIWYRbCV2bSQeZ8E
/wDBJz4KeAY/CdvZWHxEu9L8DXVpeaFo+q/E7xPqujabLaEG1KWF1qElqRCVUopiKqVGAMCvpCiq
55cznfVtO/W62d+66Pp0I5Y8vJbTVW6We/39e54eP+CcfwdTWtNuk8MX8Vlpdyt7FocXiHU4/D01
0JTN9qm0lbgWFxcGU+aZpoHkMgDliwBHuFFFK+nL0Kbu+Z7nk/wO/Yj+HP7Onivx5rfhbTNdjv8A
4m3h1DxMdU8TaprMOqXBXYZDDeXEscbFMR/u1X5ERPuoqih8Nf8Agnz8I/hP4N1jw1pXhe5uPC2t
2s1hNoOr63qGsaPa2soIktrWyvJ5bezgZSVMVskaFcDbgAD2eik/h5elkreS0S9EtlsPmd79b3+f
f189zyP4ffsLfDD4bfDbVfB1roOoav4Y1i0fTp9N8R69qPiGCKzdVVrSAX88/wBntiET9xDsjGxS
FBArMsv+Cdnwqsvh14o8LnTfFl3YeMrEaVqt1e+NtcvNVlsQcizj1CW7a8gtck/uIZkiw7jbhmB9
voon79+fW6s79V29Ai3G3LpZ3Xk+/rotfI8T1L/gnZ8ItY/Z18K/Cq78N6lc+DvAssM/hxZPEept
qegyQk+S9rqRuPt0DRqxRGjnBWM+WMJ8tbf7Pn7Fnwv/AGWPEXinWfAnhGy0XXfG9wl1r+qvPNea
jrEqLhWnuZ3eWQjLH5mPzMzfeZifUaKpzk5SnfWW76u9r373st+y7E8q5VG2i2Xbfbtu/vYV8r/8
FLP2Y/Evxr1r4V+LPD+k+KvFkHw71e8uNU8OeGvGV14S1jU7a6tGgMlpfQXdoFmibafLlnjjkR5F
LDjP1RRUSje3k7/1/XpqVfc/N+0/Y58R/BT9p39nLV/hn+z18RNM8E+GvE2v+L/FLXvjXTtX1Gzu
dW01rR2upb7V5ZZrnziZZfIkmj2YKPJIzIOZ/Zv/AGVPj58N4PB3xDn+Dut2ut/D34u+MfFM/g+9
8QaL9t1zRtfM5WWzmhvZLUXduJUBjuJoVP7wCTBDH9RqK1VWStborLyV07enuqK7Lzs1E4RkrNaX
v6u01f1vOTfd2fr8N/tNfC3x/wCPvjx+zBr/AIT/AGf9d0rQvCfj+68Y+J4rXUfD1vLpK3WnXNq8
l1GL5VkujPdmV/szXAKRswkaQiOrf7f3wF8RTftn/DDXfBqWzW3xmtJ/hh4+gaQRtJo6q+oreDAJ
Z4Yob2BeQB9vGTwAftmuN8PfATw34a+KOqeM4k1q88QarkGXUtdv9RgsVZUDpZ29xM8NkjiNN62y
RK5UFgSM0oT5XHTSLb+9KPL6ON13Semtmqld8z6tJfc3JS9VJqXZta+fwHc33je7/bx/bm8G+Bvh
nc+ObnxnpfhnRYp/7UsbHTdHkm0KWJZL4TypL9mAbJNtHPLwQI+9ei/Av9j/AOIn7HP7YvhjWtM8
LX/j/wAH6H8CNK8ANqdpqllBcNf6ZcyylDHcyxsXnRwIiP3e7IkkiGGr6Q+En7EXw6+B3x88afE7
w5Y+JLfxp8Qyp8QXd34s1bULfUdpBjza3FzJbp5YGyPy418pCUTahKn1moh7sI2etkn8oTgvklUk
07J3et7IKlpc0be709OanK/k26cbq7Vlpa5+Xv7GX7I/xy+CXw++A3jXWvhT4oi134Laz4xt9V8D
jXdEe91m01y5e4hvrGZb42bSQhkjaO4ngJBm2nATzH+Pv2J/i5ofxf8AB/jrSPhR4j1aTxd8foPi
3r2k2Gr6JG3hHToNKGnCCdpr6NJ7yQnznFsZYx+8USMVQyfp/RWiqtVFVW6t+E41LfOcU316Ky0F
UXNCcH9rmv8A9vRlF/dGbS+Td2fJP/BND4dfEPwF8Zv2l9S8b/DjxD4G07x/8RG8UeH7jUdS0q7X
ULR7C1tMbbK7naOQNaFysgUbZY8EtvVeB+L37P3xR+Ov7bP7QliPh3408KeC/ix8LIPh5pfjo6lo
slrZXUH9qO121vHfm9ELfbYlTEHmbg25I1+evvSisqiU4Rpy2UFD1ShyJvz5e2l+htCtKE5VIaNy
5vR86np5cyW99ND4DP7PfxR+J0XwBl134Sa94cu/2X7O4u5Xh1jRrn/hNbpdGm06O00lluwVhlaT
zC9+LPASNSvLFPX/APgjf8IvGf7Pv/BOP4beBPiB4Q1DwV4s8JWcthfafdXljd728+SQSpJZzzRs
jB+MsHyDlRxn6doredeUpTlL7Tu/W7d/V316eRzQpRhGEIaKKsvTotei3766to/Nn9p39lb43/E3
41a1qMXwz1i7s9B+MvhzxppB0DW9G0rR9a0m1mtfOuJoftEVxd6mscbhzf8AyBY4hCSUUV9B/wDB
W/QNQ8YfsuaNp+gaTqGr+NZfGOhXfhi1sXtGvI9Rtr2O6SaOC5nggufKSGSR4XuIVeNJMzRAb1+o
64f49fs3+DP2m/Clro3jXRjqltp12t/YTwXlxYX2mXKqyLcWt1bvHPbTBXdRJDIjgMwzgmsYylGl
ClH7Moyvs7pU1v3tTTuut3p010dSVR7uLVt1rztaPpebuu2h+bnxr+B3xa+JX7Hv7SnhL/hVfxL1
r49/Hmax1e7sLlfDmhaS0MC29qs9rHHrt9FBDHHbRrIJbuS4kkkVgpTPl/Tf7W3wM+Kvj/xl8F/i
l8MPDs+h+NUtJvB/i7TtT1O1t7nSdC1OJTPMzRSSwTXFhcxQTqkUkgcrIqMQ+a+j/g98BvDfwL0q
W10GLWJprhVSfUNa1u+1zVLpEZ2RJb2+mmuZUQyPtV5CE3sFABNdjWjmtNL2a6W0UeTlsukoe7LW
7u7ON7KdXe/n5u7s7+qkk46WVldO138FftNf8E+7iX9rOfXX8BfEz4j/AAv8W+C9L8FT6R4J+JF1
4TuNAWye7GbqBdUsIb6zliusMC0kkZRtsbiRq8z1/wDZH+Kfw08a/tEaP4M/Z+8Xf8Ih4i+B2lfD
PwYtl4m0Se3lubSO9hEYkvNTW58lFvo8S3Cq7LbykgMY1k/UGisql505U5vSSkn58yktfNKUrPzd
76mtKq6dSNSK1i4teXK4tfJ8kb97dDwP9nj4fa7b/wDBNTwt4O8YfD66PiCx8AxeH9V8IajqNpuv
ZYrL7NJatcW8ssASYqQHEhAWQFtpBUfJ3iX9gT44+OfhF8Rvh/pNz8RbX4YaBqPh7VfA+geOvGMD
67c3Omait1c21rq2m3Ml1b2E8MUKQS3NwbmGTnbGqjP6W0VvVryqV5Yh6Sk7+V1LmTs7p2e17rV9
2c9ClGlh4YeO0VZPrayTV1a10knazfyVvz/tP+CfXhrX/AGueI1+Anx28PeKfE93YXeoz3fxebUv
HNpdadBeG0urS+n1m5t12GQQRj7XHvW7fzUVEKml4i/Zm+OPjL9mfwlqvjPS/i1qfxw8Ipqy+F/F
fhHxLoWneJNLtbi7QWtnq0ck0Wl3mYEha6CCaItb5jDvtc/obRWcpN3tp83pZWuuqdrK61skttDW
+zerXXuuz6NeTVuu+p+bnxM/ZW/aB+P37TVpbeMPCWo2beIv2fL/AOGfiH4h6Nf6Wuk2mv3whnku
obU3i3ptlkR0yLcNvYYXZ+8HaeHv2e/iZ8TdZ/Z1m8SfCvWvCU37LsE17POmraRdr4yuU0eXTo7X
STHdblilZ/ML3y2mNsaleWZPu+im6j5XFK177dHz1JprorOpKy2tZNOxLinbm1sreqcYQlf/ABRp
xv1vdq1z8o/gd+zN8fPB3wU/ZQ8Pal8AvG1vqHwt+LmreLvEp/4SDw08Vnp9zJqRjkQrqZMrY1NC
VUbh9nm4/wBX5n6g+CPFd/4rh1J7/wAM654Zax1CazgTUpbORtRiQgLdxfZp5gIZByolMcoA+eND
xW3RVSqtpprdt/NqK/KP4vysSV5c7eu3yvKX5zf3LzuUUUVkMKKKKACiiigAooooAKKKKACiiigA
ooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKAP/
2Q==

--=_mixed 0035B28665257EC4_=
Content-Type: image/jpeg; name="4_experimental_setup.jpg"
Content-Disposition: attachment; filename="4_experimental_setup.jpg"
Content-Transfer-Encoding: base64

/9j/4AAQSkZJRgABAQEAYABgAAD/2wBDAAIBAQIBAQICAgICAgICAwUDAwMDAwYEBAMFBwYHBwcG
BwcICQsJCAgKCAcHCg0KCgsMDAwMBwkODw0MDgsMDAz/2wBDAQICAgMDAwYDAwYMCAcIDAwMDAwM
DAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAz/wAARCAF9AZ0DASIA
AhEBAxEB/8QAHwAAAQUBAQEBAQEAAAAAAAAAAAECAwQFBgcICQoL/8QAtRAAAgEDAwIEAwUFBAQA
AAF9AQIDAAQRBRIhMUEGE1FhByJxFDKBkaEII0KxwRVS0fAkM2JyggkKFhcYGRolJicoKSo0NTY3
ODk6Q0RFRkdISUpTVFVWV1hZWmNkZWZnaGlqc3R1dnd4eXqDhIWGh4iJipKTlJWWl5iZmqKjpKWm
p6ipqrKztLW2t7i5usLDxMXGx8jJytLT1NXW19jZ2uHi4+Tl5ufo6erx8vP09fb3+Pn6/8QAHwEA
AwEBAQEBAQEBAQAAAAAAAAECAwQFBgcICQoL/8QAtREAAgECBAQDBAcFBAQAAQJ3AAECAxEEBSEx
BhJBUQdhcRMiMoEIFEKRobHBCSMzUvAVYnLRChYkNOEl8RcYGRomJygpKjU2Nzg5OkNERUZHSElK
U1RVVldYWVpjZGVmZ2hpanN0dXZ3eHl6goOEhYaHiImKkpOUlZaXmJmaoqOkpaanqKmqsrO0tba3
uLm6wsPExcbHyMnK0tPU1dbX2Nna4uPk5ebn6Onq8vP09fb3+Pn6/9oADAMBAAIRAxEAPwD9nf26
PjF4q+B37P6av4Kl8P2/ifVPFfhjwxZ3Gt6fNqFhaf2t4g07SpJ5LeGe3kl8uO8dwizR5ZFBbGa5
/wD4Vz+1P/0WT4Af+Gb1f/5p6P8AgpZ/ybr4c/7Kr8OP/U40Kvf6APAP+Fc/tT/9Fk+AH/hm9X/+
aej/AIVz+1P/ANFk+AH/AIZvV/8A5p69/ooA8A/4Vz+1P/0WT4Af+Gb1f/5p6P8AhXP7U/8A0WT4
Af8Ahm9X/wDmnr3+igDwD/hXP7U//RZPgB/4ZvV//mno/wCFc/tT/wDRZPgB/wCGb1f/AOaevf6K
APAP+Fc/tT/9Fk+AH/hm9X/+aej/AIVz+1P/ANFk+AH/AIZvV/8A5p69/ooA8A/4Vz+1P/0WT4Af
+Gb1f/5p6P8AhXP7U/8A0WT4Af8Ahm9X/wDmnr3+igDwD/hXP7U//RZPgB/4ZvV//mno/wCFc/tT
/wDRZPgB/wCGb1f/AOaevf6KAPAP+Fc/tT/9Fk+AH/hm9X/+aej/AIVz+1P/ANFk+AH/AIZvV/8A
5p69/ooA8A/4Vz+1P/0WT4Af+Gb1f/5p6P8AhXP7U/8A0WT4Af8Ahm9X/wDmnr3+igDwD/hXP7U/
/RZPgB/4ZvV//mno/wCFc/tT/wDRZPgB/wCGb1f/AOaevf6KAPAP+Fc/tT/9Fk+AH/hm9X/+aej/
AIVz+1P/ANFk+AH/AIZvV/8A5p69/ooA8A/4Vz+1P/0WT4Af+Gb1f/5p6P8AhXP7U/8A0WT4Af8A
hm9X/wDmnrX/AG9P29Ph/wD8E5/2fL/4ifES+uUsIZUs9O02yjE2o67eyZ8q0tYiR5krYJ6gKqsz
EKpI+GLL9nb9vT/gqpdr4s8afFe8/Y1+GOoqJdI8F+FIvtPiswHlXvbsGJ4JWUg4D/L0MCMCSAfa
H/Cuf2p/+iyfAD/wzer/APzT0f8ACuf2p/8AosnwA/8ADN6v/wDNPXxrq3/BI/8AbM/ZIVfEvwE/
bR8afETVbUhp/C3xcaTVtN1RAcmNbh2laEnGPkRCc/6xOtetfsm/8Fy/B/i3QviH4T+O+mt8Gfjj
8E9HudX8c+Fbo+bDLbW0RmlvNMkDMLqBotrqqkuBIuN64kYAk/bt/bG+J/8AwTe+Dj+Nvix+0X+z
zoenys0On2UXwZ1efUdZnAz5NrAPFG6R+Rk8IgILsq818l+Hf+CtH/BSn4meHR4o8Hfs0aRqvgmZ
BcW19qfw5u9J1K6gIysiWEniNpH3LgjYzAgjBIOa9b/4JF/AHVP+CmHxi1z9t748eHIbyXxJcNZ/
Bzw3qqrc2/g/QYpGCXawsCguZ3G7zcbvlZ1wsqgfqJQB+Zn/AATw/wCCpXxT/wCChfiPWPB1j8Xf
hD8PPi14YLrrfgDxf8ENX0/XLHYQHdYz4oxKgJGSp3Lkb1TcM/SPxa1f4/8AwG+HGr+L/Gn7Qf7N
fhjwxoMBudQ1PUvhHqtvbWsYIGWZvFGMkkAAcsSAASQK4j/gsx/wTfg/al+DUnxP+Hgs/CP7Rnwl
H/CReCvFtu0dpcmW2HmNZXMzDbJbyorJtlOxWYE4QyK3xj+ww+vf8HPfxi8NfF34waHLon7PvwVt
rXT7fwSty7af4z8V+THLeXU6dHtYS6BUYklSik4edSAJ4S/4Lhfto/tQXt7c/s4/CvSvjJ4UtZpI
YvE958INQ8NaTqOxipe3mn8TOHHGQp2uARuRTxWz8M/+C7Hx48OfHPR/hp+0Ve+CP2Y/FviFxHpd
x4r+CmqT6DfsWChUv4/E4XBYgFygiX+KRa/YfSNItfD+lW1hYWtvZWVlEsFvb28axRQRqAFRFUAK
oAAAAwAK5H9of9nLwT+1d8I9Z8C/ELw5pfijwzrtu9vc2d9AsoXcpUSRkjMcq5ykiYZGAKkEA0Ae
ar8O/wBqZlBHxl/Z/IPII+Der4P/AJc9L/wrn9qf/osnwA/8M3q//wA09fJ//BJjxz4u/wCCcX7V
3iD9iL4u+K9S8UW5tn8S/BbxDqDebJrOhDzPO06STqs9r5RYRnool27Y1iB/S+gDwD/hXP7U/wD0
WT4Af+Gb1f8A+aej/hXP7U//AEWT4Af+Gb1f/wCaevf6KAPAP+Fc/tT/APRZPgB/4ZvV/wD5p6P+
Fc/tT/8ARZPgB/4ZvV//AJp69/ooA8A/4Vz+1P8A9Fk+AH/hm9X/APmno/4Vz+1P/wBFk+AH/hm9
X/8Amnr3+igDwD/hXP7U/wD0WT4Af+Gb1f8A+aej/hXP7U//AEWT4Af+Gb1f/wCaevf6KAPAP+Fc
/tT/APRZPgB/4ZvV/wD5p6P+Fc/tT/8ARZPgB/4ZvV//AJp69/ooA8A/4Vz+1P8A9Fk+AH/hm9X/
APmno/4Vz+1P/wBFk+AH/hm9X/8Amnr3+igDwD/hXP7U/wD0WT4Af+Gb1f8A+aej/hXP7U//AEWT
4Af+Gb1f/wCaevf6KAPAP+Fc/tT/APRZPgB/4ZvV/wD5p6P+Fc/tT/8ARZPgB/4ZvV//AJp69/oo
A8Q/Yw+LPj/x7rfxg8NfEbUfB+ta38MfGsXhuDUvDeh3Oi2l/by6Bo+qq7W095eOsivqckZImIYR
qdqkkV7fXgH7G/8AycV+1j/2VWx/9QfwpXv9AHgH/BSz/k3Xw5/2VX4cf+pxoVe/14B/wUs/5N18
Of8AZVfhx/6nGhV7/QAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABXx5+2n/wAFyfgR
+xl4tbwedT1r4o/Ews0aeCfAFj/buso46iZUYRwEHGVkdXwchGry7/gpb+1/8TP2qP2lv+GN/wBm
HxBF4c+IFxp41T4kePOWi+H2kOFxFEVO4384kTaFIZFkUhlLGWH6W/4J9f8ABNL4T/8ABNX4Q23h
f4b+HbW2vZoUGs+ILhBLq/iCcAbprmc/M25ssIwRGm4hVUUAfHyf8HC3xT0511HVv2Av2q7HwsDu
kv49Cnluo4u8htzAoGBk8yAdPm5zX1N+wr/wV3+BP/BQ2W707wF4ta18X6YpbUfCev2zaVr1hgZb
dbS8yBR954TIi5ALA8V9M18f/wDBV7/gjb8O/wDgqJ8Po57t28E/FXQUMnhrxzpUQj1HTpQPljmZ
SrT2+eqFgV5KMhJJAPm/9jD4Z3P/AAWM/wCCnXi/9pvxtcvq3wW+AniG48LfBfS0ONP1G9t2C3et
4/5ajzVVo5OhbYODbgH9UK/N7/ggd+0pZ/BzwxqX7EnjnRrPwd8ZP2doHt5LeCcvY+LdOkmaZdVs
ywVyHE8byKwBHnq3G5kj/SGgAr8lv+DpP9iXwJ+0Z4c+AtxHYyad8YfHXxF0v4b6NrNjIIZ3sNQ8
0XMdzgfvbdFBIz9xpTghZHDfrTWN4p+HXh/xzf6Td63oWjaxdaDdC+0ya+soriTTrgdJoWdSY5B2
ZcH3oAPhz8P9I+E3w+0Lwr4fsotN0Hw1p9vpWm2kfCWttBGsUUY9lRVH4Vs0UUAfPP8AwVg+FnxJ
+Of/AATo+Lfgn4R29td+P/GGhPounxXF6lmjx3DpFcjzXIVG+zPPtJI+baMjOR1n7C37IXhr9g79
k3wP8KfClrDBpnhHTY7eWVAd1/dN89zdOTyXlmaSQ+m7AAAAHrVFABRRRQB+aH/BzD8LNX8B/s7f
D/8Aak8Dxyx/Ef8AZh8UWuuWsseSLjTLmeKC7t5FH3o2byC2fuxibszV+jXgTxnY/EbwPo3iHS5R
PpmvWMGo2kg5EkM0ayI34qwNeY/8FEPhTF8c/wBgj40+D5guPEfgjWLGNmGRHI9lKI3+qvtYe4r4
O/4IEf8ABb3wn8dfhL8Hv2f/AB14a8RfDv4i2HgmwtPDV3q6j+zPHdrZ24t/tFnOQuZGEDsYypGU
kCuzKwAB+qlFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQB4B+xv8A8nFftY/9lVsf/UH8
KV7/AF4B+xv/AMnFftY/9lVsf/UH8KV7/QB4B/wUs/5N18Of9lV+HH/qcaFXv9eAf8FLP+TdfDn/
AGVX4cf+pxoVe/0AFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABXif/BRr9sTSv2CP2KPiJ8V
dVmhSTwvpEr6ZBJz9v1GQeXZ2wHUmS4aNTjoCSeAa9sr8vP+C2Woz/td/wDBSn9jv9lK3kJ0fV/E
T/EzxdGBnzLDTFlaCNu2yXyr1Dnjf5eMkCgD23/ghn/wT21D9ij9lI+JvH4uNS+O/wAY5h4r+Ies
XzGS+mvJi8sdpIx6C3WUqVHy+a0zDhhj7WoooAK+VP2t/wDgtr+zB+xD42l8M/EP4r6Jp/iW2OLj
SrKKbUbu0OM4lSBH8s4PR8H2r3P9pzx/efCn9m74geKNP2m/8OeHNQ1O23DI82G2kkTPtuUV/O5/
wQ2/ZD+Anjv9gD49/thftMeF9U+LU3hnXp7e5sZXaaQKsdtNLcIpljEk0j3YGXfACccmgD9JpP8A
g4l/4J5y/GFPiG/irSX8eR6cNHTxC3gq8OppZh2f7OtwbfzBFuZjtBwSa6r/AIimP2J/+irXn/hN
6j/8Zr8zP+Hqv/BJr/o0jxl/4J7X/wCWNH/D1X/gk1/0aR4y/wDBPa//ACxoA/TP/iKY/Yn/AOir
Xn/hN6j/APGaP+Ipj9if/oq15/4Teo//ABmvzM/4eq/8Emv+jSPGX/gntf8A5Y0f8PVf+CTX/RpH
jL/wT2v/AMsaAP0z/wCIpj9if/oq15/4Teo//GaP+Ipj9if/AKKtef8AhN6j/wDGa/Mz/h6r/wAE
mv8Ao0jxl/4J7X/5Y0f8PVf+CTX/AEaR4y/8E9r/APLGgD9M/wDiKY/Yn/6Ktef+E3qP/wAZr6A/
Yy/4Kzfs9/8ABQHVbnTfhV8TNE8R61aR+dLpTrJZ34jHVxBMqOyjuVBA74r8TY/+CqX/AASbkdVH
7JHjLLHH/IHtf/ljWP8A8FwP2bPh5/wSv/ah/ZO+P/7Nek3Xw7fx8G1b+yopnMEfkmykUlWdivmR
XhjkQMVIXjqcgH9KtFQaXef2jpttcY2+fEsmPTIBxU9AEOpadBrGnXFndRJcW11G0M0TjKyIwIZS
O4IJFfJv7cX/AAR++Gf7UP7FNj8K/Cmkab8OdU8Bq1/8ONa0iI20/gvUlk86OW3dPnSJpQPMVSNw
ORh1Rl+uKKAPjP8A4Ij/ALanjL9qf9mHVPCnxdUWfx4+C2ry+D/Htm4VJ3niJNvelV+UrcQgN5if
I7pKUwuAPsyvy++OetXH7B//AAcufDTxNG/2bwZ+114Ql8K6xu4jbW9MUG2l46vs+xwLnnFxJ7Y/
UGgAooooAKKKKACiiigAooooAKKKKACiiigAooooA8A/Y3/5OK/ax/7KrY/+oP4Ur3+vAP2N/wDk
4r9rH/sqtj/6g/hSvf6APAP+Cln/ACbr4c/7Kr8OP/U40Kvf68A/4KWf8m6+HP8Asqvw4/8AU40K
vf6ACiiuY+M/xn8Mfs9fC/WvGfjLWbPQfDfh+2a6vby5fCoo6Ko6vIxwqIoLOzKqgsQCAdJdXUdl
bSTzyJFDCpeSR2CqigZJJPAAHevlS7/4KVah+0BPq+lfs0/D7UPjDdaZcvZSeLL66/sTwNBMjFZA
upOrvelG4K2MM6nBBkTrXyf+39+0N4x+IH7Ls/xg/aH+HHj6x+Bmqa/p2j+FvgpoN41l4k8Vi6lK
RXGvNGQ7eYdpTTImCjcBMZHAC/SPwB/4K+/s/f8ACnNb1DR8+Fvhz4J1TSvC3h9dI0ee+/tU3Wi2
2qQw2Wn2EMk4MVvMyvEkZMX2aUsFVCQATwfsP/tGftBAXnxh/ab1zwhDP8zeGfg7psGg2Vr/ALP9
pXcdxfzZHVgYfZVrStf+CL/wjniB1rxJ8fPE92OTdap8Y/FDTMfU+XfIufoKoaB/wW++CniH4r+I
tIt7rxNdeD/D/giy8enxnYeG9U1DRn0+4W5d2kkgtnFuIktn3NMUBffEP3kUiL6TZf8ABT34D6h8
RdY8JxfEbSzrvh7WdQ0HVIWtbpItOurCxkvrzzpjEIo4YreKRmnZxDuRo95kBSgDz2//AOCP2ieH
3+0eAfjl+058O7yL5rcWfxKv9Ys0YdN9rqhuoZFz1BXkZGRTdFsf2xP2WtURby/8DftR+Dgd0shg
i8GeMbYdwiru027IA4DG0yTjcByOv8Nf8FbPgD4x8F3Gu6Z401K8trfUtL0o2sfhbWP7Tln1Nd+n
GKxNr9qliu1BaGaOJopRyjsKyvgN/wAFV/BHxl/ap8Y/CS7stR0LxNoutw6XoVo1pfT3+t27aRZa
lLeXFr9lWTTY4hepC/2raqybVZldxGADuP2XP+CgPw8/aw8Wa74V0ebXfDnj/wAKosut+DvE+ly6
RrumRscLK0EoxLCTgCaBpIjuGH5Fe2V8Y/t/x/DH42/tufBH4O+J/C3xF0z4ia/b6lrXhH4k+G2k
0qTwq9tbyySxQ6gBtlkdYsSWjCSMq8bSRkMlbPwD/bE8afAz48WfwN/aGjI8QavO0PgX4jQWa22i
/EOMAstvKE/d2WrKgIe2OElKM8PDBAAfWtFFFABRRRQAV+b/AMDfDQ+LH/Bz98cvE9yv2lPhN8JN
F8NW2/n7LLqEqXoK+h2ecPpI3rX6QV+f/wDwTyQXn/Bdb/gobcyf623Hw6towfvIn9gzE/gxwfwo
A/QCiiigDyn9u3/kyT4wf9iVrH/pFNX4M/8ABK0Y/wCDTP8Aa19/EF//AOk2lV+837dv/Jknxg/7
ErWP/SKavwa/4JYDH/Bpj+1kfXX7/wD9J9KoA+9f+Daj9k/4XfEz/gjn8LdZ8R/DjwLr+sXcupia
+1HQbW6uZtuoXCrukdCxwAAMngCvvD/hhL4Jf9Ef+GH/AIS9l/8AG6+T/wDg1x/5QnfCb/rrqv8A
6cbimD/g4j+G+j/EnQvCfiDwh4k8P6zeweKm1lLieJo/Dc+iSakgt7hxx5l2NKuzCB12Y5wcAH1n
/wAMJfBL/oj/AMMP/CXsv/jdH/DCXwS/6I/8MP8Awl7L/wCN14540/4K9eE/hj8Vf2cPB3ibwxru
j6x+0Dp1rfTh5EePwU93Ev2GC+YDG+4uS9shXgyQydgM4nhb/gt14C8QftH+PfhZdeG9f0jxX4L8
daZ4MtIrySOOLxJHeapDpj39mx/1kdtPOnnIPmUOnOW4APfv+GEvgl/0R/4Yf+EvZf8Axuj/AIYS
+CX/AER/4Yf+EvZf/G6+QvBn/Bwn4f8AGZ+O1zD8N5k034E6br2oagV8baLLqmof2VdLbSBdLWc3
0McjMNs8kAiBKjfllB9e/ZH/AOCwXw//AG0P2n9F+GPg7TdUubrUfhrF8QrzUmdDbaTK01nHJo8w
HIvYVvoHlT/lmHUEAtigD4D/AODvH9mv4d/B7/gnt4N1Lwl4D8HeGNQm8bW0ElzpOjW9nM8Ztrgl
C8aAlcgHGccCvB/+Dp3/AJN8/YC/7AU//pNotfV3/B5v/wAo3PBP/Y92v/pNcV8o/wDB07/yb5+w
F/2Ap/8A0m0WgD+hvwx/yLWnf9e0f/oAq9VHwx/yLWnf9e0f/oAq9QAUUUUAfmx/wcx+HV0T9n/4
CfE2ACPU/hT8avDesJcjh4oHldJFB64Mn2cn/cFfpPX54f8AB0DKrf8ABLC6tR/x9X/jbw5b2o7m
T+0YmGPfarV+h9ABRRRQAUjuI0LMQAoySeABXP8AxY+LXhn4E/DnV/F3jLXdN8N+GdBt2utQ1K/n
WG3tox3Zj3JwABksSAASQK/LH9uP9vbVfibq3w7v/jlpvjHwF+yn8ZNfbw/pPh3TN2ma5rmnxx+b
NrHiCY4uLTSzEGkNpbmOUwBnncKDEQD7K1T/AIKe6b8WPFGveGP2fPB2sfHrxD4emNnqGpaXdw6f
4T0i6HWG51eY+W7qCC0dmlzIueUHbnY/2Sv2p/2jH8/4q/tD2fwu0qXr4b+DmjR28iDsH1fUkmnc
9iYoIQeuOgFD4Lf8FYv2bPgj8AdIgk+xfCzwzp+sa/4e0bRNL0ee+hgs9G1B7K4vzHp8Ei21jvCu
Z5QkS+aNz5zXR/DT/gsf8KvGfxv8c+BtZg8WeE7vwl8QbX4b2eoah4c1I6brWp3MaNbql0tt5EPm
OxVBLIu4eW4JSWJmAGWX/BGf4bXSBvEXj/8AaN8Y3Dcyz6t8YfEStMfUrb3USDvwqqBnpRe/8EZv
hnZxA+GfHf7Rfgi6XpcaN8YPERcemVubuaNh7MpHtXV6B/wVq/Z28UXvh63sPihpFy3ijT9R1fT3
FpdiJ7KwN8Ly6kkMQSGCI6begySlEPkjBO+PdRtv+CwP7P11plrOPF3iCO8vdasfD0GkTeCtdi1u
S9vrSa8skGnNZi82XFvbzyRS+T5cgjIVicAgHIt+yp+1X+zfKLr4ZftBWHxb0W0P7vwt8W9Fh+0z
R5yVXWtOSKZZOoDTW8wyRngV0Wi/8FRdG+GnjXQPB/x98Ia78B/FviOdbPTbnVZF1Hwtq9wxwsNr
rMA8je3aO5W3lJ48vlSZv2aP+CqHgf8AaC+NXin4f3Vvd+HvFml+M77wvomlNb3lzf6vbWmmaffy
ajcQfZkfTogL9YmF0FVZEVC/mOIxj/t6ftgaZ8O/if4W+FHxK+BOveM/hF8XtZsPA03iR7nTbnTp
tR1DeI7ZtPeYXUsSbVZ5lj2oN5BLR4IB9b0V8R+JvD3j/wD4JHWum6p4TPjz4w/s5WifZtY8NTyN
rPib4dwg/Je6fK2bm/sI1+WS1laSaJQrxOyK0Y+vvhd8UvDvxs+HejeLfCWs2HiHw14htUvdO1Gy
lEsF3C4yGVh+RB5BBBAIIoA3qKKKAPAP2N/+Tiv2sf8Asqtj/wCoP4Ur3+vAP2N/+Tiv2sf+yq2P
/qD+FK9/oA8A/wCCln/Juvhz/sqvw4/9TjQq9/rwD/gpZ/ybr4c/7Kr8OP8A1ONCr3+gCn4i8RWH
hHw/f6tqt7a6dpel28l3eXdzKsUFrDGpd5HdsBUVQSWJwACa+Lf2f/ASf8FVPjT4f/aG8XpqbfBz
whdGf4SeEr+AwQalPGzL/wAJVdwty8knP2JJBiKELMAJJvkrf8FKvjZ4W+OXxUb4G63qb2fwu8D6
WPHnxw1NJmit7TRowzWOiTOvIfUJ1DvGCGa1tpVxiYEfm98R/wDg5H/aq/a5+I2saV+xt8Ebu6+H
XhZlsrW6t/DEuqXJjUbUMgUeTApUDbEBkL3PYA/br9qf9lHw7+134V8MaP4lvdasrbwn4s0nxjaN
pk0UUkl3p1ytzBHIZI3BhZ1AcABiucMp5rwi6/4IhfCC1svFyaFf+K/DF14r+IknxPjuLJdNuBom
rS2j2ky2tvdWc1sbaSGWYNDcRTAGUldpWPZ+Uf8Aw9S/4K5/9EV8R/8Ahu//ALCj/h6l/wAFc/8A
oiviP/w3f/2FAH68eGv+CSvgvwv4qvtUh8a/EOVPEPgV/h94msJH0oWfimwY3zLJcotiDDMj6hOy
/ZDbxjCL5ZjBQ4vwW/4Ic/A/4K6jHcQx+KvEAm+G998MdTi1jUI5Y9c0+9u57q6u7ry4oy99K91c
K06lfkmddozkflD/AMPUv+Cuf/RFfEf/AIbv/wCwo/4epf8ABXP/AKIr4j/8N3/9hQB+sfwj/wCC
LPwy+EhtLkeJ/iP4h1mx1rwvqsWq6vqFnJdiDw4uzStO/dWscf2WNCwY7POlLFnmZzurd0n/AIJM
/Drw5+3Ve/tFaTrfjbSfiTqmryalfz2t3arbahbSafbWMmmTIbcmSyK2kMwRmMiTKXSRMkV+P/8A
w9S/4K5/9EV8R/8Ahu//ALCj/h6l/wAFc/8AoiviP/w3f/2FAH7O/tJf8E8dM/aW/an+GnxZu/iZ
8VvCur/CssdI0nw/qNlBpU5kZvtBnjmtJZWM8TeRJslTMSqBtbLH0r9pf9nPwv8AtZ/A/wAQfD7x
jaz3OheIrcRSPbymG6s5VYPDcwSDmOeGVUkjccq6Ke1fgx/w9S/4K5/9EV8R/wDhu/8A7ClX/gq/
/wAFbtNYXE/wQ8Rzww/O8Z+HbEOB1Hyru/LmgD9ff2Hfjd40+HfxD1H9nn4063b678SfCmmrqvh3
xRgQ/wDCw9B8wxLemP8Agvbd9sV1GCfmaOVSVmGPqOvw+/ZP/wCCqmqf8Fq9Kn8C65pem/Bv9tX4
MTTa/wDDnUVjlt4Ly7iTFzZSJKdyQ3EamC5gclWjkDgExgD9ef2Rv2k9K/a3/Z48M+PdJQ2p1i22
ahp7nM+jahExivLGYdpbe4SWJh/ejJGQQSAekUUV4z/wUJ/bK0T/AIJ//sa+P/i5r3lSweENMee0
tHfb/aN65EdrbAjkebO8aZHQMW6A0AeGf8FAP+Ctl78EPj/pH7PvwL8Fr8Yv2jvEdt9sTRDdC20n
wtabQ32zVLjI8tNpDiIEMylcsnmReZ86/wDBIX/hbnwp/wCC4/7T/hb47ax4P1n4nfEHwL4c8XX0
/haCWDShFaf6FHHCsqiQiNJ0j3MMsVJOSa+g/wDghz/wT7b9lv8AZzX4n+PYzrX7QHxwQeKvHXiC
8XderJdn7QmnqT/q4oVZAyL8pkDH7oQL9gW3wm8K2XxMufGsPhnw/F4yvbFdLuNeTToV1Oe0V962
zXIXzWhDgMIy20HnGaAOgooooA8p/bt/5Mk+MH/Ylax/6RTV+Dn/AASzGP8Ag0u/aw99ev8A/wBJ
9Lr94/27f+TJPjB/2JWsf+kU1fg9/wAEtRj/AINLP2rj667f/wDojS6AP0x/4Ncf+UJ3wm/666r/
AOnG4rtPjp/wQa+Bf7Qcvxlk1v8A4S6CX44+ItI8Ta69nfW6NZ3OnK4SO13QNsim866Myv5hY3c2
0pldvwX/AMEFv+C837K/7Fv/AAS8+Hnw5+JPxMfw/wCMNCkv2vbEeH9TuvJEt7NKn7yG3eM5R1PD
HGfWvsT/AIijv2Hf+izSf+EprP8A8i0Adp+1x/wQo+C37bPxg8Z+P/HOqfEuTxf4qg022sNQ03xL
JYDwmlhzALGCNRA373dMftcdziR2ZNmcV1Hin/gkF8KPGvifw1ruqzeJr3xB4S+KT/FvTNUa4tlu
rfVJHiea2BWAD7FKYYt8WNx2KQ4KqR5H/wARR37Dv/RZpP8AwlNZ/wDkWj/iKO/Yd/6LNJ/4Sms/
/ItAHX+HP+CIPgvw34F+LvhCP4tfHK48D/GaLWhq/hmbV9NbTNPm1Wfzrm5tEFgHSZWyEMjyKFY7
lY817B8Gv+Cdvwy/Z8+Oen+P/BulzeH9Vs9H1fSZ7W08qOz1J9TvLC7vL2dRHua6eXToPnDqu1nG
w/KV+cP+Io79h3/os0n/AISms/8AyLR/xFHfsO/9Fmk/8JTWf/kWgDwb/g83/wCUbngn/se7X/0m
uK+Uf+Dp3/k3z9gL/sBT/wDpNotXP+DmT/gsx+zl/wAFC/2KPCvg/wCEfxAbxV4i0/xbb6lPanRN
QstlusEyF99xAinDOowDnnpVP/g6d/5N8/YC/wCwFP8A+k2i0Af0N+GP+Ra07/r2j/8AQBV6qPhj
/kWtO/69o/8A0AVeoAKKKKAPy/8A+DjHx3b/ABF+J37HfwBtriH+1viT8Y9J1i7QuMx6dYyCOUsv
oWulYephIFfqBX4Bf8FGvhH4m/4Km/tAftLftYfDfWbyfw/+yFYaZpnwzv7aTFrq+p6Rcx6nq88W
PvrCv2gKy8SGSEqTtwP3I/Zu+Omj/tO/s/eCviL4fk8zRfHGiWmt2fzbmjjuIVkCN/tLu2sOxUig
DtarazrFp4d0i71C/uYLOxsYXuLm4ncRxQRopZnZjwqhQSSeABVmvz1/4LD/ALUza3c698L4Lq5s
fhl8PfD/APwm3xs1WBihl0gh/sXhqNxyJtUkjZJMEFbZX/56gEA6v4G6DP8A8Fbfiz4e+NPjDQ5b
X4CeCbtr74XeHdTiZZfFV8rFV8T3kDABYQmRZQuCQrvOwBaIL9A/tKfsS+Cv2sPH/wAPde8ZJqF6
vw6n1SW20xWiOn6qmoabPptzDdxvGzSRGC4kwqMh3YySMqf58vgb8SP+CkX/AAXNvda8XfC3xXqf
w/8Ahzo9ybKwttK1RfD+kWQXAW1gMe15jGm0E8446dK9D/4ctf8ABVL/AKLxr3/hxrn/AOKoA/Tz
wN/wb5/Bz4UfDPwT4a8JeKPiP4fPgOLV7Kw1JZNJ1G7nstTuhdT2kq3thPAUSVVMcixLPHjiXJJP
b/Fv/gjj8OvjBovxo0m88V/EbTNE+ON9pus6xYade2MS6TqlgbTyNSsJWtGnhuP9Ch3b5JIz82Iw
TkfkZ/w5a/4Kpf8AReNe/wDDjXP/AMVR/wAOWv8Agql/0XjXv/DjXP8A8VQB+qPwk/4IE/AH4O/F
3xr4usoPFmoHxx4Em+HFzpF/qUcmmado01tb280NrGkSvCzrAzMwc/NczkABwF1PC3/BFb4eaR8R
dB8Z6144+KPjHxroPirQvFQ13Wb7T/tV6+i2N3Y6fZSpb2UUP2ZIr2ct5caSyO255WOc/k1/w5a/
4Kpf9F417/w41z/8VR/w5a/4Kpf9F417/wAONc//ABVAH7EeC/8Agkt8NPh3+2Fc/HXRNS8Xab8R
NQ8S6l4hv72C5tVTU4b+xtbSbSrgfZ8y2CmzhnjjZjJHPvdZBuK0z45f8EsNE+Of7begfHib4sfG
bw94p8MWsVjpumaRqenjSLO3DAzxxRT2UskQuQNs7Ryq0inbuAwB+PX/AA5a/wCCqX/ReNe/8ONc
/wDxVH/Dlr/gql/0XjXv/DjXP/xVAH9FFfEnxR8Man/wSl+N+t/FnQrx5/2cfHmqLc/EHw67fL4B
1G5lVH8RWIxxZySMDeQD7pdrhcgSLX5Zf8OWv+CqX/ReNe/8ONc//FV51+0Nbf8ABSL/AII6aFb+
Mvix4k1P4m/Ca/kGm+INP1XWE8RaNqNvODHJaXaS7njSVGZN2APmxntQB/TTZ3sOo2cNxbyx3EFw
gkiljYOkikZDKRwQRyCOtSV+dH/BCv8AbA0rxB4H0v4cw67cXvgvxNow8XfCM6jM0l3Boqv5F9oD
SNkyy6TdARglixtri2OSEbb+i9AHgH7G/wDycV+1j/2VWx/9QfwpXv8AXgH7G/8AycV+1j/2VWx/
9QfwpXv9AHgH/BSz/k3Xw5/2VX4cf+pxoVes/Gr4vaH+z/8AB/xT468T3YsfDvg/SrnWdSnOCY7e
CJpZCB3bapwO5wO9eTf8FLP+TdfDn/ZVfhx/6nGhV5t/wU8s5P2l/jZ8CP2cLdGudN8deID408bR
H5oX8N6G8U8lvMO6XN/Lp8OOhUyDpkgA+PP+CmPwX1X4Jf8ABub8afG+vvOvxN+PF3p/jfxrO5Pm
w3F9e2bR6cp6iCztxDaovTELHA3kVzf/AASQ/aUv/wDgnX/wat3Pxm8G6HoV/wCJ9LvNV1OSHUop
Gtr+b+1mtQZfLdHOIkQDDD7or6s/4Ohhj/gif8Wx6Npn/pwt6+DPgdx/wZRa9/1y1T/1IJKAOL8C
/wDB1p+218UPDkOseG/2bfBev6TcFlivdP8ADWuXNvIVOCA6XRUkHg4NbH/ETn+3x/0ap4f/APCQ
1/8A+Sa++v8Ag1XQH/gjF8PiQCf7Q1Lt/wBPLV+i/lr/AHR+VAH893/ETn+3x/0ap4f/APCQ1/8A
+SaP+InP9vj/AKNU8P8A/hIa/wD/ACTX9CPlr/dH5UeWv90flQB/Pd/xE5/t8f8ARqnh/wD8JDX/
AP5Jo/4ic/2+P+jVPD//AISGv/8AyTX9CPlr/dH5UeWv90flQB/Pd/xE5/t8f9GqeH//AAkNf/8A
kmu2/YN/4Oe/2kf2gf8Agot8M/gj8SfhJ8PvBcXjLWIrDUF/svU7PUrWKSNnDos9yQCQBgshBBr9
2/LX+6Pyr+er9tQY/wCDy/4Xj/qI6H/6QGgDZ/4KBaBZ/CP/AIO//gne+HreLS7jxHa6Xe6i0C7P
tU0sd7BI7Y6lo40B9dor9N/hn4Xuf2If+Co+s+GNPVl+GP7T8F94ssoP+WejeL7KOI38cYHAW+s/
9KIOT5tnORwxx+an/BUr/lbq/Z4/7BWjf+h6hX6qf8FdvBviLUP2M9Q8beC4GuvG/wAGNVsfiNok
Kkh7ltMmE13bDHJNxYG8t9o+8JyvQkUAfTtfl1/wcZW8n7Rnxi/Y8/ZnkZhofxl+JP8AaXiAR5Mk
mn6YsJmiI6bWS8duf4oVPY1+kvwm+KGjfG74WeGvGfh26+3eH/FulWus6ZcYx59tcRLNE+O2UdTj
3r89v2+VS7/4OP8A9g+K45ih0LxpLEH5Qyf2TP0B7jAPHOQPSgD9KVUIoUDAHAA4AooqjpHijTfE
Fzdw2Go2N9Np8pgukt50la2kBwUcKSVYehwaAL1FFFAHk37etwlp+w78Y5ZXWOOPwTrDMzHAUfYZ
uSa/nM/4Irf8Fsf2e/2J/wDgnR40+Bfxu8EeKvGlj4y8RXOpXlpZWcM9lc2skFqgjffKhzugJxj0
5r9dP+DpL9rNf2ZP+CTHjDSra6e31v4n3EPhSyCHDskpMlxj2MEcin2eul/4I0f8Ervht8DP+CaP
wm0jxp8M/AmueLL7Rk1fVbrVdAtLy6M12TcbGkkjLfIsirgnjbjtQB+Wn/D0z/glJ/0abq3/AIJL
b/5Jo/4emf8ABKT/AKNN1b/wSW3/AMk1+9P/AAwn8EP+iN/Cr/wkrD/41UGofsTfAfSbfzrv4R/C
O2izt3y+FtORc+mTFQB+Dv8Aw9M/4JSf9Gm6t/4JLb/5Jo/4emf8EpP+jTdW/wDBJbf/ACTX7qf8
Mnfs6/8ARNPgr/4Tumf/ABuj/hk79nX/AKJp8Ff/AAndM/8AjdAH4V/8PTP+CUn/AEabq3/gktv/
AJJo/wCHpn/BKT/o03Vv/BJbf/JNfup/wyd+zr/0TT4K/wDhO6Z/8brRtP2H/gXf2yTQfCD4TTxS
DKvH4V09lYexEWDQB+Da/wDBU7/glIrAj9k7Vsjkf8SS2/8AkmvA/wDgvf8A8FkPhF/wU0/4UFY/
C/w/4o8OaV8JnvYp4NVtooUSCX7CsKRBJHyFW1YHOP4etf0yf8MJ/BD/AKI38Kv/AAkrD/41XxH/
AMHD3/BMX4e/EL/glH8SdQ8DfDjwT4f8T+CoI/Etvc6PoVrZXDRWz7rhN8SKxXyTIxGcHaKAP0Y+
HOuW/ib4e6DqVnIJrTUNOt7mBxyHR4lZT+IIrZr4w/4N9v2n4v2rP+CSnwg1k3BuNR8P6SvhnUNx
y6zWP+jjP1jRDz1BBr6i8afH7wL8N9UFh4h8aeFNDvyu4W1/q1vbTsO2Edgxz7CgDraxviN4Esvi
j8Pdd8M6lJfxad4i0+fTLp7K6ktLlIpo2jcxTRkPG4VjtdSGU4IIIrl7X9pbQNXnWLS9O8aavJJ/
qnt/CuorbTe63MkKW5Hv5mPeofiD8fr74eeDr/Wb7wN4lt4LJAcz3NhtkdmCxxqIriSR3d2VESON
3d3VVUkgUAcl+zB/wT0+Hv7IX7EcPwE8HW14ng2PTLzTppb11mvL83Yk8+ed1VQ8jmRicKABhQAo
AHyp/wAGrXxM1LxX/wAEndO8IawxbVPhF4t1nwXcksWbMU4uwpz2VbxUH+ygr9C/BGq6prnhDTb3
WtKXQtVurdJbrThdLdfYnIyYjKoCuV6Er8uQcEjBP5q/8G6R/wCEb+Of7eHhWHix0L496zLbqvCq
JJpkwB2+WBPyoA/Qf9pT4+6B+yv+z/4y+JHimcwaB4J0i51i9IIDyJDGX8tM9XcgIo7syjvX5if8
FEfhP4r8Bf8ABuz8bPGXxDXyvin8ZDF438XRBSv9nXF1JbLBpq5+by7OzitrUAk8wMf4jX2T+34N
L+Pv7QfwH+A90PtsPiLxC/j7xHZEB4pNG0JVnRZl6FJNUl0tNrfKyrL124rz/wD4OTv+UMfxn/68
bf8A9KY6APhv/gn58YfE/wCzl/waBa3418D6zd+GvFejnVriy1OzIWe3k/tpk3AkEZ2kjkdK+X/2
Jrj/AIKqf8FA/gVbfEb4b/GjxDf+GLu7mso5bvXbe2kMkRAcbDETjkc175+zUMf8GWfiz3h1X/0+
NX1z/wAGjn/KHHQf+xm1X/0OOgD4m/4Ys/4LJf8ARW9T/wDCntv/AI1R/wAMWf8ABZL/AKK3qf8A
4U9t/wDGq/oRrg/hV+1N8Mfjv4o1vQ/A/wAR/AfjPW/DL+XrGn6Hr9pqN1pTb2TbcRQyM0R3qy4c
DlSOoNAH4Vf8MWf8Fkv+it6n/wCFPbf/ABqj/hiz/gsl/wBFb1P/AMKe2/8AjVfv3478faF8LfB+
o+IvE+taT4d0DR4Wub/U9UvI7Ozsol6ySyyEIijuzEAVx3xb/bH+EXwAsNBuvHnxU+HHgq28UxNP
os2veJbLTY9XjURlnt2mkUTKBLESUyAJE/vDIB+Gv/DFn/BZL/orep/+FPbf/GqP+GLP+CyX/RW9
T/8ACntv/jVf0GWN9DqdlDc200Vxb3CLLFLE4dJUYZDKRwQQQQR1qWgD+ZP9teb/AIKq/wDBP74F
3PxF+JHxo8Q2Hhm0u4bKSW0123uZBJKSEGwRA44PNfY37Qfxq8VftL/8Gcms+NvHuuXvijxZrOi2
097qd6Q09w6+I4Y1YkADIRQvA6Cvcf8Ag7d/5Q6a/wD9jJpn/oUlfMuo/wDKklN/2AIP/UnioAu/
8Egf2e/EPxU/4N/Pht8Q/h+jN8YvgR4m1jxj4JwCTqMkUsou9JfHzGC+tjLAygj5njbPyCv2c+Cv
xX0r48fB3wp440KXztF8Y6Paa1YPkEtBcwpNHnHfa4r8/P8Ag02/5QzeDf8AsNar/wClTV7R/wAE
y9Un+BHxk+Of7OeqyMrfD3xLJ4t8II3CP4Y1uWW7t44s8lba8F9bEDhRFEOhFAHoX7G//JxX7WP/
AGVWx/8AUH8KV7/XgH7G/wDycV+1j/2VWx/9QfwpXv8AQB4B/wAFLP8Ak3Xw5/2VX4cf+pxoVc9+
z1qtr8Zf+Cm3x88UIizx/DPR9C+G9lOvKJO0cusX4B7sft2now7G2A65rof+Cln/ACbr4c/7Kr8O
P/U40KvPf+CJi/8ACY/sr+MPie3DfG34l+KPG0anlkt5NSls7RSe+LSzt8e2KAPPf+Dof/lCh8W/
9/TP/Thb18G/BEY/4Mo9d/646n/6kElfeX/B0P8A8oUPi3/v6Z/6cLevg/4KjH/BlJrnvBqf/qQS
UAfbn/Bqt/yhi+H3/YQ1L/0pavrH/gojpPxO139hn4q2fwauZbT4o3Hhu7Xw5JDIsc/2ryzhYnb5
UmZdyxsSArspyMZHyd/warf8oYvh9/2ENS/9KWr7J/bO/ao0P9iP9lnxv8WPElnqWo6L4G019Rub
TT0V7m5wyqsabiFBZ2UZJAAJJ6UAfnj8LPFPij4Ifs7+Gr34E/Df9rT4c6feeM9Bg+LFx4w0XU/E
PiKKya2u/tt5pdlqP2wzyiYWy3EtpbPGyuhjRijGPyr9rnxt+3J8ffgd8D722+E3xTvfij8KvC7/
ABD1W90hbfRbKfWP7XU2Fvd28jxLeyf2VZXH2iwtA7iXUox5YKiM/UP7b/8AwUo+MPwF8eeFLFtI
8PeC01f4W+P/ABfd2lvcJ4h23GkaRZ3tjIspSDOySeRXiIVXKcOUKuey8Cf8Fl7Xxj+0Xc/DzTvh
f8RPEFl4d1CDQNf8VWeiXx07Tr99LS+8yWRLZrSK23SRQZkulm8yZCIGiIlIB82/Ar9iz40ftf8A
/BXHxp8cJ5vF3wq8DaT4l8J+JNPi8QQeILDVbq0/sOzmutMtYDcw6eYXlElrdia2lkRmlUFHBWv1
wr81tU/4LyeIfHP7PWp6/wCEPhppGk+Kn8H+E/HukwazrMl5YT6XrWtLpjJMYYo5I7iNhJ8q7kwy
vuODGf0e0Ca/udCspNVtrSz1OSBGu4LW5a5ghlKjekcrRxtIgbIDGNCQASq5wAC3X89P7a3/ACuY
fC//ALCOh/8ApAa/oWr+en9tb/lcw+F//YR0P/0gNAHS/wDBUr/lbq/Z4/7BWjf+h6hX73XNtHe2
8kM0aSxTKUdHUMrqRggg9QR2r8Ef+CpX/K3V+zx/2CtG/wDQ9Qr98aAPmX/gktHbeDP2ULn4awSv
I/wV8V654BCucvHa2V/KdPBzzltOlsX/AOB+nNfLP/Bdu/k+AH/BQv8AYI+OEpEGh+HPiFd+DtXu
X4jt49XjgiV2PYLFHdsfUD2r6D/Y9uJPhp/wVO/ay8DzMY7XxOPDHxI0yL+Fhdae2l3TD387SFJP
/TQeldB/wWK/YMP/AAUi/wCCevj74X2ZtovEt7bx6l4cuJztS31O2cSwZb+ASbWhZucJM5oA+na8
G+N/wV8HeFfiXH4y8QeDvCviLw34guYrbX31LR7e7m0i5cRwQX8buhcRHbHFMuSqjy5hsCTmTzP/
AIJnf8FRNE/bG/Yg8E+IkttQ1D4nRq3hvX/CkbxjVINaslSO98xXZVjhBKzGWQqqpPGD+8ZYz674
4utE+H/iTw34s+L+r2kdxqeu2uieG7FFmn0XRL+4JS3+bywGuZZB5a3VwqBXkjiiEbSkTAHSwfsx
eGtMlWTTLvxho5jOYorLxVqcVrD/ALtt55gA9vLx7VqN8NtcjQmL4geKt6j5BLa6a6Z7bgLUMR9G
B966+igD8NP+Dkf4O+M/2lf+Cg37GHwX1rxRpviWy8X6/cyTaZp2iSWD2tsLizWS5mY3EwlJh+0c
qsYQRMcHccfuPaWqWNrFBEoSKFAiKBgKAMAflX5M/tY/tJ/Bv4Tf8HJmneMvjH8Q/DvgjSfhL8Jb
Wz0ePVZWAutSvru7dnQKpwVt5Rk+y+tfVf8Aw/3/AGNv+jhfh/8A+BEv/wARQB9f1+I3/B5D+0hd
w+Evgd8EdK1gaXc+NddbWL9xceSIooitvCztkbU3zyHJOPkPpX31/wAP9/2Nv+jhfh//AOBEv/xF
fBn/AAU10j/gm5/wVS+Plh8QviB+1XFYappukRaLb22laksdtHDHJLICA9ux3FpWJOfSgDy2H/g2
3/ZV8pPM/byhMmBu2+I9Hxnvj/SOlO/4ht/2U/8Ao/KP/wAKPR//AI/XB/8ADrb/AIJQf9Hbar/4
N4v/AJFo/wCHW3/BKD/o7bVf/BvF/wDItAGv8Zf+Ddn9m7wh8IvFGreGv24bTWPEWl6TdXemWE3i
XSRHfXMcTPFCxWfcA7gLkc819tf8GjH7VFx8ev8AgmA/hTUr5rzVvhfr1zpB8yQvILabFzCTnkjM
kgB/2SO1fB3/AA62/wCCUH/R22q/+DeL/wCRa+vP+CVfxS/4J3/8EjbzxnJ8PP2pdP1WLxwlqt9B
rOoCWNGtzL5boEgXBxM4Oc8YoA/YKsjx/wCCrH4keBda8O6pEtxp2u2M2n3UbDKyRSxlGB+oY18r
/wDD/f8AY2/6OF+H/wD4ES//ABFH/D/f9jb/AKOF+H//AIES/wDxFAH5Yf8ABqrp9jpP7XHx6/Zr
8dWEGv2PgiW/1O00jVkNzaQz219DZTSCB8xFzuTLFN2FXB4r99vBfw90D4b6WbHw7oej6DZFt32f
TrKO1iz67YwBn8K/B39g34wfDK5/4O2db174S+MtE8ZeD/jL4d1KZLvS5GMSXTWYu7iJgQPmElk7
Y9GBr9+qACvKvGHiB7j9orS9P8URvpnhiwhhuvD88iKbTWNUYyI6yS8iOSFGTyoX2mRpXdfMMQ8v
pfCH7QfgT4gfEzxD4L0Lxl4Y1nxd4S2f21o1lqcM9/pW4Ar58KsXjyGX7wH3l9RXzV4F/wCCmth8
W/j7f/DXx58I/GHhvwh4rv7jQ/Dmp654fvzbeI8PDFHHNFNaLBtu1a7niWOaYrbWU8lwtvtwQD7F
r8vv+Db6T/hM/iZ+3F44h+ew8UfHvW1tpB9x1jkeUAfRblPzFfcfib/hLP2Y/BGtXeg6ZqnxB8Na
ZayXVnpEdw0+uWG1CTDC0rH7ZFnBVGdZkAZUM+Y4l+U/+DX/AOBOqfBb/gkh4Vv9ejmh8RfELXNW
8VapHMhSZJpbprceYDyHMVtESDyCcHkUAem/snaVN8bP+CpP7SPxRvEMlh4Ct9I+EnhuXoqpDbpq
2qEDuWur+CMn/p1A7YHJ/wDByd/yhj+M/wD142//AKUx16v/AMEpbyDxd+yZL43hXH/CzfGHibxe
G6lobzWrx7UH1K2gtkz/ALFeT/8AByc4P/BGX4zrkFhYW5I7gfaY/wDA0Afn1+zcMf8ABlp4r94N
V/8AT4a+t/8Ag0c/5Q46D/2M2q/+hx18lfs4jH/Blr4q97fVP/T2a+tf+DRz/lDjoP8A2M2q/wDo
cdAH6LfGDwRP8TfhL4p8NW2oTaTc+IdIu9Mivov9ZZvNC8ayr7oWDD3Ffmv4M/4J/wD7Q9p+wxbf
CTT/AISfBv4Vax4DstH0yfXvCHiyS3n+KVhaXcDX9j50VlFc6fHewQMXeSV3eSVA+1TIV/Sr4t+M
pPhz8KvE/iGFbWSbQdJutRRbqR44GaGF5AJGRWZUyvJVWIGcAnivyV8If8F+fjb4h+EUU93Z/B3S
9XbxXF4f1HxndWcJ8BaIX0uS9WFNRg8QTWl67uqxed9uthGxKPD5uIyAen/Hj/gnx+0p8bP2INL+
BVhb+D9M8O+JfHs3iPV4vEmt3GsWWheHUv7q+tvDrtG8d1dJvisFdkdQscskSMEjVqzvhn/wR5+L
/wAaPh38BfAfxu8QRWOmfCHwd4v8Balrvh1tMvrjW9PubjSo9LKx6jZ3SxB7K1kV3VFnjaFSJFLn
Nr9lH/grb8fP2vv+Ci6/A/TR8EvDllb/AAp034gS6rHo+oa7Fd3Uj2C3EMEyX9urW0n2qQwyhG2r
5bYlH3uZ0z/gvJ8bfFf7O3i7xnZfDXwppJ+HWpaD8PvF95qNnd/YfDfiqW5uI9au5gbiPGmWSJa4
R5Y2DXil7lVUmgD9P/gd8HdE/Z4+C/hHwD4ajuIfDvgnRrTQdLjnmM0qWtrCkMQZzyzBEXJPU11N
fn7+yX/wUp+Lf7SX7T/wk8ASX3wbbT/FHgfWfF+tazoVncataan/AGd4hj03ZYSx6gYokmtmLbi9
0sUucPOi/N+gVAH5lf8AB27/AModNf8A+xk0z/0KSvmXUf8AlSSm/wCwBB/6k8VfTX/B27/yh01/
/sZNM/8AQpK+ZdR/5Ukpv+wBB/6k8VAH1N/wabf8oZvBv/Ya1X/0qavoT9ojwgvwy/4Kg/AH4mW5
EC+NtK1v4WaxIx+WYPbnWbAH0KyabeKp7m529Wwfnv8A4NNv+UM3g3/sNar/AOlTV7z/AMFldek+
Gf7Jeh/EhMt/wqf4g+FvFc6rwz2sesW0F2Ae2bW4nyfTNAHY/sb/APJxX7WP/ZVbH/1B/Cle/wBe
Afsb/wDJxX7WP/ZVbH/1B/Cle/0AfL3/AAWJ8VnwJ+w7LrgYq2jeP/Ad8G9PK8ZaK+f/AB2tP/gj
/wDD8fDD/glf+zzo+zZLH8P9Gup19Jp7OOeX8fMlauB/4OALxtO/4JW+N7hcloPEXhCQY65HirSD
Xv8A+xTpi6L+xr8JLJCGS08GaPCpXoQtjCBj8qAPkn/g6H/5QofFv/f0z/04W9fCHwYGP+DKXXPe
31L/ANP8lfd//B0P/wAoUPi3/v6Z/wCnC3r5y/4JS/se6p+3t/wasaT8JdG1az0PU/GP9q28F9dx
tJDAV1qaTLKpBPCEcetAHvP/AAarf8oYvh9/2ENS/wDSlq/Qbxh4O0n4heFNS0HX9L07XNE1i2ks
7/T7+2S5tb2CRSrxSxuCroykgqwIIJBr+fbwp/waK/tL+BNFj03Q/wBpq10bToSTHa2Muo20CEnJ
IRJQoyfatL/iFG/au/6Ovn/8DtU/+PUAftJpv/BPX4I6Ro9tp9v8MfCSWlnp+oaVDGbIMI7TULeO
2vYATk7JoIYomHQpGi9FArUuf2J/hHefFOPxvJ8OfCLeLYkhT+1RpsYuX8mFoIWdgPneOF2jR2yy
odoIAAr8R/8AiFG/au/6Ovn/APA7VP8A49R/xCjftXf9HXz/APgdqn/x6gD9qo/2A/grF4Yn0Vfh
j4P/ALKufD9r4Ultf7PQxPpVtM09vZ4/55RTM0iD+FjkYNeoeGPDVj4M8N6fo+mW6Wmm6Xbx2lrA
hJWGJFCogzk4CgDn0r8Bf+IUb9q7/o6+f/wO1T/49R/xCjftXf8AR18//gdqn/x6gD+giv56f21v
+VzD4X/9hHQ//SA1e/4hRv2rv+jr5/8AwO1T/wCPV6B+wb/wa1/GL9mb/goB8NvjR40+M+ieMx4K
1ePULtJobqW8u40RlCCWV26ZGM8ACgDlv+CpX/K3V+zx/wBgrRv/AEPUK/cLx/8AGvRvhr428NaH
qrTQy+J2lWC42gQW+x4IgZWJG0PNcwQr6yTRr/FX4e/8FSv+Vur9nj/sFaN/6HqFftB4i8M6f8VP
2itZ0bWrSG+0zSPBS2sttKu6O8i1a6lWdHHoBpUYH/XRqAPEPEGfB/8AwXo8M3DZWLx18DNQscj/
AJaS6ZrtrMgP0TUZufevfNf+Keq+O72TSPh4thfSxSyW9/4huQZdL0h0bY8aqrA3VwHDL5UbKqFH
EkkbBUk8o139gTUvij+0l4K8b+LvFt+bT4a6HqfhfTo7G5Y3niiwvns5HbUZWRTE4+yJGywHMvzu
ZFEhhTyz4q/tX/HPxf8AtB+NPhN8E/h7D4T0/wCEMFoL1poYGudSsJmt44msIpUSzjZ4XupbT9/I
jNpdxFcRwF02gHVfEj4ofAf/AIJQGSy8Naf4Tg+JXxM1pr/UNNtRbxeI/HV4ZYnumBBjWW9c3iPF
AzIGa4CwoS6xnxTxR4J8RfHvWPC/xJ/aL8X6p8O/DIjuraPwhLqcVufHhkmeWG3021FyAtu9r5A2
XMH9oNJ8222mhhkTpte8B+FP+Caes6p44+Mvje5+I+t+NRpusaXod/HJdppOs6ck0c9+t0wMiaYj
XNgPPvhL9jMduzzkRxFH/Dz4N+Ov2/dLHxS+ObXHw30LRJLe+02yubPUNE1TwhLYmWYX1kZbryra
cmURzXTxSb0t54kea1uFYAGj4y/as+K/7eXxStvC/wAEJtV8E+F9DvLmabxdbTW9ybqNY5FsLyWK
eEpJYyzLBOkUMjNe2dz5qTRNC8Lfa3gf4k6J45n1Gx03XtG1rUtAlFpqqWE6v9kuBkMrKGYp8yuM
Ekgoyk5VsebfD3wHN4z8CW3h7w3o938KvhjZDy7G0sIjpmq6pCzMz7YwofT4XLE5+W6Yux/0Zly+
/wCPvhv/AMK9tdL8TeCtDhOp+E7L7ANJs9tuNV0wEFrJBwnmJjzIN2AJAU3RpNK1AH4V/tufGv8A
Y+8U/wDBcj9oOy/a98F6/c6FcPpdn4R8RQvfpDbrZ2MVrdRMluyl42uY5sOqthkdTWj/AMaTv+n7
/wAuOv1z0v8AYL+Ev7Yf7OnhK5+Lvwv8O+Kr/VoJdfki1zS9t5p02ozSX81vlgsseyW4dShIwV5A
Ncz/AMOB/wBjb/o3vwB/4Dy//F0Afll/xpO/6fv/AC46P+NJ3/T9/wCXHX6m/wDDgf8AY2/6N78A
f+A8v/xdH/Dgf9jb/o3vwB/4Dy//ABdAH5Zf8aTv+n7/AMuOj/jSd/0/f+XHX6m/8OB/2Nv+je/A
H/gPL/8AF0f8OB/2Nv8Ao3vwB/4Dy/8AxdAH5Zf8aTv+n7/y46P+NJ3/AE/f+XHX6m/8OB/2Nv8A
o3vwB/4Dy/8AxdH/AA4H/Y2/6N78Af8AgPL/APF0Afll/wAaTv8Ap+/8uOj/AI0nf9P3/lx1+pv/
AA4H/Y2/6N78Af8AgPL/APF0f8OB/wBjb/o3vwB/4Dy//F0AfiJ+yVf/AAa8W/8ABev4Q+Jf2Nfh
94i0f4UfDK5jk8U65cS3UiS29wzWtzdv57MYoRHcbApwzDccen9Lnj74m6L8MrOzm1i6miOoXH2a
1hgtZbu4uZNjOQkUStI21Ed2IUhURmOACR5hB+xF4A+Cf7LvjfwH8KPBPhrwTB4g0S9s44dKsUt/
Nnkt3jjd2HzOQzDBYkj1rofgXp198R7iD4l+I9Hv9D1rWdPFvpekX3+v0CwdhJ5br/BcTlY5JhwV
8uGI5MG5gD5W+Nf7JHj74UX2iePP2cPEsWo+Grm+17xRJHGunXkttcaveWd9cSwzfYprm9sZfLvZ
HtY5fPklktUjkEccYhreLvjb8Lv+Cmnguw0zxR4RlsPjP4TubyXQfAt94gt4ZNbubKaGaWK2ud3l
vbtd2bQPOgSUnT79EJijm3xeKfjV4+/Z2/4LqL8KfCF9o7eCfjB8N5fGkPh/U42itBr9pdyRXDQS
xgtbG4t0VpHEcoMgLmNmJJ9N/aP/AGWtC/bg8NatqXgXW9V+Fnxe0i7t7rUJrRxpmrQXSRmAJdyR
o0oJsnvbWC7j8xEjvZpYfN+U0AeafCX9tv4v/sJXvh34d/tF6dD4oSHw9Zl/Hdgt3DaahqzQsr6f
FLNF5d1JuiWaSYyQlVuLiQwx29nNIn0/LoFl8UvAk3jz4GeL/DC3PiSOS8hv7GdNQ8PeJHKlPMlM
DFTJlQPtMRMimNdwlRPKPynq37TPiDwB4Rg+Cv7QXhU+L7XWf7Z0O/1e3Fx9r0TQYo/s91r13PLG
UNibS+hUXaOXQz+XMS6XLx9z4J/Zp/aD8F/tC22u+FvidJqPgHx9DBPqFxrGhW2n3ugQiT7TK76f
HHFC+oTBRD5xiVi17cvKoFrbQMAdr+wbd2H7F37C3w0+FviuR4fHXw68KWGk6jo8Kl7rVLtFSB5L
INj7TFLcHCSr8v7xQ5jYMq/I3/BwD4f1nwb/AME+fi1qPiGWN/EXxF8Etc6tHFIXt7A6fqln9ks4
WP3lij1O4UsAvmOskm1d5Vf1N1Dw9YatqNheXdjZ3V3pUjTWU8sKvJZu0bRs8bEZRjG7oSuCVZh0
JFfnZ/wdP6HJP/wSc8T6vECo0q7SO6kHa3niliCH2a4Nt+KrQB8Z/s7DH/Blt4p97bU//T2a+h/+
DUr49+Bvh/8A8EitD07XvGnhPRNQTxJqbta3+r29tMFLpglHcHB9cVhf8EYP2WNO/bn/AODZLSvh
FfeI18Mx+M21W0e/VFmktQNVkk3CMsM/cx1HWvEv+IJrwh/0cVqH/ghg/wDj9AH7X/8ADWHws/6K
X4A/8KGz/wDjlH/DWHws/wCil+AP/Chs/wD45X4of8QTXhD/AKOK1D/wQwf/AB+j/iCa8If9HFah
/wCCGD/4/QB+1/8Aw1h8LP8AopfgD/wobP8A+OUf8NYfCz/opfgD/wAKGz/+OV+KH/EE14Q/6OK1
D/wQwf8Ax+j/AIgmvCH/AEcVqH/ghg/+P0Aftf8A8NYfCz/opfgD/wAKGz/+OUf8NYfCz/opfgD/
AMKGz/8Ajlfih/xBNeEP+jitQ/8ABDB/8fo/4gmvCH/RxWof+CGD/wCP0AfRv/B1f8e/A3j/AP4J
G67p2g+NPCet6g/iLTXW1sNXt7mYqGkyQiOTgeuK8R1H/lSSm/7AEH/qTxVgf8QTXhD/AKOK1D/w
Qwf/AB+vo/8A4Kf/ALJmm/sC/wDBrx8Qfg7Y+Jl8UR+DtJsrePUHjSCS68zX7abJjDNjHmEcE9KA
O2/4NNv+UM3g3/sNar/6VNX03/wWA8AD4nf8Er/2htH2+ZLJ8P8AWbqBfWaCzkni/HzIlr5k/wCD
TY/8aZvBvtrWq/8ApU1fbn7a2mLrX7GvxbspCAl34L1iFiegDWMwOfzoA8b/AOCVnxBb4tXHx28V
M5kbxN400HVi394z/D7whLn/AMfr6xr4N/4N+dTfWf2XvFd5IGD3dz4NmYHggt8M/BZP86+8qAPk
D/gu9pba3/wTN8U2SqXe88VeDIAo53FvFmjrj9a9f/4J6a8nir9gT4HapHJ5qal8P9Bulcchg+nW
7A/jmuW/4KjaTDr/AOy5o9hcgvb3vxP+HcEo9Vbxtoakfka5b/ghh4iudc/4JO/BW0vX3ah4X0aT
wtdr0aKbS7qbTnQjsVNtjB9KAPnn/g7c+Mtn8Mv+CP2v6NOVa88da/puj2qk85WU3Tt+CW5/Ovy2
/Ym/4IKft9/En9ljwX4m+HPxi0/wR4L8S2C6rpWjt451XTntYpiXy0EMDRozEljtJzuz1NfRv/B0
z471D9sz/gpL+zp+yxoMvnK93Bd38UfzFLi+mEQLgdkt4y+ewdjX7ufD3wLp3wv8BaJ4a0eH7PpP
h+wg02yi6+XDDGsaL+CqKAP56f8AiHi/4KZf9HH6d/4cvXP/AJGo/wCIeL/gpl/0cfp3/hy9c/8A
kav6Lq80/bA/ay8H/sPfs7eI/ih48uri08L+F445Lt7eEzTN5kqRKqIOWYs44HvQB+Dn/EPF/wAF
Mv8Ao4/Tv/Dl65/8jUf8Q8X/AAUy/wCjj9O/8OXrn/yNX3L/AMRfP7IX/QS8c/8AhPzUf8RfP7IX
/QS8c/8AhPzUAfDX/EPF/wAFMv8Ao4/Tv/Dl65/8jUf8Q8X/AAUy/wCjj9O/8OXrn/yNX3L/AMRf
P7IX/QS8c/8AhPzV6J+yh/wcwfsyftj/ALQnhj4Z+E9V8Tp4k8XXLWmn/b9IktoHlEbOFLtwCQpA
z1JA70Afmt/xDxf8FMv+jj9O/wDDl65/8jUf8Q8X/BTL/o4/Tv8Aw5euf/I1f0XUUAfyN/tpfse/
tJf8EZ/22PgX8Vfjr4wtPG+szavFfWGqWmu3eryeRY3ETTW0ktzGjLlJiAoyCHbpzX9Sf7O2vW/j
/wAU/EHxRbSLdWmp6taW2n3K8rLaRaZZuFX2W4mu/wAS1fn3/wAHe37MC/Gv/gl6PGVvbNNqfwv1
y31MOi5KW03+jzZ/2fnQ/UCvq7/giSL+X/glN8Dr3VbqO81bWfDMGsXcquGLPdlroA47hZVGD0wB
2oA+p6+Pv2iv269Usfjd4z+G/wAPdG0C3+KFhqWi+H7IXk8Mmv61BPD9vubqysZTDHNa29pJcGOa
a7jiNzDdIyjYPO+wa4L4+y6r4R8Fah4m8L6RYXfia0iigku2sDd3cFh56tcGKNCsk7JH5kiQBxvd
QBkkKwB8zfsx/scaX+zrrOj+K/iOX8b/ABo8Vpc6h/YtmqSy+ZcRB7nzTNMyXBs3ub61ivpXQraX
UNqzykRF/pPwr8Jr7xTrkPiTx99jv9XhYPp+jwTPPpWhYIKtGHVRPc5AJuXQMvIjWNS4f89P+CYP
/BXLw34N/wCCaU3xU+L+pjxH8W774k3Xw71uexija/8AEmsyag5sbaJRgJBHaXEZVVxHHHFIVXJI
b9TqACiiigAooooAKKKKACiiigAooooAKKKKACiiigD8kv8Agth+0zpH7D3/AAW0/Yv+Kuv6Z4k1
fR7DQ/Fmn3Vl4fsDfalfmSzMMUUUIK+Y3nXMZxkY5PavQPhT4L/a7/4KWftceD/ip4vttS/ZS+C3
gpJr3w/oVrLaz+NPEjyIUj/tESRSJBAync9rKuAVVTG7BZkn/bj01viB/wAHIf7FmlpmRfB/hPxX
4hulXkxxy2ctvGx9AZUQZ/Cv0P8AGfxA0H4cabBe+Itb0jQbS5uEs4Z9RvI7WKWdzhIlaQgF2IOF
HJxwKAPIPij4c0L4kaBbeDfjXoukm71Rxp+meIra28uwu5TNFJF5Ujl2s7hpord1glYq8kcYR5yu
B49+zd+zH8eP2LfjloXhrw7qPhbxb8Jtbvln1p2sTp66bELFbdmgiErG3kjNlZsMG4N5PqN/LL5A
WMr9MfHbxjaP4ITQLW0sfEOreNkfTtM06WNbi3uldcSzzLnBtYUbzJWJ5XCLmSSNG6fwd4dh+HPg
XTNKfUtRv4NGs47Y3+q3ZuLq4EaBfNmlb77tjLMcZJPSgDYr5R/4Lm/CQ/G3/gkL+0JoYjWaSHwd
d6xGjDO57AC+UD/azbDHvivoKb48+B4GdW8Y+F96EgoNUgZ8jttDZJ9hzXy7+15/wVh/Z5XWdY/Z
/v8AxbqF/wDE74haZNoOneFrfw9qDXV697C8UQ3vCsKK+/O+SRV2/NnAJoA/G/8AZI/4NOvj38bf
2a/BfjK0+OWj+CrbxXpcOrRaK8d9vsFmXeFby2C7sEE4HevRf+IOv9oP/o5zRP8AvjUv/i6/oF8E
aLD4b8F6Rp1vZHTbewsobeK03B/sqpGqiPIyDtAxkHBxWpQB/PN/xB1/tB/9HOaJ/wB8al/8XR/x
B1/tB/8ARzmif98al/8AF1+93x3+MWk/s9fBXxZ4711nGj+D9JudXvAmN7RwRNIyrnA3HbgZ7kV+
TH/Eaj+z9/0Tv4nf98Wv/wAcoA+eP+IOv9oP/o5zRP8AvjUv/i6P+IOv9oP/AKOc0T/vjUv/AIuv
of8A4jUf2fv+id/E7/vi1/8AjlH/ABGo/s/f9E7+J3/fFr/8coA+eP8AiDr/AGg/+jnNE/741L/4
uj/iDr/aD/6Oc0T/AL41L/4uvof/AIjUf2fv+id/E7/vi1/+OV+qn7LP7Reg/tcfs7eDfiX4Z84a
H400uHVLRJsebCsi5Mb4JAdGyrAHgqaAPwk/4g6/2g/+jnNE/wC+NS/+LrmfjP8A8Gg3x98L/CTx
Lqtx+0BofiWLSNNnvzpZivz9v8lDIIhvYruYqAMjGcV/R/TZoVuYXjkUOkilWVhkMCOQaAPxc/4M
sfjw/iP9kD4pfDS8nkN74I8TpqMUDnJhhu4QpA9B5lu/HqT61+ov/BQvXk8K/sCfHHVJJPLTTfh/
r10zngKE064Yn8MV+J3/AASE/wCNZf8Awcx/GD4GyO1h4Z+IEl7a6dHMdquOb6wbJ6sY2ZB6mSv1
g/4Lm+ILrRf+CTvxqtLF8ah4o0aPwtaKBlpZtUuoNORAO5Y3QGPegDkf+CFmhP4W+B3xA0uRDHJp
uq+E7VkIwUKfDbwapH4Yr7fr5y/YQ8PW3hH4y/tQ6TZqUs9L+Jmm2kC/3Y4/AvhNFH5AV9G0AeAf
8FLP+TdfDn/ZVfhx/wCpxoVcL/wS80ub4UfFD9qP4Z3Q8v8A4Rn4s33iLTkHEY0/XbW21WPb7Cee
7TjgFCOxruv+Cln/ACbr4c/7Kr8OP/U40KvmT/gqr+2Pbf8ABL79oXxp8Rb/AG2OmfFf4Q3mn6fP
j5LrxJok8stnASOkk1tqk+CfvC0A52DAB+fP/BKPU5v+Cjn/AAdO/FT4sXCNPo3w9fVrqxZvnRI4
caZa4PQFldpAP970r+iCv5vf+DXP/goX+zF/wT++E3xM8TfGL4oaf4Z+I3jvV44/In0rULqX7DCu
5WLwQOg3SyStjdnpkdK/Vj/iJc/Yf/6LzpX/AIT+r/8AyJQB91V+Rf8AweVfHuH4ef8ABNLw94JS
YrqHxB8V267Acbra0RppD+EhgH419Ff8RLn7D/8A0XnSv/Cf1f8A+RK8L/bJ/wCCmf8AwS0/4KBS
6G/xf+IOgeMz4bEo01bjS/EEK2vmbd5AigUEnavJyeKAPgb9hD9q/wD4JafCr9kTwHoPxW+Gsvi3
4jWOmL/wkGqzeHJJWubpmZ2G4TAELuCA4GQteuf8N5f8Ec/+iIr/AOEtL/8AJFdb/aX/AARJ/wCe
3hD/AMA/E/8A8bo/tL/giT/z28If+Afif/43QByX/DeX/BHP/oiK/wDhLS//ACRXw1+35+1l+yvo
P/BRL4DfE/8AZP0Cfwf4d8HX1le67Yf2c1in2m3v1lEoDO+7fESp5H3Pev0S/tL/AIIk/wDPbwh/
4B+J/wD43R/aX/BEn/nt4Q/8A/E//wAboA/cbSNUi1vSrW9gbfBdxLNGfVWAIP5GrFfAvhP/AION
P2EvBHhfTtG03456ZBp2lW0dpbRHQ9ZkMcaKFVdzWpY4AAySTWh/xEufsP8A/RedK/8ACf1f/wCR
KAPqL9sL4D2n7UH7K3xD+Hl8IzB4w8P3mmKzjKxSSQsI5Mf7Em1v+A1+Ln/Bn3eeD/iL4D+MPwf8
aeEvDuqeI/A+rpqtnc3unwy3tvFJmCZElK+YgWSJCNrDBZjxmv0B/wCIlz9h/wD6LzpX/hP6v/8A
Ilfix/wTz/4KJ/Cn9hH/AILyfHD4ieGvFNtq3wZ8T6d4kvbK6hilto71TG2o20CpKiv5hliECgqC
Wk46igD9yv2GfhprXxO8afHnxA3jr4jaboll8Sb7w74Pgj8RXF5b6XZabbWtlcLHDdmaBg2oQ3xI
eNtpGBgcD0b9pXxH8R/2Xfgf4q8XeHPEmt/EvUPD2lT6pH4duvDNpqWramIgNyWqWklgDjcuch2x
90MxVTxf7H/xH0f9gn9gP4G6N8YvEek+FvHvxAaGCS31SVoW1HxRq8st/cW3yqxDtd3EwZsEA5JP
TOt+x/8As8eNviN4k8O/Gf8AaK8IeFNC+P3hmDV/DdjJ4V1y8n0uPRp7vfGGhZ/LZ2VFOWDtjYxK
P+7jAPkbT/2HdW/Yf0Dxb8ZbX496V8E5P2h/iB4a8VTaJ4g8D2TWmgXsqzPc6ckMhufLvJ3nePzE
YGPyyN7n56/VivDf+Cj37EGl/wDBRH9j/wAV/CvUtQtdDudcSKXTNck00X8ugXsUivFeQx+ZGRKm
CAVkQ4dhnBIPGfCH9iL40/DLxv4Hu9Q/ag8V+LPD3hn4f/8ACL6rpWqeHLZpNf1r98f7ca5WQOhH
mRhYGEh2wLvmkYs5APqWivmT4afsffG/wj4K+COna3+0vq3iTU/h1qt9e+NNRk8JwW7fEe2mmkeC
1kQTkWYgRkQOhkL+XkgZxVNf2LvjwPhBrOgn9qPWD4iv/iMfFlnr/wDwiFv5mn6D+7/4p0Q/aMPH
8r/6SWD/ALz7nFAH1PRXz78RP2Xfi74r1T48TaP8f9T8PQfEuz0u38DQp4ahnHwyltrcx3U0RMw+
2m6kIlKv5flkbQWHNaf/AAzp8UP+Fw/29/wu3UP+Ed/4Vr/wiP8AYH/CPxeX/wAJB5/mf8JJ53m7
vM8v939l27Mc7+1AHt9FfNXgr9kb41+Hv+FDf2n+0jq2tf8ACs/7R/4Trf4Vgh/4Wd5+37N5uJz9
i+z4bGzzN+7nGKzW/Yu+PB+EGjaD/wANR6wPEVh8Rh4svNf/AOEQt/M1DQf3n/FOmH7RhI/mT/SQ
xf8Ad/c5oA+p6K+WPiJ+xf8AHjxVpfx4g0f9qPWPD0/xLvNLuPA06eELec/DKK2uDJdQxA3A+2i6
jIiLP5flgbgGPFaWrfsjfGu++IvjDVrf9pHVrXR9e+GsnhHSNJHhWB00DxA0USL4kWTz8yyK6O/2
UhUPmkb+MkA+laK+cfhp+yb8ZvCHjX4I6jrf7Req+JdN+HWlX1l4006TwvBbr8R7maGRILqRxMTZ
mB2RwiCQP5eCRnIxvD37F3x40rwX8PtOvP2o9Y1DU/C3j7/hJ9f1FvCFvG3irRPOD/2C6C4IgTZ8
n2hSzc52dqAPqeivmD4jfsbfHLxZ8OvjLpWj/tO634c1nx9r8Gp+DtVi8JW05+H9kk0byWCRtN/p
auiunmM0TDzM4ONp7D4gfs6fFDxR8Rfipq2k/G3UNA0fxr4NOgeF9JTw/FOngnVfKkT+2EkMoNy+
9kfyWCL+7xu5yAD2+ivCfBP7NnxU8O/Ez4Raxqnxz1HWtE8C+Ev7D8WaO/h6GFPHmp/Z1j/taSUS
k2r+YDJ5KB1y2N3Ga8/8HfsOftBaF8L/AISaLqX7WOuavrvgfxZ/bfivWz4MtopPHWmeesn9lPF9
oZbVfLBj85TIfmzt7UAeQ/sf6rB+11/wcAftHfE23dZ9E+Avg/TPhHp0mcrNeTXEl/fsuOA0MyPC
2efmHbp9Hf8ABTH4PD46fs/ab4dk+B1l8frW78RWP2rQLnxJFoA0yHLq+ppcSdXt1YkRoQ7FvlII
r58+Bv8AwRP+IP7KP7OXxg8FfCv9pnX/AAp4i+KHxEl8cW/i6fwpBqGp6ZDJgPZz77gLdyOqrun/
AHQLbmES7iK9n+Kn/BO/xH+0F+0L4v1zx58aPGGp/DDU7zSNU8NeBtJg/sf/AIRe8sY41eT7fFKZ
LmOeRZHeJ0Vf3uOQoJAPGvA/7KXhT/gl34hubHW528EfsteA/A1nZ2fjLUviZqNnqkeotqFy72rx
QGPKO9yXwGC7pECBuI4fsTR/2YfhlN9m1FfB/hrWrhgs0Op6hbJql3ICMq/2mffI2Qcg7z1zXT/E
n4Y+HPjL4JvvDXi7QdI8T+HtTVVu9N1Szju7S5CsHXfHICrYZVYZHBUEcgV86eC/EPj39jX4+T6X
8QvF3xD+Mum/HPx3Lb+EItK8IxCw+G9itm0ohvJoACsOUCeY3B2B9qnzmoAl/wCCbfi218NzfHz4
cSeXaT/C74pa2/2bAQQ2eruuvwOB0EZGpyKvYeUQOAK/IP8A4I/WD/8ABUX/AIOVfiz8d5kM/hrw
HPd6hYu43LhAthZBT0DFF8zHs1fXH/Bbf9oa/wD+CY3xR+LnxN0p2tNE/aJ+EzeH4LmE5U+KdNuB
DbOSOFd9N1CYqe/9n98cfFv/AAbE/wDBUj9lv/gm7+y945f4rfED/hHfiJ418Q+dPCNEv7xvsMMS
rADJDC6cyPO2N2fmGRQB/RxRX5+f8RRv7EH/AEWOX/wl9X/+RqP+Io39iD/oscv/AIS+r/8AyNQB
g/8AB1P+0+v7O/8AwSQ8WaXDMY9T+JN5b+GLYBsFkkYyT/h5Mcn6V+Uf/BKD/gp1+wR+yd+xd4e8
JfGH4KP8QPiHHPcXWq6tdeDNP1LcZJCUjSWZ95RE2gcCv0i/at/4LUf8Exv24tA0rSviz4r07xxp
2iXDXVjb6h4Y1vy7eVl2lwEgXnbxzmvD/wDhoP8A4Ipf9ADwZ/4S2v8A/wAaoA57/h+n/wAEu/8A
o16y/wDDb6R/8XR/w/T/AOCXf/Rr1l/4bfSP/i66H/hoP/gil/0APBn/AIS2v/8Axqj/AIaD/wCC
KX/QA8Gf+Etr/wD8aoA+Zf8Agpp/wVW/4J+ftN/sR+OfBnwq+BQ8E/EPVIIX0PWLbwTp2ntazxzx
yEGaF96q6K6HAPD9K/SX/g0Z+O4+LX/BIzStBklMl18PfEOoaKylslY3dbtPwxcGvnT/AIaD/wCC
KX/QA8Gf+Etr/wD8ar3D9lL/AILT/wDBMb9h3QdV0v4TeK9N8D6frc63V9b6f4Y1vy7iVV2hyHgb
nbxkY6CgD9W6K/Pz/iKN/Yg/6LHL/wCEvq//AMjUf8RRv7EH/RY5f/CX1f8A+RqAPzr/AODpCzuv
2L/+CwX7O/7Qmlp5Hn29rLPIg275tOvNzknuTDOg+iiv1w/b1msvjvJ+zX4RtpUlh8d/EzR/EHlk
5D2Wk21xrrOw7p5llbp6bpkHevx9/wCDmv8A4Kn/ALKn/BSv9jvwxafDP4hjxD8QfBmvrd2Vs2ha
haNJazIY7hBJNAiDpE/Lc+XxX1//AMEH/wBo7U/+CkfxA+EvjOU3Fz4f/Zz+EEXhK7mkUhJPE2oT
xpKVP8bR6dp0BY/wm+I4ycgH3X+xv/ycV+1j/wBlVsf/AFB/Cle/14B+xv8A8nFftY/9lVsf/UH8
KV7/AEAeAf8ABSz/AJN18Of9lV+HH/qcaFXif/Bxt+w3cft2f8ErvHGkaPYSah4v8EvF4u8PxRLu
llntQwmiUAZLSWslyiqOrsnpXtn/AAUs/wCTdfDn/ZVfhx/6nGhV7+RkEHnNAH8pX/BHjwj/AME6
fjJ8BW0r9pOTVPB/xL0meQyX9xrF1bWGrW5bMbxlPkR1B2lDgnGRnmvsP/hj/wD4I2/9FGsf/Cru
69M0r/ggJ+zZ4j/4KBfEH4N/FfwdqVpP4olu/H/w01zR9Qk09dV0mSVft2lSbcoZ9PuZhtH3mtp4
T/Acez/8Qhv7G3/QF+IH/hTy/wDxNAHyZ/wx/wD8Ebf+ijWP/hV3dH/DH/8AwRt/6KNY/wDhV3df
Wf8AxCG/sbf9AX4gf+FPL/8AE0f8Qhv7G3/QF+IH/hTy/wDxNAHyZ/wx/wD8Ebf+ijWP/hV3dH/D
H/8AwRt/6KNY/wDhV3dfWf8AxCG/sbf9AX4gf+FPL/8AE0f8Qhv7G3/QF+IH/hTy/wDxNAHyZ/wx
/wD8Ebf+ijWP/hV3dH/DH/8AwRt/6KNY/wDhV3dfWf8AxCG/sbf9AX4gf+FPL/8AE0f8Qhv7G3/Q
F+IH/hTy/wDxNAHyZ/wx/wD8Ebf+ijWP/hV3dH/DH/8AwRt/6KNY/wDhV3dfWf8AxCG/sbf9AX4g
f+FPL/8AE0f8Qhv7G3/QF+IH/hTy/wDxNAHyVN+yJ/wRsghdz8RbNggLEL4qvGY/QDqa/OHwP4G+
D/xZ/wCCs82rfAj4ZeOfFvwT+Fm7xbJ4fs/MvtU8QWWmBZZGIk+ZIribykYEEpFITtLfKf3J1z/g
0w/Yo8HaJeavqlh42sdM0qB7y7ubrxXJHBbwxqXeSRioCoqgkkkAAGux/wCCFX/BND4ffBb4WeP/
AIpWXgXTdE0n46HyvDui3UP2h7PwcqFbGK483JM16jNd3CsSCZ40IHlBQAfRn7HvgjUPjNFqvxd8
QeNtX8beDvio2keMPB/hLX9IsQvw9xZx4iikiL7pg/JYMAjA4y5eR/oyvi/xJreqf8EmtV1PW9Qu
fAXgv9if4f8AhOx07SdC0XRL698Qafq018sZkPlhy8TPPlnJYksvyht8j/Zen30ep2EFzEXMVxGs
qb0aNtrDIyrAFTg9CAR3oAlr5x/a+/4KSeGf2MPitoeg+LtI1Ww0LUra2ubjxNdwXMWkRGe5aAW0
dykEkLXaiN5TbzSQvImwQ+fI3lj6OrD1z4YeGvE+vxatqfh7Q9R1WBEijvLmwimuI0QuVUOylgFM
khABwC7epoA8AH/BWn4TpYJNK3iOKU2Go6gbb7Ekk0yWUbySx2wSRhfyGNGcJZGcqgLyeWoLDO0n
/grz8MW8ZahpupXUUVoNSsbTTrrS7oauJre5tdGlN3M0CmBIo59d0+EtbzXKkTpJuCiQRfQNr8Bv
A1ilusPgzwpCtqGWEJpFuohDIY2C4T5QUJU46qcdOKfF8DvBUD27J4P8Lo1pcRXcBXSoAYZokjji
lX5fldEiiVWHKrGgBAUYAPLfh9/wUe+HHxM/Z78SfEzTW8Qf8I54WS3lu1m05o7lkuIIZoZFTOBG
yzp87lVQB2coil6wdK/4Kz/CDxJ4gh0nRdRv/EOp319aaTYQ6T9mvY9Rv7mO1lS1imjmMOfLvIW8
5nW3dRKY5ZPKk2+9ad8K/DGkaDcaVaeHNBtdMu0SOezh0+FLeZUUKisgXawVVUAEcBQB0qifgL4G
MciHwX4TKypDE4/si3w6QiMRKfk5CCGIKOiiJMY2jAB41qH/AAVO+GOm+J9P0OSDxe2t6jcNaR2E
ekNJOkq6jqOnOjBWIG240q8DHOAqBs4NcjrH/BZz4baz4A0PWvAun6140m8Qz2ElpCoWzhGnXN9o
9r/aDzNuCoBrVmyxYMxcvG8cbRzGL6W0j4GeCfD+srqNh4O8LWWoI6yLdW+k28UyspcqwdUByDJI
Qc8b29TUI/Z88Aqtso8D+EALKc3NuP7GtsQSlomMifJ8rloITuHOYYz/AArgA8k+J3/BUL4WfCr4
zat8OtRvNW/4TfS9Qg0saYLFybmaf+zDCyOMgxsuqxPu67LW9bBFtJjyL4e/8Fv9B8TaP4C1XWfA
eq6Pofi6UwXuq2+oreWtiRpGn6mZYV8tJpoFXUEUtLHbvtXcI2dvKX7G1P4R+FNa8UjXb3wx4eu9
bDRuNQm06GS6BjSWOM+aV3ZRJ5lXnhZpAMBmzRi/Z98BW6KqeCPCCKiLGAujWwAVYkhVfudFijjj
A7Iir0AAAPMvi9+3NF8J/wBoSDwJJ4ZlvUurrR9KTUhfBFS+1UX/ANjR4hGzCAvYMkkqlmQzI3ls
odl5/wCHv/BR1vF/gbUNXn+H2uXF5beAZPiBZ6ToNyNVv9Ut1mlhjsoY2jh3XkjxFVQZUlkG7JOP
oS4+Hfh+78YReIZtC0eXX4EEcepvZRNeRqA4CiUrvAAkkAAPR29TmhffBLwZqaQrc+EfDFytvZtp
8Ql0qBxFbNndAuV4jO5soPlO48cmgDxTT/8AgpJ4e1X9mq1+IEOmSh7nUrTS2iukvrDTbKW41mLS
f9JvLm0j+zNFLKHlhmiSeNUfMXAJ8s8Wf8FwvD3gPQWv9e+G3jfw9Iuh2usR2GrwvZ3mpec0O82Q
aIxXcUazKW8qQzgld1uiMsh+0LPwLomnaDDpVvo+lQaZbTrcxWcdpGlvFKswnWRUA2hxKBIGAyHA
brzVHWfg74R8RateX+oeFfDl/fagqrdXFxpkMs1yF8vAdmUlgPKixknHlp/dGADzmL9ruXVP2VvC
fxI07wu97fePZtNi8P6GNRUvdDULmOO2aSZEcRhYJBcTbVfykjl+/sya/wAZP239N+D+o/GW0l0H
UL+b4OeENO8XXXlygDUo7xtRCQRgBmVlOnPk4OfMXAJBFeq2fwy8PabHpMdroum2cWhXkuoafFbQ
LBHa3EqTRySqqAKHZbicE4581j1Oah8Q/CHwn4u1a51DVvC/h3VL+9tfsVxc3emwzzT2+HHkuzKS
0eJJBtJxiRuPmOQD5x+Jf/BUuD4TeNx4b1T4c+LrvXpNEk1Sz0+wsb5rrX5kt5Z2ttNjntIWvJES
NRJEu25QyqRbtGRIfc/2Yvj7p37T/wAEdG8b6T9nFjq73MSiCdpkDW9zLbOMukcikPC2UkjjkQ5S
REdWQac3wJ8EXErySeDfCskklubV2bSbcloTjMROzlDtX5enA9K6DQ9BsfDGkwWGm2drp9jartht
raFYYYhnOFVQABknoKALVU/EWhQeKPD9/pl01yttqNvJazG3uJLaYI6lWKSxlXjbBOGRgynBBBAN
XK8s/a6/aw0z9jz4cab4l1Xwt488XwanrdjoSWfhLRX1W9ilu5RFHK8akbYgxALZzllVQzMqkA/I
X/gur+ybr3w1/Yis/wBlLwlo/hm5+HXgPwx/wm/gG/1fxc194z17UbC4lk1KBLRkDOsdjdXb/INi
oFCt/wAsV+Jv+CN9h/wTl+Jv7N66V+0tbXHhr4naRdzCW/udSvIbTVrZm3ROhjOxWUHYV4Pyg85r
+jr9nP8AZi13wpcX2tfFjxFonxV8YWviLWL/AML63ceHLa0vPDGk3sh8vTYZAC+Fi+VmyCwOw5VF
J/NIf8EB/wBk7xV/wUC8f/B34h+ENW0bU/EbTePfh7e6Vqb6fDqukzMovdOXaChlsbsyEIPm+zXN
ucEIxoA8z/4Z7/4Izf8AQ26N/wCFDf8A+NH/AAz3/wAEZv8AobdG/wDChv8A/Gvqb/iEN/Y2/wCg
L8QP/Cnl/wDiaP8AiEN/Y2/6AvxA/wDCnl/+JoA+Wf8Ahnv/AIIzf9Dbo3/hQ3/+NH/DPf8AwRm/
6G3Rv/Chv/8AGvqb/iEN/Y2/6AvxA/8ACnl/+Jo/4hDf2Nv+gL8QP/Cnl/8AiaAPln/hnv8A4Izf
9Dbo3/hQ3/8AjR/wz3/wRm/6G3Rv/Chv/wDGvqb/AIhDf2Nv+gL8QP8Awp5f/iaP+IQ39jb/AKAv
xA/8KeX/AOJoA+Wf+Ge/+CM3/Q26N/4UN/8A40f8M9/8EZv+ht0b/wAKG/8A8a+pv+IQ39jb/oC/
ED/wp5f/AImj/iEN/Y2/6AvxA/8ACnl/+JoA+Wf+Ge/+CM3/AENujf8AhQ3/APjR/wAM9/8ABGb/
AKG3Rv8Awob/APxr6m/4hDf2Nv8AoC/ED/wp5f8A4mj/AIhDf2Nv+gL8QP8Awp5f/iaAPyo/4K8W
3/BNn4Sfs13Wnfs66dP4w+J+uMsVleWuq3ktnosYYF5pTIdrNtyFTkknJ4Ffsr/wbK/skal+yL/w
SV8E2et2A07W/HF1P4uu4mj2S4uhGIPM/wBr7PFD17Yr5fn/AODc/wDZt07/AIKEeAPhp8OfCd/f
aR4I8jxz8TNR1nVX1DybXdIul6MikbQ17PFLJKCAwt7U8jzVz+z8MKW8KRxqqJGAqqowqgdAB2FA
HgX7G/8AycV+1j/2VWx/9QfwpXv9eAfsb/8AJxX7WP8A2VWx/wDUH8KV7/QB4B/wUs/5N18Of9lV
+HH/AKnGhV7/AF4B/wAFLP8Ak3Xw5/2VX4cf+pxoVe/0AeE/t/fs1eIvj38KNP1j4e6hZ6H8YPhv
f/8ACSeBdTuVzAt8kTxyWdxjk2l3BJLbTAHhZQ4+aNcbn7FH7WNh+2P8CbLxTHpOoeGPEFnPJpPi
bw3qI23/AIZ1aAhbmynXrlWwyNgCSN45Bw4r1qvk/wDau/Zr8dfB/wCP837RfwRLah4n/s6Oy8ee
BJH22vxF062DGEwt0h1WBC6wSkbZARE5CYIAPrCivOP2Vf2svAv7aHwgs/G3w/1ldW0m4ke2uYZI
zBe6Tdx8S2d3A2HguI24aNwCOCMqQT6PQAUUUUAFFFFABRRXyd+1X+2brnxK+L2o/s7fAS4e7+LN
xaD/AISTxWlsLnSPhTaSrlbq7J+WW+dMm2swdzth5NkQJYAwf2wlvf8Agoz+0IP2cNAv8fCjw5HH
qHxn1OxuCktyrENZ+GY5VOUkudplugpDJbBFJX7QufsrT9Pg0mwgtLWGK3trWNYoYokCJEijCqoH
AAAAAHQV5v8Ash/sm+FP2KvgZpngTwjHeS2lrJLeX+pX8xuNR12/mbfc393MeZbiaQlmc+ygBVVR
6bQBHdWkV9AYp4o5oyQSjqGUkEEHB9CAfqK+U9TufH/7En7SGj6fouh/F/47aB8fvHlxe63qt9qt
q+n/AAptRZRhVjQqhW13RkhSVUKjKC0zIs31hVXXNDs/E2i3mm6laW1/p+owPbXVrcRiWG5idSrx
urZDKykggjBBIoA8Z/a3+L3xBsfgr4Y8QfA28+GOs3usa/p8c134k1AjS7jSpGbz3t5YpUDzldvl
4YgnPBrlvC/7C/xH0H4efDfRbr9pP4m6nqHgjxV/b+rarPbWouPF1n5wk/su6AGFt9oKZTDYNfL/
APwUY+C1l+xL4A8B6Jf/AAo8AeKv2OfCGpaBYaN4O0q9v9K17Q/EU2p7IdUe5R9stujzksrMzSST
ZYE7nP6c0AfMXjf9hH4k+KvBPxM0qz/aX+J+i3vjrxOuu6RqNtbWpn8HWgldzploCuGgKsEy+Wwg
re8f/sf+O/F/j34q6vY/Hr4gaDY/EDRbfS9F0y1gtzb+CZ444ke9sywy0shjZmD5GZWx2r3+igD8
yP2lP2RP+CiPwZ+JOh+KPgx8efCHxc0LQvDqaHJ4a8Z2jaTPqEnlsjXkrW5EU91ubeJWkhwQoKvt
JbwT4beDf+Cv194M+F/hmbSfCehan4E1C7vNT8UeIfF1neJ4sSeVmjhv4rWWRmihVgqiNQSEGcng
/tlRQB8X/AH9hL9pNfghqtl8Vf2ptduvG/iDxLH4ikm8K6RBBYaJEJVeTTLZ51Mz2rKmwbvL2q7f
KThq8J/b+/aa+K37Hn/BS/UfCfjb4jeJ/Cn7Pf7UOi2eg+E/GVnEhX4V+I4UEWxWYbEW4I8xjLwT
OGBCwS1+o1ed/tYfss+DP21P2fPE/wAMvH+lRav4Y8VWbWtzGwHmW7dY54mIOyaNwro45VlB9qAM
OD9m7xZF8ULbX2+LnjCTTYPAX/CIvoxih+yzaj5u/wDt0nG77Zt+Tb9zHauf8Ifse+PPDdv8GEu/
j38QNXb4Yvet4ge4gtwfiCJyDGt/gfKIMEJ5eM55r4c8D/tV/tA/8EAfBtr4M/aF0LxJ+0B8ANL2
23hz4neE7Q3Gr+HbVcqttq1rIwIRFC7ZTIQoG0SSnaifT3w+/wCDgP8AY3+JHg+LWrT4/eBrCCSM
SNb6tPJpt5FxypgnRJNw6cA57ZHNAHTT/sHfEqX4W3OgD9pn4oJqc/j7/hL01oW1r9qi07ytn9gg
bdv2Pd8+77+e9fJX/BWz4r/GT4E/FK9+D3wS+MHi3xX8bv2ovEGm/wDCN6IXhSL4TaPZyNJe30Zj
UukE2VRmmGCiTFcmMiup+I//AAcQaZ+0D4zuPh3+xp8OPE37RvxAljKHV0s5tL8KaA7ZCy3l1Osb
FFIzgBEcDCy5Ir1v/glN/wAEp7z9ibXvGvxU+J/i+T4nftD/ABZcTeK/EzKy21pFuDrp9krcpboQ
g6LuEUYCIqIigHpMH7G/xDPijV9Sn/aC8fvHqnw7/wCENjsktbZLew1QxRofEMQAyLzcjOEPyAuR
Vr4f/sheOvB/ib4QX1/8ePH+v2/w3sb2012zu4LcRePZJ43WOe+2jKvCWDL5eASgzXvtFAHzzoP7
Gnj7SPhr4Y0Of9oH4h3+o6D48j8XXmsS29sLnWdOV3Y6FMANotGDBSy/PhBzVj4hfsg+OvGXg74u
aZYfHnx/oF58RdRtL3Q9QtILdpvAkULxNJb2QYYZJRGyt5mTiRsdq9+ooA8f8Yfs3eLfEnj7x/rF
p8XPGGkWPjDwkfDumaXbxQm38L3ux1/ta2JGTc5YNhvlygryL9o/w18Yv2WLf4KeLfCWqfEn43Te
EY7Twf4j8MW9xBZJ4mE8flS6/euIpD5kBXzSiBVJfqBX17XyN/wWX1/wloP7O3gY+MLj4xxW158R
dCtdPi+GhjOs3l60r+VC6PkyWzAN5kaAuwCgUAezftHftLab8JrSfwvomseD7r4w+INF1C98E+Et
X1iOxm8S3dvCzJEgJ3lC+0Myjgbj2JHLfsofsxz6L8Qb745eMbDWPD3xg+JvhfSNP8XaDF4mn1TQ
tJmtUY+VaRt8ibXkfJXKglypzJI8ln9mb9l3xL4TkbXfjL4i8MfFn4gaN4g1e88LeJB4ah0+68Oa
Xeuu2xhOXZcIu1mDZKkISwXc3udABXhP7fX7I0n7UHw00zVPDdymi/Fj4a3p8S/D/XAdh0/VY42C
wykffs7lSYLiI8PFIf4lUj3aigDxz9iH9srRf21Pg4uvWljeeG/FGjztpXizwrqOF1PwpqkfE1nc
JwRg/Mj4AkjZHXhq9jr5e/a0/Zl8aeCPjfa/tAfAy00q5+I1lYDS/Fvhe7lFpa/EnSIsvFatNgrB
fwMWNtcsCB5jRSHy2ynqX7JP7WvhT9sr4Sw+KvDDXtnNbzvp+taHqcX2bV/DOoRHbPYX1uSWhuIm
4KngjDKWVlYgHp9FFFABRRRQAUUUUAFeN/tx/tWj9k/4LS6hpVhF4k+IPiOddE8EeGBMEn8SaxN8
sFuoyCIlJ8yaTpFDHI5IC1b/AGxf20PBn7Efwyh8ReLZNRvb3VrpdM0DQNItjeaz4n1BwfKsrK2X
5pZnP0VRlmZVBNeZfsi/skeJPEvxwvP2ifjWgf4qa3Ymx8OeGhOtzYfC/SJApbT7dh8st7LgG6ug
Bvb92mIlG8A7T9gv9ka5/ZU+F2pT+JtZbxZ8UfiBqB8SePPETZA1bVZIkRlhUgeVaQIiQwRAAJFG
vG4sT7lRRQB4B+xv/wAnFftY/wDZVbH/ANQfwpXv9eAfsb/8nFftY/8AZVbH/wBQfwpXv9AHgH/B
Sz/k3Xw5/wBlV+HH/qcaFXv9eIf8FDfA3ibx7+zdbw+EfDeoeMNb0Xxr4P8AEg0ewubS2u7+30zx
Ppeo3SRPdzQ24kFtazFRJKgYgDcCRWf/AMNkfEX/AKNO/aA/8G/gf/5oaAPf6K8A/wCGyPiL/wBG
nftAf+DfwP8A/NDR/wANkfEX/o079oD/AMG/gf8A+aGgDC/aU/YH1W58e6j8U/gF4lsPhL8Zb4xy
arcSWP2nQPHSxj5LfWLRceZxlVuottzEGOGYfJVP4af8FQdG8HjTvDn7RGiXP7P3j6Wb7CT4gYjw
trVwP49N1nAtJkcYZYpXjuBuwYsjJ6n/AIbI+Iv/AEad+0B/4N/A/wD80NY/j79obxN8VfCN74f8
UfsZ/GjxJoWpJ5V3puqXfgO8tLpP7skUniAow9iDQB9JWN9DqdlDc200Vxb3CCSKWJw6SKRkMpHB
BHIIqWvy+n/Yv1L4c3st18Evgp+3B+z35jmcaV4M8c+B38PGYnJc6Ve69cWi57iJIwcfXLvtP/BQ
DTf3djrHxnu4RwH1j4ZfDe4uPxa38W26Z/4Bj2oA/T+vP/2hP2rfhr+yh4Zi1f4k+OfDPguxuWKW
p1W/jglvnGP3cERPmTycjCRqzHPAr8/5PA/7Y3xDU2vj3W/2wZNLl/11r4H0b4X+FZZB6LcnXbq4
j+qyA+hBwR3f7On7P3hv9mvxp/wl2n/sUftE+K/iA+PM8ZeMvFXg/wASeIWIzyt5eeJJHh6/dh8t
T6UAd14o+KXxx/4KD+Jk8P8AwzsPGX7P3wkhIfVfiBrukJaeJvEcZP8Ax7aPp1yDJZqy8td3kSuo
YeXCSCw+j/2dP2afB37Kvw6Xwz4M0s2NnLcSX19dTzPdX+sXkpzNeXlzITLc3MjcvLIzMeBnAAHn
n/DZHxF/6NO/aA/8G/gf/wCaGj/hsj4i/wDRp37QH/g38D//ADQ0Ae/0V4B/w2R8Rf8Ao079oD/w
b+B//mho/wCGyPiL/wBGnftAf+DfwP8A/NDQB7/RXgH/AA2R8Rf+jTv2gP8Awb+B/wD5oaP+GyPi
L/0ad+0B/wCDfwP/APNDQB7l4i8N6f4v0W403VrGz1PTrtdk9rdQrNDMuc4ZGBBGQDyO1Xa8A/4b
I+Iv/Rp37QH/AIN/A/8A80NH/DZHxF/6NO/aA/8ABv4H/wDmhoA9/orwD/hsj4i/9GnftAf+DfwP
/wDNDR/w2R8Rf+jTv2gP/Bv4H/8AmhoA9/orwD/hsj4i/wDRp37QH/g38D//ADQ0f8NkfEX/AKNO
/aA/8G/gf/5oaAPf6K8A/wCGyPiL/wBGnftAf+DfwP8A/NDR/wANkfEX/o079oD/AMG/gf8A+aGg
D35lDqVYBgwwQRkGvBvGH/BLD9mf4g+J5ta1z9n34Marq1zJ5s93c+DdPkluH/vSMYvnPu2ai/4b
I+Iv/Rp37QH/AIN/A/8A80NH/DZHxF/6NO/aA/8ABv4H/wDmhoA9g+Gvwo8LfBnwxFong/w1oHhT
RoDmOw0bTobC1jOAMiOJVUcADgdq368A/wCGyPiL/wBGnftAf+DfwP8A/NDR/wANkfEX/o079oD/
AMG/gf8A+aGgD3+ivAP+GyPiL/0ad+0B/wCDfwP/APNDR/w2R8Rf+jTv2gP/AAb+B/8A5oaAPf6K
8A/4bI+Iv/Rp37QH/g38D/8AzQ0f8NkfEX/o079oD/wb+B//AJoaAPf6rX2j2mqXFnNdWtvcTafM
bi1eSMO1tKUeMuhP3W2SOuRztdh0Jrwn/hsj4i/9GnftAf8Ag38D/wDzQ0f8NkfEX/o079oD/wAG
/gf/AOaGgD3+ivAP+GyPiL/0ad+0B/4N/A//AM0NH/DZHxF/6NO/aA/8G/gf/wCaGgD3+ivAP+Gy
PiL/ANGnftAf+DfwP/8ANDR/w2R8Rf8Ao079oD/wb+B//mhoA9/r5u/aa/4J/J4z8c6h8UfhD4hf
4S/HGWKIPr9nEZNM8ULCMR2utWQIS9g2/IJCBPECDHIuNp0v+GyPiL/0ad+0B/4N/A//AM0NH/DZ
HxF/6NO/aA/8G/gf/wCaGgDh/AH/AAU7l+DmnxaN+1R4Ub4D+J4Z1s116SV73wRrzE7RNa6sq+Vb
BzyIL0wyqGA+fDMPqzQdfsfFWi2upaZe2mpaffRia3urWZZoLhCMh0dSVZSOhBxXgGu/tV+N/FGj
Xem6n+yF8ddR0+/iaC5tbrUvA00NxGwwyOjeISrKQSCCCCK+TdZ/YgsPC+uXOr/CD9mz9sj9nbVb
yQzXP/CtvHPgrTNNu3zkeZpk2vzWBAPZYFPPWgD9PKK/MD7P+3loWItI139oK6tovli/4SH4ffDG
/n29t8lv4mtd7dOdozznJPAYf28/EGYda1z4/wBnavw//CNfD34ZafcEHqBJdeJ7sL7ELketAH6Y
eKvFel+BfDl7rGt6lYaPpOmxNPd319cJb21rGoyXkkchUUdySAK+VfHf/BTa7+Ndg2jfss+Drr44
a5eytZL4rQm08B6FJna01xqjYS7EWdxgsfOkYDbmMkGvAPDf7E+n6v4ks9d+K/7NP7Y37QmuWMou
IJPiT468Garp1vIDnMemJ4gi09RnoPs5xj1yT9X6N+1d458OaTbafp/7Ifx2sLGzjWG3trfUvA0U
MCKMBFVfEICqBwABgUAP/Za/YM/4VR4xh+InxN8Zar8Y/jK9tJbHxPq0CW9rokUpBlttJsU/c2ED
YAYpullCjzJHAAH0NXgH/DZHxF/6NO/aA/8ABv4H/wDmho/4bI+Iv/Rp37QH/g38D/8AzQ0Ae/0V
4B/w2R8Rf+jTv2gP/Bv4H/8Amho/4bI+Iv8A0ad+0B/4N/A//wA0NAB+xv8A8nFftY/9lVsf/UH8
KV7/AF4B+wv4f8X/APCW/Hfxb4t8C+IPh3/wsT4gQa3pOk63eabdX/2OLwzoOmmWQ6fdXUC7rjT7
nC+aW2qpIXcBXv8AQAUV8R/8FdNN1CH4q/s5z6Ynxm1g694zutC1Lw54A8fXnhe51+0OjajdeWSm
pWFuWSa3il8ySZHCxsoYhijX/A/x6P7MmpWuhP8AD341391ofwq1X4hwQa944ude1CQm6gefRdk1
zK11dQuyIs9wWMasI4pHV5MVFLlvJ2+L/wAli5Pt0Tbttqt7J1OLTilrfl/8mlyL/wAm0+ae17fZ
tFfM/wDwTt/bw8Q/tzHxpe3XhbwBp/hrw1c2tpp2veEvHUnirT9dllgWaQRynT7VB5O9Y3AZ2WVZ
FKqFDN0P7evwr0jxT8JdR8R6nq/xChvdAspING07w5451fwtHe6hcMkVukjabc27zM8zRRqJWdV3
HaoLMSqsZwtpq9bequvm+zt52FT5Zu1/L+vLv+r0Pd6KwPhT4Mm+HPww8OeH7nU9S1u40PTLawl1
DULmS6u754olRppZZCXkkcqWZmJJJJJJqP4t/Dlfi38PNR8OS6vruhwaqEjmvNG1GbTr+OMSKzrF
cQsksLOoKeZGyuoYlSDg06q5ZNQd7bPa/mTTlzRTkrX/AAOjor8uNd+C2seDf2Mv2qfH/hn4u/Hr
Q/FPwr1nxba6LczfEnWtajSzs7PfBbG31K5uYOHIPneX54wdsik5HrHij/grn4g+B3h2Pw3r/wAL
by/8fvfaTpWg2Njqeo62utx3elS6h9puDp+m3V5C6JbXCyRw2t1hwp3lGaRJi1Kmqi6xhL5TV189
Vdd79Fcpxadn/NUj86TSl8tW15Lu7H3fRXCfs6fGqb47/AXw942v/C/iPwRc6zZm5udE16xmstQ0
x1LK8ckUyRyDlSVLIpZSrbRnFfHPhn/gtV40+Kng7xF4m8Dfs9eI9d8LaVpT+JLDV9Sn1jQ7C/0q
GUJO32q50ZbVrzYwmit7We5jmjSTE6uojZyXLN05aNb9lbdt7JaPVu1k30FF80FUirp2/HZW3v5H
6A0V8Z+Fv+CnHxB+Ieo+AbDw38HPDusT/FfTtY13wjqC+P1TSbvTrERNG11L9hNxbXMyzKTALaVY
iyq0pbzBHzmkf8Fuv+E88b+DNN8G/Bf4h+L7XV9P0i98RjTdM1S8vPDzaizKkY+y2E1k3kbWeZrq
8tAI1LRiY5UPlfMo9W7W631W2+8Wn2ej3QJ3jz9N79OnX5/Ppsz7vor4i+HX/BS3xJ8cbj4SarqX
wS8SaDo3jjxjrPh7THg8cxLeWepaXHqyyQ3tvAUhmjlWxcRoZpYTJvL7PJhkmzNA/wCCw/jbxZ4V
0vVLL4G2tt/wkngfXPG+kW+o+N44pRDo15Hb3sF2YbOVYXKyxtE0RnDuxV/KUeZRNOF+bS138lFy
b+Si2+yXmXyPnjBat/8AyXJ/6Vp636K594UV8N+Kv+C0E/8Awta10DwV8E/iL8RbKC10p9Yk0PTd
RuLnT7jUbKK8gjEiWTaYsaRzxGaS61C1MYYsEkUZrmPHn/BYT4g6/wDsc+LvHnh34XaP4Z1Cf4Uj
4keFpdS8T/a90RmMEqXMUdoVjli3RyoqtIkoYKzREEB+znfltrdr5pN/PSLfoiISUoqd7J8rv0tJ
pR+9yXnqfoXRXx7rf/BRzxPoX7Ufgv4QeJPBOi6VL41ki0G51zQfFx1S50fVJdJl1AlYP7PESwAR
Mkb3clvPIw3raGL5z6B/wSv8U654z/YJ+H+o+JNf1jxRrc0V4l1quqz+feXzJfXCB5HAALbVAwoC
gAAAAABOL1f9Pe/3W/FWI59Yq3xLm+T2+/X0s7n0FRXxn8Tv+Ctz/Cjw94qk1T4fyr4g0zW4tC0X
w9He382r38k929rbSXNjFpz3kUUhhmlElpb3qNEqmNpWYovnur/8FXfjhrXjTw9eaF8EdK0nTofh
74k8Wa34e8Za5qnhnUJZNLvbWBpLcz6M05haOTfB5sEBmW4zIIGiCNCknHn6K7b7Wi5u/X4Vf5q+
5s4NS5Ho7pW82+Vfe9PvP0Oor4k13/grb4p0Lxrpuij4Mf2ifER8GNpV3Z+LofJSPxGLlUe8EtvG
8IgmtZI8QrcGQMjfu8kL9Efsm/tFX/7Q/hDxC2u+HYPCnivwbr914a17TLbUjqdpBdwrHJuguTDC
00LxTROrNDG3z4Kgg1vKhOMpRa1je/lblv8Adzxv25kc0cTTlytP4kmvNSTa+9Rk16M9Tor4B8cf
GP4l2P7dfj/WNeiuYtN8C6/o3hzwTpWi/Ei9tbLWrnUoEWG21KwbTxamGXzTPLcEzT25hCQ+aCd3
eaJ/wUz8b6x8c9C+FR+CyQ/EC91XU9F1SQ+L4T4e0y5s7C3v1KXf2f7VPFLb3UDKwslZS5DICpFY
0f3sU49b/K1nr20lG6dmrro03rVkqbal0t573XTpdOzV07PW6aX2FRXnP7Tvx6m/Z9+HtjqNloye
INe17V7Pw/ounS3osbe6vruURRCa42OYYQSWdxHIwVTtjdsKfNPE37YXxP0mLRvDlp8INGm+KU2k
32v6t4euvG6QWFrYWtytuZLW+S0kNw87OjQpJBBlSfOa3YbSuZWcuza+ajzP7o+8+y1ZT0tfyf3v
lX3tWXd6LU+kaK+Fbf8A4LQ6h4ltpta0L4NatceEbTVPCVhLe6j4jtbS+uYvEYjWzmt7ZElVtks8
Kuk0sJCl2ByoVtnw9/wVF8f+MviRYfD/AEr4JWFx49ur/wASaZIZvG6ReH47nRmhMiLefYzdMJUu
ISGNkoUvg5wzC5xcbqS2vf8A7dUXL7lKN/VLclSuk+7SXq+b/wCRl8lfY+0aK+HdL/4LLy+IvHPw
rt9N+GYutA+JSadAz/8ACRq2taXfXsFzIkD2cVu8McSyW/k+bd3drvZ8xpIoJqbw5/wUt8R/FPwb
8GfFl/8ABHxPYaZ8SNb1G30KCw8cQpeQXdlY6nKYL2KMxQSCdbNlijaWWAsxeUxNFGXT0UpdItp+
q39bLXTy7oqOs/Zr4nFyt5Wbu+y0e/Z6XVj7cor4t+FP/BWrWvH3wmvvGeo/CG907S5/hkPibodt
Z+IU1C/1C2WUxS200YgRYJF/duGR5gyOSQrKUPov/BO79tzxD+3BonjXV9Q8MeBdK0Dw1q6aRpWt
eEvGsvirS/ErCCOaae3uTYWiNChlWLchc+bHOjBDH81+ym3JW+FNv5ScH/5Mmrb6PoRKSTs+6Xzc
VL/0lp/PufRtFfnF/wAFFv2ufjTpPxz+InhXw9PD4e8K/Dq7+HuoWlxomueTqustqmutaTWk6SWe
0QzxiRW2XKGP7PCQZBNKqd38Tv8AgsHrfwx0e30aX4RX2rfE+bxHreif8I5ot1quuWzw6X9naW5S
fTtJubkiSO7ttgezRA8hV5IwN5hfDzeunWy5bu3/AG+vPq1azNZwaa630+fK5W+5N9ul7n3FRXm1
/wDtC3Fv+yZL8UofBfis3KeGf+Ej/wCEWvIY9O1lG+z+cbOVLlo0hnXlGEjKFYGvmHX/APgs1efD
X4a2WveNPhXPpNz4v8LaN4o8GWGk6zPrc2srqNza2a21wlvY+bBNFcXkAZbeK7LxtujDv+6puLVS
VL7SaTXm+ayXdvllt2Zl7SPLGd7KW19OsV121lFO/dH3PRXxP8C/+CqXxE+P/wAYNH+H9h+zv4h8
MeJtS0W/1lrrxhql34e0qVLK9tbeZrYXOnrqUkTJdI6STafBuYqm0DzHj85/Yv8Aj/8AGJtQbXrr
SR4w+LfxEfxLcQ+GLz4q3x8K/wBnaTq/2V7iNZtMYWNzG00VtFFawCKdFEszI7EpXs5WUmtGm152
vfTt7sr9rNvRNodSN3FO7vbp5b9tGrd9lq0j9HqK+Ebn/gtBrmreD/iN4l8P/AnX73Qfhh4M0zxx
qjah4msbK8urK7gvHdbaJBKrSQyWkiMJZItyxzMu4rCk+3rP/BVfxd4T8Qa1baz8H7Gzs/Dmr+FI
NQuIvGInddP8QzJb2k0aCzG+6inbEtuWWIIpZLmQ4SmqU3LkS1ul85Oy+9/57FS0Sb63t8km/mk1
pvqlufadFfAvxR/4Ldah8KPEXxVs7n4Rf27H4A8P6n4k03+w/FsN2+p22n6lHYXIuJWt0s7eRDKk
zRW91dyxp8siRzYiPpEP/BR3xXL4h1bwa/wv0uD4l/8ACaR+END0uXxaRpWoeZo39spc3F8tmXtw
LUOrolvORKoVTIp8wTGEpQVRLRq680nyu3Xd2+/onZtWlKD3je/lZKTv5Wa121S3PrKivjLxl/wV
d8R+Dv2hNB+HZ+BnjbVdZgj0n/hM4tHt9S1l/DMmoOVj8uWx0+eyljiVTNK9zd2ZEXzIsjAxj6O/
aQ+OR+AvgK01G30xNb1rW9Vs9B0bT5LsWcN5fXcoihWWfa/lRBjudwjsqq21HbCGWtFLe75VbW7u
lZW3u2ku/QnmWt9LK7vpZWvd320Tbvt1O/or8+v2mf2qfi38etW+HXw5sPClh4N1O9+Jc/gbx7a6
f8SL/S5QV0OfU4RYanaaeLgwPC0dwJgtvKHhSFo9ssjp9Z/FL4lw/se/s76VPeXWs+Mr6xk0vw3Y
Tapdxre63f3VxDY2zXM6oqK0k0qGSQR4ALsEPCmnCSipP7TVlu3dJqy87q3e+hcotSjHur9rK8o9
f8Lv0S/D1Kivja+/4KceP9F+M3hv4W33wPhT4ja34hu/Ddw0HjSKTw3ZzJpLapbSi9a2W7kimhUg
kWIaMxy5ViI1l5/4k/8ABVe4+Anwj1LxH/wr6z0bUb7xnr+hTQ+O/iKdN0uK705f9St8YbtIpbsR
n7LaRRiNiDzGxIrOclFc0trX79Yrb1kvnbTey5W2kurt+En/AO2ve2ibvtf7por4Z+IH/BULxJ8K
tDk8V6/8DfFI8R2fw/0bxLNpll4yH2BY9TvxB5Hl3CwDzLd9nmzSWyTDcURXXJrc+JX/AAVG8V/D
j4a+MLuf4XeH/wDhMPB3jS58JXGky+NWFpdJFpaaok9vJFYS3lzLJbyxqLa3spXWQtkiJGmFSXKp
OX2ea/lyyUH62k0vV6XSuRSmqkkoa3tb/t6HOvS8U3b02bsfZVFfHX7Fv7ROrftC/tv694gi17xL
J4N8a/B/wj400nw7fXKPaaDJfTagJFhVEX5mWGMu77mLZwQoVF+xa0q0Z0ny1FZ6prs03Fr70PmT
fuu6tFp91KEZr8JI8v8Ajf8AsdeA/wBor4jeCfFniu28S3OufDu9/tHw/JYeKtV0qCxuSCplMFpc
xQyuUZ4yZUfMcjoco7KeR/ax/YO0D493fiTxdpsVwvxK1Lwnd+EbO61HxFq6aOLG5BE1vLYw3C2+
JM5Mnks4dY3+YxqB5V/wVF/Zz+Hfxx/ak/ZMTxt4F8G+MDd+Pr7TJl1vRrbUBPaHw/qs5t2EyNui
86KGTYcrvjRsZUGvPfgj+y/8Lfi5+1z8ePhfaeHdA8a/s+/D230TU7Dwxe20ep+GfD3ihrW/iu7W
2hk3woEtXtJGt1ASGSQMFVyaxqJxouV9lNq3TRKT8rxdnpq2ovR3NmrVIt63UX/5M1FfKUebfRXk
tVY+iP2Rf2SPEHw4spLrxdceINGk863uItEtfi/4o8aW0c8DSYmN7qZhmMbo6q1oIhCduXEp2lPd
/FvgfS/HdvYxata/bItNvoNSt0Mjqq3ELh4nIUgNtcBgGyNyg4yBj8jrb9gX4Fj/AIIPfDTxmfhX
8OYtf1jTPB51G+XQbNH1CV9Xso3nmYR/vJjHNPGZGJcpPKhJViK+4/8Agot8JNG+IPwT8G/DLQdX
+HWhakNasjofgzxHEV8OeLIreGYjRru3h5W0kijfbhGRXhj/AHcmPLboxEXCbh1jPl67q15dXdKz
SSbsrK1kjONC110s/wAFt2SeqbbS1be7Z9JaZ4VttI8Q6pqcUupPc6v5XnpNqNxPbx+Wu1fJhdzF
BkH5vKVN55bcea0iNwIOefwr5B/Yw/ap8HeCvBN74Xvvh98QfBuvt4uu/D+qaBpHh3VfF2i6NqEU
dqrxQ6hYWkkEOn+XLAYmuPIVFLqVjETJH8lfskfsAPdfFDxl4z8HeHPhL8GvB3w2+K/jGe78b+Fp
JoPFl5pkbXMLaQ9pBZxwi0RnWRd1zKFEEeyFWAYYT0dt1yc19LfY63tb30731WybaTqEb03LZqfL
bre0363bha1t3q7Js++NJ/4Jn/CLRvhV8RfBKad40ufDPxYlefxTaXnj7xBeNqUjn96wllvWlgMo
+WQwsnmqAr7lAAy4/wDgk38D1utQun0bxvc3+oiwLX9z8RPEdxfWr2MZjtZra4e/MttNHGzoJoGS
QpJIpYh3B+SPhf8AA3wp8NfAuv8Awk+IPw9+H+sTa98K9c1jTfFPhhlu/DnxGs4vsLy6pqllMrNF
qvmi0k893m8wliJyVVUpf8Eqfht8L9K8c/BCy+L/AMPPAPh34maV4Gsrj4PXlrYWqaTqelvBDcXM
1m+wSHVFnnZ51lJZWlaSDCyzM21OkpTcYvRKPTdL2kUknZ3j7N2i7NLmenLZ89Wu1GLlvJyfdX/d
ttvVe9zq8ldNpK7b0/T7wV4LsPh94VstF01bv7FYx+XGbu8mvbiTJJZ5Z5meWWRiSzPIzOxJJJJJ
ryCw/wCCbvwj0qeY2ej+J7K0k1eDXY9OtvGetw6ZZXcNwLlHtrNLsW9shmAd4oY0jkIG9XwK85/4
Kc6Rq0vxr/ZZvfDt/FY+Ix8SpbC1e9uLp9O2S6Jqbu09pFLGtzsaGN1DEMCuFkj3s1eOfEn/AIKz
fFTwp8Efh54n0+D4bajq62EV/wCNdKtNIvbppYzrg0lp7eR7yGKwt2KTOjSyXczOAiwOFZ6zg3Ka
lf3nLlX3KV7+VrvtZNX6a11GlBJ/Dyc3/k0oWt5tWXrbTr2/xI/4JA6RL+1R4C1PwlopsvhnbXPi
HVvFhk+J/iWz1xtR1UQ+ZNYeWXMSloP3iR3VukizOChAw/0Hc/sCfClvF2h65ZeG7zQL7w/pUOhW
66BrmoaLa3NhCCIbW6t7SeKG8hjDNsS5SQJubaBk5+Zh/wAFPviv4O8YXWqeKtA+HjeEdP8AG/iz
wdNpGiC9utWnGkaPc6lBcRXTsiFn+yPE8X2brKpDjYQ/mHgb9p7xppX7cvjTxJZeKvhZ4n+JPjz4
ReGtY0LS9Nu5ms4YLrV5UxFZXepKLqWGCSMnyJrQXbCP5IXkGVRTcacI7SSa8lKE5QX/AICml/LH
RvoVVk3zuT1Tat3tUjCb+U5Jvq2rpW1X1/pv/BKT4K6N4W8JaLaaZ48tbDwNrd54j0NYviR4lSWx
1C73faLjzRf+Y7PvlyHZgPPnwB50m/K0T/gjd8AvDllp9tZaH49gt9K0XUPD1nGPiZ4nKW1hfsXv
LdAdQwFmYhmI5JRDnKJt+UZ/2s/GfhT9qr4r/FvwdqnhG/ez8AeHLzxFaavDqptX8rxFqunXFrbW
ss6HT7nyoNr/AH0WeE5jl3mSnf8ABS/9uPxl480T43/DS7fw7ffDbVfCXjK10/UNCt7/AE6/0zUd
FsIrnZJqJvIzcOZd6yww2ghTaI2uJcuhKjajZ7tTbXS0bxfya91aa3s9HrtTp3xEaDdrumr9nUSm
lbum23rum97n2hpv/BMj4PaGunDT9J8X6adO0ePQd1l47162a+s442jhju2jvQbxoUYrFJcmR4QF
8tk2rjF8K/8ABIT4CeDtF/sy08NeK59KHhafwULC/wDHviC/s00eYlnsxDPfPGEDHKkKGjKqUKlV
x4jrX/BQz4o+CP2afDXinwrZeHdfTxpr2n+BfDXhz/hGjFrPhW7+zO0r6rJd6xaWs8jGE+XAJLNS
J4ds8m9d3cfDz9uP4yxeJfAtt8S/CXhb4dR35s9M1+3kEWrSR6lc6pLaRI0thqFwun+bFEjRJKlx
G8tz5RuUMLGTdwk6jinq5cuvVtN/O6nZ2vrUt1ZwwmlRi7WXKpJLok7L0s4O2ityX0SR6pL/AMEz
vg0/jWPxEnh3XLfWItQt9XSe28WaxbhL6CzexS8CJdBBcm2do3mA8yUY8xnKqR6B+zn+zj4S/ZQ+
E+n+B/A9nqen+GtLeV7W2vtZvdWkhMjmRwJryWWXaWZiFL4GTgCuS/bZ+K/jX4GfD7QvFfhfUfCm
n6JpniDT4vFj61o1xqLR6TPcxwTzQGG6t/JeISeYXcSqFViU458mv/2xvih4Q8ceHbrV77wBc+Ad
fvhPHqtn4euiYrC71QWmnJPs1CWa3aSH94t2bZ7eZ32MLUIWfGDc3yp7vl+aSa+9O0ejaaWtkazs
ldq/Kl8k21+D3S2Tu9G2epeIv+Cdfwg8XQa9FqvhrUNRXxDFDDL9o8Q6nI2niKVZ4zYE3GdOYTIs
u6z8ljKokJLjdWgf2E/hfcXuiXd7oOo6xfaDpV7okF5q2v6jqV3c2d4IhcRXU1xO8l3u8mLDXDSM
pjUqVIBryT/gtx8KfCXxU/YO1CPxd4e0DxBBpviXw9NajVLKK5W1kk1izgd4/MB2M0MssZIwSkjq
eGIPJf8ABZP4M+CfFXwS+D3heDwD8L/FuqaJ8QvDdtoHhnxBHBbaetrJdpbtb8W9w0Fq6ARNst5F
2gDY2AKzjqo00vinGCX+LlTdvSeyWqvrqVUfJCVb+WMpPveKul87JXbVnYb+1P8A8EdfDGo+HfBK
fCPwP4YOuaVregx6vq/ifxprMWqDQtMujcpZ29/su7reGwseJItgWMh8RIo+vfgz8FPDX7P/AIGh
8OeFbCWx02KWS5cz3k99dXc8jFpJ57m4d555nYktLK7ux5LGvhn4nfsb6fN8DNC8C6X4C/Z0+Fnj
Cfx1/bknwptbp7vwP46MdjOkdpdiK2t+ZYIjOrvZACa0VjBL5eWw9R8G2v7TXw1+Htp4U8J+Em8S
+C/FHiaS++DnxI1Rr3Q/EFxa3EUd4LO9jSWMmzlkiazmaGRY0lK+VEVJh3U3aUL7vmfV6qHM9L3S
62vZ6ytzGfsoc0ZRWtuXsrx9o0vVrZu14vRtRZ9ca3/wTd+EXibxH4+1XVNF8Sand/E2SGfxALzx
jrVxBNNC6SW88EL3Zjs5oGjTyZbVYnhCARsgGKt+H/8Agnx8K/DHj3wb4ps9K8SL4h8By3U+lX8v
i/WZppJbpFjuJrsvdH7fLIiRo0l35zFY0XOFAEv7AHj/AEP4m/sl+FdZ8O6d4i0fTbhryM2GuXAu
r6ynjvJ47iJ51ZlnCzLIqyhmEihW3NnJ8B/4LU/sj/DD4k/BSHx34q8C+E/EvihPEvg/RItR1jS4
L6WzsW8R2iywRNKrGJJVuZlkC4EittbIAFSoShVhRjp7yj6XairW9enQ1ppVk+brd99et7+Xz0t6
fWnxx+BPhT9pH4bXvhHxppI1nQr94pXhFxLbSxSxSLLFNDNCySwzRyIrpLE6ujKCrAgGuG8Vf8E/
vhd420jw3a6ppnia6ufCgmSw1X/hMNZTWnjmCCaG41FboXd1DKI4xJFcSyRyCNAysFXHzn+018QP
Fv8AwTPl1bwT8EvD/wAL/D/h3xD4avtd8A+GofCE7xz+IIbu1FzpwWHULWFY7iO48xFjSLyz50jF
1jKtq+Dv28fiZ8dNb8Paf4H8U/CS2tPiVYX+u+Dte1bwzfSWL2mnQWIubeWNNSQzXEtxczlWSSPy
IbVy0cxBxMLSg5w21b8rXTv52jJrq4q6WyFJyjJJ9bpelk/xuk+ildN6NnpnjP8A4JJfAnx5rmsa
hfeHfFlvJr15pl/eQab498QaZZtNpoUaeUtra9jhiW32oY0jRVQopABUEeVfE3/gkBpV7+1x4I17
wvpVzF8PBPruqeMZrr4q+J7fXp9Q1KOBDPZFGkaMEW6rIqXUCyJIVZSqgN9G/B39ojU/iv8AsWaP
8T/7J03TtY1Xwv8A22LCbUAlis/kFwv2lwoEDMMiVgBsIY4r5L8f/wDBT743ab/wivgPwv4M0rxL
8YNevbyK6tE8PR2UenfZrGzu/s0lve63awNLKLv5JbfUrhfKjMqpLh40c7xqOD1cd1vo9Htulypu
3aPkhxT5U1pe9vKy+5O0mlfvLzPpHWv+CYPwR1nVor1PCWoaTJbnTngi0XxJqukW9rLp8Jgs54ob
W5jjjnihPliZFEhQBSxUADOu/wDglB8E7r4ZeCvB66X49tdB+Hd5dah4dis/iR4ltZ9NnuVdZZFu
Ir9ZmJWSVRvdtizSqu0SOG8F0r/gp18cJb7xbqOv+FfhX4Vh+HniHwnpOs+Ek1CbWdYv49ajtd6Q
3sU0dvHcQyXJ2hYriOXyXRWHElcr4j/4K/fGfQLf4i3emaL8K/FVjp+hWfiXwtefZtQ0jT5rSbXG
0xlMzzTT3uFMTLN9lskdt4QOoDkteShu5P1u+VS3Wnw637J63ViJT5Ie3elkl2dm+VL0u7W/vdr2
9y8ff8Egfh94Q+Duoad8KtO1fTvEUHhhvCOlRa/8QPE13pcelPMJJbDa17J5CsNwSZI3eBvLdFPl
qteofsVfADxP8EdC1abxJNqFjNq/lf8AEkl+I+u+PoLCSMyBpo9R1hUuf3qNGDEsUcaGLI3Fix8N
+Lf7d3xd+E37XPhLwEL74a+IdHvfEOm+Ftfk07wzfxzaXdajb3VxBI88uoLHGURLb/R4o7l5VLyM
9qHRV8T+E3/BSb9peP4W/Dnwv4W0Pw58ZPib4m07W/Ft68enW2nxS2sGpmFdO/03XLYQv+83G5iN
x5ETQD7G4+clOq5tq97trXuk5y+Vnzu+mt17zaJm48yjbWyl20bUI3v/AHkoLr393U+3P2if+CcH
wf8A2qvF9xr/AI18O6xdaxeJp6T3OmeKNW0V5vsE0k9mzfYrmEM8Ms0jo5G4Ejn5VxmW/wDwS1+D
NrZ3yRaV42ju7/XJfEjamvxB8RLqttqEqeXNNb3wvvtNt5qBVkSGREkVVDKwUYu/t3ftO+LP2bf2
BvGXxW8I6J4d1HxH4b0JdZi07Wr91sgMK0itJbh/MKqW2hCFkYAeYoO4fOnxe/4KW/Gr4W6prnge
28NeEfFfxBuPiLaeD9EudE0wC0gt7nQl1dPOtr7VbOOWdfngGb+3Epw6qG/cs1GUbqK2fTvzQWnf
Xld/7t+iNV+8UZt9G9eiUXdu+1k2rb62tZn2T8Y/h9qN9+zl4m8LeDrTTJdUu9BudM0uDVL+a2tT
I8LRp51wsc8irk5Z/LkY8nBJrw79k7/gl34J+Hf7IuleCfiB4V03VPEWoeG9O0PxI8PiXVNXt82S
r5S6fcXRjms4VlQTxx2yQLFKdygMN5+edH/bV/akk8ffGTXtTuPh74U1H4ffD7QteufAOoaI+tPB
KLjVDfpBPZ6uImnMVnM3Bk6wIdphcy934D/4KY/ELxV8QviDYxXvgXWdN8E3l54ps4rHwvdJd+JP
BsNhLIlxbY1OT/SHv43tVnKGNhEXEAEiCicfZ+0lJrVJy66Rbt63UpOyu2ot290iN5SpqCejtHp7
0lFta21TUVfo2tdT6I8Hf8E8Phf4E+KeneN7GDx3L4s0rRrjQINTv/iD4g1Cc2c5BljkM964lYlY
yJJA0imGHDDyo9uR4e/4JZ/Bfwp4B03w3p+j+Mrex0bU7nVtPuR4/wDEDanp891/x9CG+N6bqKKc
5aWFJRFKzMzozMxPz98Wv+ClPxu+DPhzS7uG0+CvxBXxhbeHtb0i/wBNa/02z0ux1TVbfTvs837y
6NzKGuomjnVoFlWO4byUMQR8n9kbx9458Fft+/Hv4Y6T4p8LWHiTVfHtprep6xruhajqGmarD/YO
ny3NhpsbakHgud0nmBHnkSKLcUidQUjtQm209kpffCceZW/uuTk31afLdu4RUHTdSOy5X6qUUo/N
x5Uk7e69bJWPpzWP+CXvwT1qLxxC/hnW7az+I+gWnhbXrKx8W6zZWVzpdqoWC0it4bpIraNF3LiB
Y8rLMDkSyBsPVv8Agj78CNes9WgvdJ+IV0muLpaXxl+J/ihnuBph3WGXOo7h5DfMmCMN83Lc1tfs
ZftN+LPjR4s8SaL42j0DT9XsLaHVbOw0+xliK2U9xcxxSpci4uLa9hZYF2zwyIzEtvt4CAp8y/aZ
/b++Ifwo/ba8O+CvC8HgjXfCV1r+l+F9WtZNOu/t1heX9pcTxPNqBuI4YOUgIghtbxzG7O7RAqDj
Ko1KLb1la3rfTbtJ202b9WOT5VO/2Lt/JJt/+ApPWzaSXZHY+Jv+COf7Pvi/Q7vTb/wt4pksr21v
rCaKPx74hgBtb25iu7q1BS+UrbyTwpIYVxHu3YUb23a3/Dq34KyLr7TaP4yu7rxLqNnq93fXXxA8
Q3F9DfWkflW93bXMl8ZrS4SL935tu8bmP5CSvFfMyf8ABT79ovxJ8IPhHeaD4G8Fa144+MyatcaZ
pejWK3lppq6ZMySRNPqGr6ZHcPcK0RUq8bxCOZxFcD5U+39A8W+L/iF+y/a609ppngbx3qvh5bqS
1vCmt2ehag0GWjc208a3McUuQTFOgcLw4zmirJ06Up9IaW+96d1zJ3ttJa7pspvmnFbc3X8Ne1/x
W17MwT+wd8Mh490fxRHpWv2+vaNZJpxvLfxVq0L6xbo7usepBLkDUwHkkb/ThOd0jnqzE9t8aPgn
4Y/aG+HV94T8Y6UusaHqBjeSHzpbeWOSN1kimimiZZYZo5FV0ljZXRlVlYEA1+X/AOwl8VPGXwB/
ZqfxP4Wn+EUXjs/CrRvil4z1DVdI1G0Pj62ZbsCLI1Fo479BA6z6oySmR57dXtwFUD17xD/wUy+P
Vv4I+IXi638L/CKw0rwR8TtL8BDSby51GS7lt9ROk+TdPcgIqzRf2hiSDycEscSDyMXHVUw8/auh
u4vX1c1D8ajtfum3ZalOLpz7a2T6u0ea2m1oWaXZpLW6X0vq3/BN34S60/gyWfTfF4uvAWqvruk3
UXjrXobptQdBE95dTJeCS+nMQ8oyXbSt5bPHnY7KfU/ix8J/Dvxy+Hup+FPFmlwa1oGsRiK6tJWZ
A4DBlZWUh0dWVWV0IZWUMpBANfEc3/BSv4v/AA18YJH4qsvhzruk6N8S9Z+Hmpw6HpN9a32qfZ9F
m1a2urfzLqUW77YhA0DCfzWferxf6s5XwW/4KgfHnxr8NtB1XxZ4E8IeDLP4tX2j2ngHxPqJs20u
3OoCVnFza2Ws3k1ykCpEqTGWx+0S3CRmK2bk86UqsElqnytLo3UScFrpeSs/RWdmrEyfsnzPSyk7
+UJSU3praMlK/XdpNO59Q6b/AME4fhLpPijwZrkWk+KX1vwFqk2taVqM3jTW57uS9lhW3kuLuV7s
vfuYEWHN2ZsQ5jGEJU+QfG7/AIJiP4d8S6Pd/CrSbm+0yfVtS1rXbLVPjN4w8M6g9/e+V5l5b6nZ
yXU6qRGwe0CJFIzK5YGNasf8ETfEVlqPwC+JmlReJNG8S6n4f+Kviey1GbTtRlvFjkF+5XJmmmnQ
Mm1lWWR2ClRuYAMeZ/4LKfArRfi78Z/2WWl+GHwx+J/iGXx9eadb6Z412Qafe2zaDqc0lvNcfY7x
1i3wxS7RBIDJDESAQHV2cnTd78yi+u01F281t22UtGlZqGtWO3Jzr/wXzr5ac1t17zWqbv6T4i/4
JGfCv4v6daXPxHf4g+KvEP8AZUGj3t4nxJ8TWcd1awTmeC3dItQQTLFJtIeUNI7oJHZpCWrdsv8A
glT8E7LXtQ1X+xvGdxqWqaydfurq6+IHiG5mmvGtWtJHLSXzELJbN5MkY/dyRpGrqwjQL8x/Hr9r
PxN/wTR+AFppXw18B/BPwXqfhuy1bxX4u8BeHbS41a00+KK8tk22zxS2NtZQvDOkrTygSs7rssHa
RwnsXjH46eOP2k7v4x6RDqXgDSvhn4RmvvB+v6W9zf2PiqN30tZ476G/guFWEySXESRweSrFMyrc
hsRVFduFGdSKurTb7NKS5u906jSvreWrWl0UlzThTk7NtJd9nbtZqGtnay91O9k/XPgL/wAE/vhb
+zL8QIPFHgvSPEOmavbeG7TwjF9o8WavqFrHpdp/x7Wwtrm6kgAi+ba2zeDJId2ZH3ez18Of8EcP
jr451X4b+APh14qfwndaRY/Bjwh4p0SXTYLiO+gS5hmtpIbt5JXWds2qyCREiA80qVbaHb7jrrx1
KdOtKnKXNZyV/STT/wDJr387u7vcxoz5oqVrXUX8nGLj/wCSuNuy06WPOfjh+x58I/2m9RsLz4k/
Cz4c/EK70qNobKfxL4astWks0YgskbXEblFJAJC4BIFbGlfADwHoXwkl+H9l4J8I2fgSe0ewk8Nw
aPbx6RJbupV4TahBEY2UkFCu0g4IrwH/AIKDftF6n8J/i38PPDF38V7b4D+D/Fdhqk0nje5tLCS3
/taBrX7Fpsst/G9tGk6S3TlTsll+z7IpI2yT5h4i/bT8bXH7RE2lWHxShtPGOjeKtJ0m2+Glxoln
BD4n8O3KWn2jxAqSx/b9qLNcz+dFcC3hFr5MiFwzHkprnShHaXpb4uV37au9nryvmty3ZvUvFqT3
Sv6aXWvbS19rrlvzWR9Q3n7AnwJ1D4V2ngS4+Cvwln8EaffNqlr4ek8H6e2lW12ylWuEtjD5SylW
ILhQxBIzzVLwx+xr+zx8GI5fC+jfCr4MeFF8bh4pdJsvDOmWA1/yoZA6mFI1+0bIZZgQQ21JHzgM
c/nn8AP+Cr/jPxtH4Yiuf2nPhl4g8U+OdI8b2Ftpgt9Ms9OttQ0/V0h0i5hSCO4u4zPbtIQshuVa
NVcRuUdpPV/Bn/BTjUb3x58NtIh+NHhWa18SaR4sgVdZi0y7udZvdPgi+x3sNzpx8q8tSwlbNpBG
ZXV1CIyNCtTTSfW6b9bXVvP4dOlnG9uitytWf2rLyd7t90r3d9Ho2k+v6AfD/wCGHhr4TeCrPw14
V8PaH4Z8O6fH5NrpWlWEVlZWyf3UhjVUVfYACuf+En7K/wAMPgDoWsaX4E+HHgPwVpniFt+qWmg+
H7TTYNSbaVzOkMarKdpIy4PBIr8/bH9ozxX8W/it+zu2pfGTxY9p4f8AirdaBrt/pZ0O+0zVrlfD
1xMLZbq2shFchrgS2+0QW0yGWSMxJPGkw9c/a6/a88Y+C/2lPEfhzSPiM3gzxX4bfS5fBPgGbTrG
aP4sQzhGutrTRNdSsjGWL/QpojbeV5sweNgK0lTlzK71np8rJ69907avraxn7SKjdbRXN2s7yjp9
2/nY9xufg/8As2ap8SvFvw6m8LfA658YeObSPVPE/hh9N0t9T8QWyOClze2hXzLiNXC4eVWUMBg5
rRvP+CefwB1Gy8OW1x8Dvg/Pb+DlKaDFJ4M0500QGYzEWoMOIAZWMh8vb85LdTmvlP8AYW8U6DqP
jb9rfxZ4W8fWnx08d+BfGWp3+i6LM2h3dxptwdJt41aF7O2injM7RPZkmQoy2m0DesrN5Z8Zf+Cm
vjX4ZfC5PE3hL9pbwr4n8Nald+HV1nW/EGiaWn/CH6ld6pDb3miL5ItkhdbWWa4MN2s11bx2Mnmu
RIsiRSTk6UYfFKNN+Sc03FX6WV1f5LWSiPdTTWilONur5WottW6tp69OrUXI/Sn4wfs0/Dj9oWbR
5fH/AMP/AAT45k8PTNcaW3iDQrXU202Rtu54DOjeUx2LkpgnaPQVy2m/8E+PgHo+jWunWnwQ+EFr
p9jFPBb2sPg3To4beOdlaZEQQ4VZGRC4AwxRSc4Ffnv8R/8Agp98Rp/Dk/hvwV8ePh5fadpPj/xB
oOo/E3XPEOj6JZ6bHAlvNpdpd3UelX1lGZjLcRhjaReetoVWaOT5m+mv2m/2n/Fvw9+GfwQtvG3x
V0D4L2XjbTJv+Ep+I2kQ2sukWOrRWsLwW8M2q27QQ211I05V7iJWZYlRWR5FYTTV6aqQ2ly26N80
eb8rXT1d0le6vTalLketub0XJJxf4pteW9j2jQ/+Cc37PfhjxBYatpvwI+DWn6rpV8dUsry28Fab
DcWl2SpNxHIsIZJcoh3qQ2UXngV0Hh79j74SeEdI1TT9K+Fvw60yw1xGj1G2tPDdlBDfq0jSssyL
GBIDI7uQwOWdj1JNfI3x0/bM8ceHvihcaLY/Fu30fxpoNnos/g/woNCsorT4zpPFE15PFHOkl2Rv
MyBbO4j+yhBJMZI2U14f8Lv+Cp3iP4g+NPCFjrP7WfgPT28SeLfHHhPVl0q10G2h06z01biSw1K3
W4E7xSkRRbXnea3eOdQY3YiQqTtF9kpP5Ky289FbdNWlaw1fl9o9NYr0clKS2vtZ3f3XufoFqn/B
NT9nLXN3234AfBO83WcOnnz/AANpcmbaHZ5UHMB/dp5abU+6uxcAYFXPE/8AwT1+AXjaC4i1r4Hf
B/V4ruZLidL3wbp1ws0iRrEjsHhO5ljREBPIVFA4AFfmX8L/APgrp8UfjB8ObrVIvj74THihPhn4
a8T+D/D2i6JprP4z8RSyahBeaJN5izvPJNNZ4aO0+zyxBwV2LFIz+m6h+258TLT4iWvge7+NHjG4
8SW3xL8T+DNW0nTvDml3up2thLotxdaRPOltpzNbtHcJF5U5VI5EMjSeYqFk0xNKVPnjLVxUn68s
oqy7tykreertpdTSjKMZNbpdNLwcteyUVbs3or2dvvSz/YY+CWn6NqumwfB34WQafr1jFpmpWsfh
OwWHUbSJI0it5kEW2SJEhiVUYFVESAABRiW7+APwZ+H+p+BDP4K+GOiXvh+ddN8GeZo9jbS6bN5U
hW307KAxP5SzEJDg7FfjANfl54N/4KD+N/gt+zz+zfYeH/jfrGoXen+FPB2o+IbDW7PRbeLVbbUN
Visr7M72jT3gtVYw4thb/Z9ge4uZ5H2V6F8Bv21PEX7PvxP8HeH9a+OFtqVz42+PXi7w7rWheKI9
Oi1Ce2RdQ/s+K2mSOExK0kVhlWWRib21CNFHJHHJvUoTjUlG9+WUl5twlGOi8+fRq/VW1KjDmp+0
S3V9dN6c5636pQs07brVLU/UHxR4X0zxv4bv9G1rTrHWNI1W3e0vbG9t0uLa8hdSrxSRuCroykgq
wIIJBrnte/Z88A+KtV8PX+qeB/CGpX3hFo30K4utGtppdFaNWWM2zMhMBRXcKYyuAzAYya/MT45f
8FOvih4H/Zf8UePPDfx10D/hJYvBN1qni3QNc0DTpI/hPr0U9okOmKsYglikneae3ji1B7iSRo1l
j3orIfpv9jj9tOX4pr+0notn8bPCvxNvfhxcx3ui6qi2M4022uNHguQJI9OQebbxXZuEVgjSFYyj
PI6knncHGMqn8qctNfhaWjWj3une1rtPuct5KF92199k9/Oya37qyPp341/s6/D79pXw5baN8RvA
ng3x/pFlcC8t7HxJottqttBOFZBKkc6OquFZl3AZwxGcE15uP+CVf7L62bWw/Zv+Av2d3Ehi/wCF
f6TsLAEBsfZ8ZAJGfc182eG/2tvH0XwVh+J0nxU8Y+JdA+DviyPT/H9nodjoOs2viCxe2hW4MN1a
2Aef7LcybmEEdpMqLPFJEJEV6F+N3xY+HfxRtfAHir40+JdV8ReK9GlSz0+0tdAOs6VdNpU15K0l
omnwOUglkt0S8gNxD/q45YVkYytlV/dwlK17a+toqS9bq1n30dmFP940r/npq0/Sz3vbRpq6Pr3w
v+xD8F/BHw61Hwfovwh+F+keEtYkklv9EsvCthb6deu8YjdpbdIhG5aNVQllJKgA8DFaWtfso/C7
xJ8MLTwRqPw28A3/AIL0+2+xWugXPh60l0u2g3I/kpbNGYlj3RxttCgZRTjIFflj8BP21vjj4d8D
/s+eEPDfxa8GaXpj/D3QNVtdT+Iet2ulr441CaR11DSoli0a4fUHtESOFYbWe1uld1aSS5Ytje+F
3/BU7xH8QfGfg+x1n9rTwHp7eJPFvjjwpqq6Va6DbQ6dZ6atxJYalbrcCd4pSIotrzvNA0c6gxux
Eh6MVB051Iyd1Hm178j5f1tH9ERCXuKa0+HvpzpyX4Rd/Ox+qOhfDDwz4T1O1v8ATPDuhaZe2GnL
pNvc2thFDLb2StvW1RlUFYQ3zCMEKDzjNfPPxZ/av/Yq/avbTvBvjr4lfsufEpk1FBY6Hr3iHQtZ
IvjmJfKt5pH/AH53sg2ru+cr3xWr/wAEwP2ytL/bR/Y0+HOvXnjPwp4p8cap4Ws9R8RQaXeW7TRS
vvhkkkgibMQM0MyYwFDxuoxtIHj2n+I/gzrv/BVf4u/CnWtU+Hd5pQ+DWg6Ne+Fby9tJIxbW93qs
s9tJbM33Y7aaCR0ZfljlRiArAmcRTdOrKnU15eZ+vLzSbu+l1vbd3e1nrTivZTmtGuX/AMmlGCWn
W0r77K2zuvsDw/4T8BfELRvDGq6XpvhDXNP8MM48O3lpb21zDpJWN7V/sjqCISI/MhPlkYXch4yK
oeJ/2U/hd43+Gul+DNa+G3gHV/B+iSrNp2hXvh60uNMsJFJKvDbvGY42UkkFVBBJr8lv2S/+Ci2p
fs9/s3eGvDXwp+J3gzxvc3fwt8S6voHgO0Gnsui3tjrKC3MCWyNdsTZy3crQt5u5bItHEoVlP2R+
yN+0N8VfG/7C3xJ8Rah8W/hP481a2Z28I+KtC16PXrW3WSJFWG/u7TR7O3M8dxvGIrAmNHj8yN2U
mR1IvldXolza76TlH77xb3tbW9zCn9mm7Ju0fLWKl91pW1t6WPta40azvNIk0+a1tpbCWE272zxK
0LxFdpQoRgqV4xjGOK881b9iz4Oa/wDDu58IX/wm+Gd74TvNQbV59En8L2MmnT3rMWa6a3aIxtMW
JJkK7iTnNfKFr+1z4zb4DeCvjPpvxE8e+K/BHhbxHc+HfFWn6Vp2g6mviSFwbW2vobmzs5FulW7a
3JktGt42WWTfHH5TRjlvGXxs+Lfw11LxT8MPEfxz8S+JPGuoeE9QfTxpVloR1WyuINEkupZZbWLT
4JYQLp9iXcSz2zBLaErHOzu+FeTpwnU3cU5W72XPp8rO+yutbm1GPPOMF1dvTVwfpbW6dna+lj6T
+DP/AATu0nwB+2B4/wDiz4ih+HXii58QXdnceFY18Ex2upeCkt7JLIxwXz3ExKyQxRhvKjgGVPGC
FHYeIP8Agnj8APFlpLb6r8Dfg9qcE80txJHd+DNNmSSSWXzZHIaEgs8vzsTyzfMcnmvz1+F37aHx
l0vxZ8GvBvhT4w+ANL8MWXg7w5f6bd+PNZtLB/iLDKp/tFbaCDRnbUXt0TyYlsru0dGWN5RcK+5s
j4Qf8FWvFHxBtvBq63+1z4HtLjxXpfj1NVfTLTw/axaW2j3sh029tUnWZoWmt1Y/6S88TwplV3hp
jviaao8ybuqfMl3tC93315fVvfqZYebrxhLZz5dO3MrpdlZdOnRan6Z+Nf2evgxZ+KtN8Q+I/A/w
wi1yeaw0zT9S1LRrFbuSWBybG3ilkTeWjbPkopypzsANWPEX7HHwi8X6DY6Vq/wr+HGqaZpmqy67
Z2d34Zsp7e01CVzJLeRo0ZVLh3ZmaVQHZmJJJNfKEv8AwU2luf2Qv2P/AIj3XxZ+G/h5Pi1qWlWf
iia6NsYdSeSwkN3FA7ShYPJvFCygAsp+TMbc1wH/AATe/wCCm2t/Gr9oD4V6R4q/aI8C+O7r4gwe
M7G68P6bBpVlAJ9N1dY9NuLZIi10rTWnnMEkmkV40VlBZXkfR0JqrOg3rCco/OMVJ269tdNbbWuR
GcXTjUWilGLXo+da9NEnp0W172P0B+OPgz4d/ETwNH4V+JWleC9d8Na/dQWaaR4mtba6sdRuN4aG
IQXAKSSb1Uou0ncAQMgVy1h/wT9+A2laFr+lW3wS+EVvpnitYV1uzi8HackGsCFt0QuUEO2YIxJX
eDtPIxX5t/tAeMtJ8L/tO+KV8efGAWPiHTv2mtETw8/idNKQ+F7JtFtmNxZs1vGyB45DEPMd4ytu
h2M3nNLJcf8ABUj4w/E7wB8PdM8DfHL4T2wlvPEmmt8QPE2vabo2leJNUsNYe2sLC5ePSr23aSax
MFy1tbrYyzrMHgmReKwow9pTU19pr7nShU19Oblfmkld6LWrJwquHSK38+ecdPL3OZeWrsrN/p7c
fDT4WfB42V5L4f8Ah/4WNzZW/hG0nexs7HzbR5NsGlxsVXMTSPhLcfKWfAXJrmrr4ifAL9nX4haN
oR1L4V+D/FUy6f4I06xgNlZ38UciyS2OlqiYeOJgsjQwkBCc7Rk8+E/8Ff8Axv4J8Mfs/wDwO8S/
EO+8FaNq1l8U/B17YXuqSxW/2KUalbPdvavcBJEC24mLkBWEQfeAobHufiP9inRPFP7RQ+Jy+LPG
llqTXOn3qadaXNoNKElrHNF5nlNbszNNDO0Ujs5bYqCNoyM1pGDa55vT2ji/RRhJv1ftJL73Z3aM
+eNnGK15FJerbSXouSL+SWlky/efsEfAvUfB+peHrj4LfCafQNY1T+27/TJPCGnvZ32oYI+2SxGL
Y8+GYeawL4Y88mnXX7BnwNvte1DVZ/gx8KJtU1a/TVb68fwjp7XF5eIsipcyuYtzzKJpQJGJYCVx
n5jn4f8A2z/+CmPiD4E/tifFzRbn9ojwJ4T0T4cX3gW407w41rpcMtxFqF+8OqWd5JctJNJi22zl
4TA0StC3yqHMvlHxQ/bK/aA/aB/Z+/aRuLr4p+DNDttN8L+IPtPg7Rdct7nxb4Va3mb7JItkNHjk
tbWa1STzJri8uxKJo3t5YshTFNOSTi+j+5Ri99tuVb/Z6JJnRKPvck3o2l31l5b9bvvfrqfrN8P/
AII+C/hNqmsX3hXwh4X8NXviGVJ9UuNK0qCyl1KRECI87RqplZUAUFySAABxWL8QP2SPhT8WfE13
rfir4ZfD3xNrOoRQwXV/qvhyzvbq5jhLGFHkkjZmWMsxUEkKWOMZNfB37R/7TvxX/Z11G+0/QvjL
4/8AGGn2+j6H8R9Lv5dJ8PqbvwzZNKniGJjFpIVwYkhkjdFVzLeW4R0j3btT4qftd/EXwVZ3EOo/
HDWvBmoat4ZPjj4djVNB0h/+E+u7m6vHi8OiI2avMIbZLCPyLby75zdM/mtjAJU9r66tLrtpot3t
KKSTd4TSWmuNOTkvNpN9tWuu32ot32Uot2vp9e+L/wBlP9n/AMGfAy28Fa/8Nvg7pXw0h1COWDQd
Q8PabBoSXssgCMts8YgEzyMACF3MzDGSa9K8QfDzQPFngS78Laroej6n4Zv7NtOudIu7KOawuLVk
2GB4GBjaIp8pQgqRxjFfkD+1l+2Nf/Fz9mr4zeIviR8UPh/4kvfg98bfDumeHfDEK6Vpllp0wvNH
uQslxJ51wlxCF1KDzxMi7Uvi6MqhIfqbxn+27deG/wDgl98bviz4V+PWn61418Nadeaq8fiKz0iW
LwLfozqNFNtaJbtnzY2t42uZJneTDhpVIRirFxoSqz1Wja8nCEl5N2lrukkk3dpG9Gnz1KUKb1k3
FdLNSaforr1bvZe62vp3SP2GfgnoGleHLCw+D3wssrHwdePqOg29v4TsIotEunYM89qqxAQSswBL
xhWJAJNQ6z+wP8CvEWma5Zah8FvhNf2fifU11vWILjwhp8sWrX6+Ztu7hWiImnHmy4lfLjzH5+Y5
+Ef2nP2z/iP8EfDfiO9sf2ktW1J/GHwXHxA8FywaJoFxDdavBPG8sGlxx2LPdW7wEbo3a5kSKQuJ
RgOKHwl/4K16p4j/AGj7WTVv2kPBE2izfGebwXbeGW0vT9KFxo0+grcwmeKfdfx3EF8UgLeZHmXz
Y3jyyRxX7OT3eq5tOt41FT+9zSt5RvpY5oVIvVdr+v7t1P8A0lv5trqfeen/APBOr9n3SdStr21+
BXwctryy1L+2beeLwXpqSwX2QftaMIcrPlVPmD5sqOeBVjT/ANl/4EaY/ijwPa/Dv4SW7eNkbVvE
Xh+LQdOQ68vmAG5u7YR/6QPMYAySK3zN1ya8N/Y//aL8WfHv4Q/FzQbz4jX3iLxh4Z0dC+saHHpt
zb6beXEN1KEtZI7aPZKmIx9jvbUXECrD5pmMvmN+e/hT9qzSv2evhzoPjnRvj7omhfE/Rv2ZtO1a
/wBT1SPRW1TXb+K+SSHSpxJAomjUlrYAIbnbj995oZ2mFO9X2MnZafdKFSSfovZJPTqra2LqNxhe
GrvZLz54R/H2ja+bdldn7UeEfgF4F+H9/p91oPgrwlol1pKXMdjNYaPb20lmtyyPcLGyICglaONn
C43mNS2Soxi/Hn9kr4RftIyWV98UPhl8OPHz6HFItpceKPDtlqp0+NsNII2uI38tTtUtjAO0Z6V8
a/sg/t0/Fr9o39v27sn8ffCiHwMNTv4U8Fv4lhm1u90QRFtP1mwsYtLEzxz5hlN02pzWrRSkCONw
BXaeHP2lrb4l/Hr4paF8RvjH4f0OLw5ca7pWr/CLWtL0021x4fihfyNWzIi3hiliKyy3DySWex2i
8tHBcY13JU1NrXklNX6W6Pdp69Nru9tS6bTk49OZR0s73vqtdV7r/Dur+x+Ef2Vf2YPFegaF4f0H
4b/AXU9LTTbq/wBG02w8P6TNbrY3bLHdT28SRlfImO1JHQbJDgMTwK7LxP8AsbfCHxt4mm1vWvhV
8N9X1m40k6DLf3vhmyuLqXTihjNk0jxljblCVMROwqSMYr8qP2Q/+Cn+t/D39jDQvCfwp+IXw58Y
6h4V+CWg3un+GdPuLaS98P3ov1ttSnumj+0Sk21qwnMYgYxKmWhl4B14/wDgph8VtA8Saf4d8V/t
cfAyy0PWfBnijX9I1/wtqeka9eyPYpbNZm41Cews7GeVpXukMVvp0Y2WsgJMgZo9sRaLmr3UefXu
ouadl5qMrWvfW3VKoUpOpyK17paPRXUJXv2vJdtemib/AE8+FH7Ffwb+A/i5PEHgf4S/DPwZr0dm
dOTUtC8L2OnXi2pIJgEsMSuIsqp2Z2/KOOK9Mr4J/wCCePx01D4+ft4+IvFN38TtT8QaZ4r+EfhD
WdN0W1+wyaNK8x1D7XNAY4PNCwzxspImwHuHSTeRCsf3tV4ilKlLkm9Vf5WbT/G7/wCDc5aFaFSK
nT2ai+2jjFrTyTt8jO1nW7nTNU0q3h0jUdRi1C4aGe5t3gWLTFETuJZhJIjlGZVjAiWR90ikqEDO
ujXyX/wUJ+Ffi7xt+0J8Gtb8O/Df4g+OtL8PR6/Brk3h7xPZaTHaW97pc1qiiO41C1LXDSvGUmjB
eJVkxIhba3wppX/BOP4rT/s+pol9+zB4vk8VXHwLuvCepXd14j8N3H9peK47lG069kkbVmMz2+JJ
IrmQb4AwEe0/KMYtPV6LX8pvb/t1L1ml5vpUU5JXtdxXl70oq9+y5m5dlH7v2fY7QScnHpzXnX7L
/wC074f/AGtfhtc+KvDNpr9lp1rrGoaI8Ws6e9hdrcWVzJbTboX+dB5kbYDhWx1VTxX5p/sz/s7e
KvjJ+0h8QEsvhj4n0nxx4V+L2ga6/jbXfENjqF54HhTSNFutV0zzDez3B+1I08IitPMtmWbazxpE
i1S8Q/8ABNv4w/HTUbUeOvh78W9G8Gt4s8W3sWk+HNV8FTaxpNxqWstf2etRPqEl1BCVt5TEZrWW
G+gkjbyw6PuO/sUpRUpfEr+icYST878ziu7Tfw6ifL7Ny6qUdOtnzp6eVot69bb2v+v1Ffk1pf7B
fxE0/wCOT6pqX7PHxE8RBfjcfEh17UvGGhalcT+GpdHjsb2Myz6os5huLhDI9qI0SSFUVolCrCvM
eE/+CZHxk+IemeC9O8beAPi/4V8HeGpNU03w/o3hfVfBDah4Mkk1y7vbTUIpb17tLWFbK4trcPp0
sd1D9jdFjkjMZMQgpcutr2v5XgpP7m+X1T2sRNtJtf0+aUbaX6R5r/ytb3P2JuLiO0t5JppFjiiU
u7uQqooGSST0AFZvgTxxpPxN8FaT4j0G+i1PRNdtIr+wu4s+XdQSoHjkXIBwykEexr8tPDn7BnxB
i+K9rNefs5+NL1tR+JPiubUfEGt+JtC1Xf4b1PSprKKKZ5dUkuJbdrh7eZ7cRnatvkR71RDh3P8A
wTO+Kth8LvgLpOlfADTdA1f4T6B4Tkg1HSr3Q2uYL+01iObWoi0t0EtWuIhJP5lkm+73lbi4GFhL
oU1NQcnbm9nf+7zKTlf/AAWintq2ugNv3lbbmt52kox/8C1l1srX3P1V0v4rWHikxt4ehufEtvFr
E2iX9xp8kAi0qaEOJmlMsiFlSRBEwhEjh3A24Dlenr8x/ht+wn4//Z/+K/w/l8NfA/UbAaT8a/E/
ijU9a8O6vo9nYy6RqMeoRWtzc2pvITceSt3ZhFaOSaNbW5VFUeWJ+E+On/BN/wCKfi74Gpb6V8EP
E1j8Q9N0mPSfGer6B4w03TX+Ld8L2zdNSeRNQha4RY4buRjqJjlQziJI5FJZYjFOMW3va/q0m9Oy
fdp66XtLl1xEVCUlB3tzW+U5pX83GKd0rWa0V1zfrnRXy3/wTW+GHiH4Q+Ifjdp998J9c+FPhTW/
G7a/4Ys7u90qa3ntprG1inMcVheXAhZrq3uJnVwm43Kt8zNIF9V/bU8LeIPHH7JXxF0XwtoEHinx
Dqug3VpY6RNfPYx6jI8ZXyTMk0DJuBI4niz0MiAlhNb3IqS1vGL9G4ptddU3Z+a2Ipe9Pllpq1fy
Ttfputf1K/hD9k6z8H/tfeL/AIxp4v8AGF7qnjLQ7Lw/c6FcfYP7HtLezeSSBoQlqtz5ivPcsS87
g/aHBGFjCaf7VP7TOg/sgfA7WPiB4nsvEGoaNohiE8Ojac99dHzJFjU7FwFQMwLSOyogyWYAZr8x
PAH/AATl+IvgT4i+FNO1b9nfxr4l+G+ifELXfEP9h2ur+F9P0dNF1Dw5FbfYW0mHU4bIt/aDONnl
OFRZSZZPMZpYdf8A2APjx8QP2T7Lwnrn7PreIPFEHw+0bw14Rudf8WaT/wAW9vbG5lW9JlS6nMa3
UBiZJbQSvKsYinEaqK3cY2heV0lH7neUl6x29X5JPOU5S5pJe9r9692L9LJN9UrabtfsJG/mIrDP
zDNeY/tL/te+Cv2UfA3iLXPFFzqVwfDGgz+JbzTtJsJdQ1D7BDJHHJOsMYJ2K8i5ZiFADsSFR2X0
Tw9JeS6BYvqNvBaag1vGbmCCczxQy7RvRJCqF1DZAYqpIGdozgfBX/BTz9iLxR8UvjN8QvGfgz4O
6f491vxZ8FtV8EadqtvNpNpqGn6lPI8cYMt3LE6hobhhuVsCNJgSDsSTlqtqagtve132hJr75JL5
m+EUZ8rqaXcL9NHOKl90W5fI+9PDuuReJvD9hqUCyJBqFvHcxrIAHVXUMAQCRnB7E1cr8n/Gn7CP
xX8beHPG2heHPgt43+HngvWdS8L67rOjJqHhG6n8Zi106W11K3WG5ur2xe5eVraRjfRmG4+yndIG
KvX6A/sG/BWX9nn9lbwr4Rk/4TZE0uOUw2/i270261exikmeVbeZtOVbJREH8tI7fdHGiIisQoNd
E4xvNxeiaS81a7fonp52vpsctOcuWHMtWtfJ3en3K++l0tdTrfir8G1+Ll/oy33iPxFY6Jp03n32
iWLW0dnrxDo8a3TtC1xsR4wdkM0SuGZZBIh212VfP3/BRb4Man8aPhHosOleFtU8Y3mgawmsQ6Za
DS51mmigmEJlttSkitrhRK6MFM8DxuqSpKrxqD8+6n+wJYX3x18IaDqXw4+Fi2Pxc8Jaff8AxT0Z
bWK5Y3mgvBJbtG8sbvcxyzzxwO88h+WBG+ZmZqxg73T01/Rtvu7JPa/RdTomrJPfT9bW7X1ur2vr
rofdnjHx9o/w/trCbWdQg09NUv7fS7TzCc3F1PII4olAySzMfwAJOACRr1+YUn/BNzxRqng3Q9Gu
/gNousaF4H8eeHNYtLTXf7CfUdYhja7/ALQmdopjaTIrXKObmSK3u7n9+ZIXdY/M8x+Jn/BKH4tz
/Cr46yzeFfjP4p+K/imx1TTo77SPFHhXRfD/AIwF1fCa0nM8DWmq3DWyrEPL1SUrFGJ44zKjCN9I
RTbUnbV6+XLBrRN6tykt/s+TJ151F7WX3uU0+2iiov5n7F0V+UWv/scfEbRvib4p8SeFP2W/Gmlu
nxS8I+MPDnl654Yjmsba3jtxrk0X/E2Kwz3IgmWVlIe5+0J5hYbyn6uIxZFJBUkZwcZHtxRyL2an
fW9rf9uxd/S8nH1i/RQpvmStuk/vbVvVJJv1+boRa1cyeKp9ObSdRS0itY7hdTZ4Pskzs7qYFUSG
YSIFViWjCYkXa7NuVdCvzU/4KKfst/FX4r/Gz49jwt8Hvin4n0fx14c8KWel6lp3jfTNPs7q90+/
nluhHHNq0E0MJtrhFMZjSOWSGUspLK7/AEP/AME1vhh4h+EPiH43afffCfXPhT4U1vxu2v8Ahizu
73Spree2msbWKcxxWF5cCFmure4mdXCbjcq3zM0gVUoqUW27WTfq7xVumvvN7bR9baYj3KnLHVe7
+Mbvvs7J67t7WSPXP2hPC+i/YYPF3i/xlrGheCvBUTaxqumK9tFpd4bd0uI7i6cwtcnyGhDKkUyI
+SHSTgCT4S/tOeHvjP8AFj4geDdItdfh1T4bXFnbapJf6c9pBO11CZozbs+GmTYAfMC7CThWbDY4
z/gp1+zvf/tXfsB/FbwBpOiad4i1zxF4fuIdKsL3yRFPeBd8OGlxGjh1Xa7EBWwcrjI+JfiZ+yB8
RYfjPr3iLw3+yz4jtH0nxT4DvvBs2l6x4Yt4dD0/SQi362yHU4vs5NuJbfYiKJA4Qkx/MFS1koPZ
tL05mk5Nuy0XS+y3SSIrXspR3tK//bqul5Xb3s9dk9T9UabNKIIXkYMQgLEKpZjj0A5J9hXwN/wS
l/YN8bfs1fGvX/E3jyH4lp4wutPn0/XtXu7vwuvhrxhK9yJUvYl0+FdTuJ1C4D6mfMiSR41eUHI+
+Z5Gihd1R5WVSQi4DOcdBkgZPuQKU1aCaerV/TfT7rPo9bWKT9+Ueidk+67+X4nz63/BSLwh4Y8Y
eINF8b+F/iH8OrnRNJXxDbNrWkJc/wBtaYbmO2N5bR2EtzMESWaESRzxxTRCRWeNVyRFJ/wUj8G+
IfjT8IvCHhOK88R/8LSuLlJLp7DULH+w4o7O9uFaYS2nlpO0ljLF9lnkgnGHYIwjcDlPDfw51L9s
nx74utvi58DPin4JtNe00aWup3XivS7KC10+C6WaK1trjRdWkvllnk2zSttiQiNY2ZhGoftvh7/w
TF+Dfwt8Z+EfEGi6L4qh1fwPPJc6VPceONduwJpDc7pbhJrx0u3xeXShrkSMqzuoIU4q6fKlF1Pn
bt71vR/Dfo3zWsmhTbvNR87eTsvvXNzW305b3d7+/UUj8oRycjoODX5M/Cz9h/4z+F9Vsz4f+C3j
7wR4zvdU+IFiPHeqeKNF1G40nTdWEp0kzTDVZryeKF2tnaMK7I8LsFZjufByavpsm/VrZdtfXRXd
maqCcVJu3vRT8k73l3srdF1R+qHjHx9o/wAP7awm1nUINPTVL+30u08wnNxdTyCOKJQMkszH8ACT
gAka9fk98Of+CSWsaf8ACrw9LqXwl8X+I9Q0zx74e1rW/DHjWXwU+mXX2YTxXl/p8WlwwwFZROrT
TXW27nWFd0Tuqh+n+I//AAS78b+EvitcXHw/+FXgOHw/4D8W38/hBY7fSkN9pfiO08jVFJkXfBFY
Tz3UwiG3zkCIqvtCnfk1cbq92k+nw07X7JynJOWyUW2lZmCm3q1ZWT/Gd/VpRj7trty7an6dV5x8
U/2ofD/wi+OPw1+H+p2XiGbWvindXtppFxa6c8mnwPaWkl1ILi4OEjJjjbYgLO5BIXarsvxv4h/4
J6614f8AixdaRonwgS3fQPEOmX/g34jaHqVhYnQ/DNtHapceHY1+0RXtu0kUV1CsMUf2V2uhM8sb
7seP2H7A/wAZ/DP7On7OFh4X+CXiHR/HXhvX9ZvvG97qeuaJf3M1o9tqMEFteXj6k81xFOmoNGHi
eSSCN5nUK4RXUORrmb7abbq+u9rN2dubVO1002Sc0+W3R9eqva3R33V2t1ezuj9b6K83/ZK8IaV4
D+Auh6Tovwqh+Cun2iNt8Iww6bFHpjsxaTaNPlltyHdmbcrbmLEsAxIrxn/gpH+z3rnx4+Lf7PEl
h4B8SeOvD3hzxrJeeK47PW7a006DSpLGeBxd2txeQLeIZpYGMYjmPlxTrt+fy5SpG1RQj1aV35u1
3a6033t5l0nzxcnpZSfq0m0tbatqy82fV1FflL4//wCCbfjrwDrUumeBP2d7JtH8H/ETxTq+kXOi
eI9M8Nl/D+s6JcWxttKeGZJrd1nePdFJ9lTzIoisgXMsbf2cP2DPiB4d8BXXhPWv2e/G/h6w174V
eEtC8T3Ueu+GLhdf1vSrp2ujNE99cJeCSF0jAuYxHPFEYXeJNhBBRlTU72bUHbqnKMpNf9u2Sf8A
ekkH2pRfRy+aU1BP5p86/upn6uVi+OviLovw1060utbv47GLUL2DTbUMrO9zczOEihRVBZnZj0AP
GScAEjhf2KvDniXwn+zV4dsPF3h2z8Ka7Ebl5tKtnQi1R7qV4w4jmniSUxsrPHDNJFG7Mkbsiqa8
6/4Kd/swy/tJ+BPhvLbfDrR/idN4J8e6Xr8+jXyWJaa0jMiT7DeMsQwHVmBYEqhwHYKpmquWpGF9
HKKb3snJJv5Jt9tBRbdOUraqMml3aTaV/NpL5nq37LX7THh/9rz4MWPjvwxa67Z6PqF5e2UcOsWD
WF6klpdzWkokgY74z5kL4VwrgY3KrZUeh1+RHw3/AGFfjraaTHH4e+Cviz4W+P8AxL4e+Imkal4z
l8Q6C4sH1jU2v9JWV7bUZZ3jhG4fu4n8mSYsikM7V9hf8EmP2Tb39lb4ceJYLnQviT4T/t66t7iX
RPFM3hdbe1uUiKTS2UHh6GO0jil+Us7gTSsCzorZL6yjF3adtL/Pmat56Lm6b7W1CTsk97tr0S2b
/Jffe7sfWtFcH+0/8P7j4r/s++LvDFtDqVxNr+nSWATT7uC1usSfKzRyTpJCGAJOJEdGxtZSCRX5
vfFr/gmx8UPjhZeALfxN4E8baN4A0pNT0+18O+BD4Psda8MzPcQmy1VodRku7C0lS3RoxJpNwk8G
xGhCiRoo8YO9Tkei7/f/AJJfPtdlSso81+u3X1/rt3aT/V2ivzM+Ev8AwStl8X/s0/FU+L/gp53x
U0bx1deKvAGo/EHVNP8AE9/eiGW1uLWNb/7TcyQwzvaiOZGMIKyHKY6QftZ/8EvPE3xu8Z+Ddfuf
A/ivT9C8Vx6jq/irR/h8fCUGs+H/ABHe3EUqam8urRvA00Nuq25vbKVbxGhDRs6ucXFJuCf2kr+V
4qS69HzRfaSjf4tJT0k2tm0vNKVm/utKP8ybt8Ov6dUV8ef8E/v2XNb+Gf7Vnx48UeMfh/4lsJdW
1+1uvCniPxFrtnrkl1bHTre3u/srJcyzWqyXMMsjIYbdWjkhGwBBFF9h0pRsou+6T9Lq9vVbPbUb
3a7P+v6V15nN+NfH6eEfE3hywa58NwDWrmaOVdS1f7FdGKK3klZrWLy2+0upRdyFowsZeTcdgRuU
vf22/gxp0d+9x8XfhhAulLavetJ4psUFmt02y1MmZfkEzfLGWxvPC5NeW/t2/sseNPjp8cvhT4n8
K+C/hP4otPBkWt2+r/8ACW6xcWFxdWuoafJZtZRiLTrtXgcyLJIHZQfJUbGzuX5Q8O/8El/j/o/w
B03wYfDH7PkFzpfwM1T4Sx3sHi/UgGubydG+2hf7FBSMKhZkBLM7kZx8xUWnrLZX/Kb/ABcYR23n
fVR1tJOSi3a7ivk5RTf/AG6nJtXWkbbvT7r8B6t+z58E/jZq2jeFrj4N+E/iR8Qb+SXUrDSpNNsN
c8S3kaGd2mjjKzXMypOZCWDMBNuOA2TgfAX/AIKL+DPiN8KYPEvjy70L4P3V/wCL9U8GWOleJ/Ed
jFcXt9ZXstoYY33iOWZ2iJEcTSdcBm618NfsNfAnVPj/APGz43/D/R4/gno1h4R+MPhzxR4tufDP
iCS71HS9S07TtKnkitIks41lS4vLa7ie4maB0b7WDFI5bb1Uf/BHX4peMtem1Lx5pXgPxHp2rar4
pt9U8L6b8V/E3h+xn0vWtV/tLzWurCzheeRC7wSWk8TwyqkbiWM5Wt3SjFwu7pxT8rOMJRa9W3BX
0SXO7R2JNck29JqSv3+2pX9LQk+rfuJ3P0C1v9qv4X+GvFjaBqXxJ8BafrqNcKdOufEFpFdg28Sz
XA8ppA+YonSR+PkR1ZsAg1HcftbfCq00fwlqMvxN+H0dh4+kWHwxcv4is1h8Ru33UsnMmLlj2ERY
mvhjwh/wS5+L/wAPPiM0+j+BP2fIPDsfxst/ifGkXijUIJmtIdMWw8pozpD5uXYPclmlbEkjAu5J
lPOeC/8AgjB8UNVlgl+IeleBPEmnamNV0nVfDml/FvxRoWnQWN5rl3q6XIksLO3N7IrXrxPaXEQj
f7NE6zRFmVYhGEuXXdq/TTkTfz5nyLWy5XJvlemc20nb/PXmlHy0UUp+akorVa/oP4h/a++FHhPW
b/TNT+JvgGy1TS7a7vLuxm8QWi3VvDaoHuZGiMm8LCrKXOPkDDOMiua+F3/BRT4H/FvwV8P9c0z4
qeAYY/ijAJ/DFneeIbKC91dgQrwwwmXdJNG58t403MjgqwDAivkrwH/wTL+MvgbxtpSad4O+Amh+
Hrb4oeIfGc82m+J79LmOx1TTLjThGkH9kKrToty0rK0wV2iVd43l1qa//wAErPjrrvwu+F/hibUP
hV5Pw/8ADng/TvNs9YvtPlkutC1SK5YTSR2BlvYJoEJjWZ0jt5WYiCRmMwdCMJKDm7X9nfyupOp/
4D7qXd3s9dBuXvK23NbrtJRh23V5PstLX3+w/hR+3T8Pv2iLoL8PPF/gfxIll4quPCupB/EMUM8c
8EcrSLbxoshnlzHlY28rdEHkDbVAfp7T9rD4Wahqviewg+JfgCe+8EusfiK3j8Q2bS6CzHCrdqJM
25J4AkC5NfIsP/BOn4t+HPif8Pb+x0/4TapY+DPi14l8cDV7nW7201i20zWRfCWGADT5V80fbwxj
MiozWERLnzf3HC/tAf8ABIn4rfG39nnwr4Lv9C+BOtaj8KtGXw54Z1TUNSvEfxDbm8spjeXoOnS/
Y5ljsyfKi+0iSadpPNiAKPEVHli297X+5XfyfTrzPW0Ga4iMYykqTv8AFb5Tmlf1iou/ppdn6J/D
f4s+FfjJoc+qeEPE3h/xXpttdS2E13o+ow30EVxE22WFniZlEiNwyE5U8ECvBv2uP2v/AIu/s/8A
xE0PT/DPwk8EeJfDviTxFp/hXTtU1rx/daLcXF9dxs+/7PDpN2BbIV2mTzd5YNiPAyXfsf8Awd+L
/wAGfiZ8UtQ8SeFPhZY6R8RvG6eIIl0Txbe3MunWf9lwWb5STS4Vkm8yygYKGVSLiTLgwqJtT9vr
4OfE74xL8L2+G+k+BNTfwd4zsvFOojxL4iu9IDpa7tsMPkWF3vaTzHyzbAm1eH3Hapx9+jZ6N0+b
bRPl51/26nJX8vkZNy5Ktlqoz5fVKXJ97S0fc534Bf8ABSn/AISf47+KPhp8XvCui/BLxd4ebS7a
yi1PxjZ3lt4qub6W+jiXTXKxSTIwsi0YkjjncPzBHgFve9B+O3gjxV8TdX8E6X4y8K6l4z8PxJPq
mg2urW82p6bG+NrzWyuZYlbIwXUA5FfGX7Wv7CXxv+LP7RHxV8VeGfDnwWvrDxnF4Mg0i41rxZf2
l7bJoWpPqMplSPSZghlkkKKEkbaEVzknYOg/Y4/4Jn61+z7+1BfeL/Edpp2vLa61rmuaN4jPxF8Q
3V1bjVppJ57P+wpAumQbWlCG5ibMqwoxhR2LLceWVnto/wAFG2/d3vttZa2uVNFJx1d1ZeXV39dE
t7u70Tt9WaZ8efA2tfE/U/BFn4z8KXfjTRbZbzUNAh1e3k1SwgbG2WW2D+bGhyMMygHPWsjwv+1v
8KfG/hy91nRfid8PdY0jTtSXRbu+svEVncW1rfMwVbSSRJCqzliAIyQ5JAxzXzzpH7BPj248A/FH
4banF8Oo/DXimbxRdeH/AB5b3E8vinT/AO3JJ5pIJLRrURoUefY06XjebFAimJScr5t+0R/wTT+L
n7ROseG/GWqeDP2fE8a6BrXhNvsS6zenT2s9EvprtrpLhtLaRLidJTbJAItsEUkgM8wbZU0lGUoK
Tsny3dtk3Zu2/urdbv4loVWaipuOtuay72S5denNq77K3K/eZ9k+HP2yPhD4xOnjSPir8N9VOq6f
catZfY/E1lP9ss4GKT3Me2Q74Y2BV5FyqkEEg1FD+2v8GriHzI/i38MpIxrEPh7cvimxK/2nMu6G
xz5v/HzIvKw/fYchSK/MX9v79gf4t+CP2O/HXiPxf4V/Zzt/D+g+J/HHxD1cXfjO9aOSDVtMu7a3
iXzdGVJLqKS6DJvKBnt4VVlL7o/YvBf7Dvj39rD9mm18e6XP8I7HVNX8KeCLXwpa6LrF1caNrNro
mpRapFcXd0LQNA8w3QqkUM4t1J/eT5wpRUZ2cnZL2fN15ebmb9eW3LZLV3ktE0VUioy5b7uai+/L
KKT8k1LnfZJR3aZ9fal/wUQ+CVh8RvBnhSL4n+BtR1vx7qt3omkQ2Wu2k4lvLVT58JKycSLIFi2D
L+bIi7ck4s/Dr4yfASDU/F/irwl4q+EKXt9rMWmeKdY0jU9OEtxqgCwxW97PE2WugAsapK28ABQO
gr5vtv8AgnH8YNT+Kz+IdR8RfDmxttV8U+JdUnt9LF6lxo1nrOmR2sjRSupF1cxyxAqDHbqQxckk
bD5La/8ABFLxppHwz8F2sfgT4S63408IeIvDEs+u+Ifid4m1warpmi3Xno0EOoWdyumSSKZovssA
eNFu5QJto8tzDLmcFVfK2oXe9uZrn+UOuvvXTXwswnNpTaV0nOy7qN+X0c1tp7trP4kfop8NP2kP
h58aNRms/B3j3wX4su7eCK6lg0bW7a/kjhlRZI5GWJ2IR0dGVjwyspGQRUWn/tP/AA01bx94h8J2
vxE8DXXinwjB9q13R4tetX1DRYsA+ZcwCTzIEwyndIqj5h615h8If2afG/w+/a81nxUx8Naf4H1C
PU7h7a31W5v7i8vLu5icSRwXFv8A6BhIVaX7PdNFPI5YwRlA5+avit/wSz+MPxD+J/jTXbuz+D+v
WetaJ438P2enXms3dnptzBrU9tPZTS2MemvBDLG0J89gJpZ3CytMxIRMpyfKpRX2JO395J2j85WX
TR30s0dUIQlJqUrLmSv/AHXq38l9z013PtaL9sX4R3Gu6RpafFT4cPqfiC7aw0u0XxLZGfUrlUSR
oIE8zdLIEljYogLBZEOMMM6nxT/aO+HvwMlgj8bePPBng+S5VWhXXNbttPMoaRYlKiZ1yDI6IMdW
ZR1IFfD99/wSE8T674p8A32t6P4V1nSLfwJoHg/XfD1n8SvEfh3TdCm0mWSSO7tY9Ohhj1SNnl3+
Rdx2+14lKyLuanftmaNB40/4K3W/hDwTa/B3UPiD40+CmqaLqtv4l1D7JefYpdQtwsuIYZprgxx+
e6QOEWRVkxLGAzVtWilUVOl7zbqJdL8kJSW+3Ny7u6ine7szkhUfs+ep7ulO/k5yjF6deXm23k49
FJH0x4N/b+8Kaj+0p47+G3il9J8Bah4W1Cw03RZdb1+yik8XvdWr3QazhD7iFjU/LkyHDEooAJ34
P2+fgVc+FdM12P41fCWTRNaluoNP1BfF+nm0v5LVA9ykUvm7ZGhQhpApJRSC2BXx54l/4JrfHHwv
4i11PDulfB3xBpy6z4Cu9M1jX/F+oWmqTWnhnyWc3Cx6TMqSztCcBZXVBKxJYjDd94A/Z+t/2jdf
+LV94O8SeG/Gnwtv7pJvCUNtf3Nvp1tqN3Pb3WsNb6jZtubbNbxvFNb/AOpuJ7lTuKsgTjHlbUr2
v06JQtJrdczclbSzXZjpSm1H2is3a6vs25XSe3u+67veN9bn1Vpfxv0XxV4j0CPQte8Faxo+t6dd
ait1B4gje5lihaJRLbQojLcQ5dhJL5qCM+WMPv8Alx2/bW+DafC2/wDHLfFv4ZDwVpV5/Z174gPi
ixGlWd1uC+RJc+b5SS7iBsZg2TjGa+OfFv8AwTF+M/xT8T2D67/wquwGr/Dzxd4K13xDaaxPNrVo
NZulubZFCaXbpqCWzRANLK9u8xup3KK4Jl9N+If7K3xm+LHww8Mw3XhT4GeE/E1lr1nNrp0DV7pX
1WyisLizNxb6kdMW4s7lVlQIkcZdYkkiF2olLKqqtBOGsu3b32t9n7qT0731SbOi0bpN6a307Rut
O7d15Ws7OSSvftXf8FUx+zleeN30f4dX/jzR/Cnw9h+IVlq2neILGO0121ku1t28lizYijUmVpDl
mUARRykivaV/bX+DyJrQn+K/w1t5vDF/b6TrcT+KLENot9O5SG0uQZMwzyOrIsb7WZlIAJBFfBWs
f8Eq/wBoy2/ZyT4fadbfBe7VPgjD8KBf3XjLVIWFyt2JHu9g0mQmPy+il9xYYJxzX0b4S8Fn4m/t
32N9ofifw9Ppmk6RBcfE7QNGuv7TtbLxJYqiafE1xhAkvl3MrurxJM62FkxVFAU7RhTajBO75p3e
z5VOTi7f9e0rafFKKbVzmm6ic30SVuzfJBNf+BuW72TsnofRnjH48eB/h3460Dwv4g8Z+FNC8TeK
2ZNE0jUNXt7W/wBYZfvC2gdw8xGRkIDjNULT9qH4Z3/ivxPoMHxF8Cza54JiE/iLTo9etGu9BjIy
Hu4hJvt1x3kCivKPHP7M/jdf2v8AXvFmm6H8MPGXgnx3YaPBqcfia4nh1Hw3daZLNJBcWkS2s8V2
u6VZFjeS2Mcse9ZCW+X50+O//BKT4p/Gr9ma/wDhtqOn/BvVz4R0HXNF8Ja5fahdrc+Ijqasgm1O
P7A4tGgLLct5L3Pn3NvFJ/o+OOZt8nN11/Db+uqd09GdNOMZVFGTsm4pveyb1fyX3W10aPuDS/2q
PhhrmjajqVl8R/Ad5p+kajHo99dQeILSSGyvpNuy1lcSFUnbemI2IY71wORVO4/bI+ENp4O8N+Ip
fir8N4/D/jG8/s/QNTfxNZLZ65c7inkWspk2Ty7gV2RlmyCMZr4W+J//AATU+PPxJ8XW1xN8Nv2a
hp1t4g8E6/biXxpqMkunvoAVZUiU6BtzPHvhDgqVj4IYMVFW6/4JA/FL4geLrrVvHHh/4d6vo+r6
l4lttR8J6P8AFjxN4fsJdM1nUv7QaVrmwsYHnkVmeGS0mhaGZQj+ZEwK1sox5rX0u/uUY2f/AG/J
uK/lteV1qYwk3T5pK0tNPVyvr15Eot/zc1lZn3n8RP2xPhR8JtZ8QaX4j+JPgbSNZ8K6Q+v6tpdz
rlsmoWGnoMtdSW5fzVi/2yuCSADk1Q+G/wC3L8IfinofgC70z4keCPtHxRsRf+F9Pl16zW+1pMZk
WCISlpnjIZXEe7YysDyDXh3g39hHx54X0X4heBLnS/hZqvhHxJLrep6F4tubq7l8RaLc6naNA9ub
aS3cMqeY0YuRe7zAqRtE2Cx840j/AIJLeNdV+KvhPXfGlp4X8WWLeH/Den6pZ2/xI8S6Ja+G77Rc
m3uLe0tES31hN4jlC3a2zJIjENh9qzTSb97Z8nk9efnVu8WorVpPe9pJiqOS+Ffz/g4KD6aSTk7J
XWitdM+l779vnwxP+3J4e+B+if2V4i1TUtN1G81e/sNes5m8Oz2iwt9jubVHaeOZ0nRx5ixrtOQW
OQPRPEv7SHw78GfEiHwbrHj3wXpXi+4sn1KLQ7zW7aDUpLVAxe4W3dxIYlCsS4XaApyeDXyf+zt/
wT8+Mnwt/aK+D2ratq/wqHhH4PW3iPSzfW0N5c674qttTlhlSaVSkMVrcb48ykSXCuwZ+sm2PrfF
n7EPj7xP8aNfs55PA1z8Pte+IOl/EiLxBJdXCeJ9JubI2hNglsLcwyxuLTy1uftMbJDO8fkvjcVT
jf2cW7XTu/8At+23S0HzW3fLyfFJM0npzNa26fJ/fdpL/t7mXuqx7X4f/bU+DnizStHv9K+LXwz1
Ox8QwXl1pVxaeKLGaLUobMZu5IGWUiVIB/rWQkR/xYqzZftefCfUvAmneKbf4ofDy48M6usr2Grx
+I7N7C9WLPmGKcSeW4TB3FSduOcV84/Fn/gmt4y+KfwY+KvgE+KdK0zQL+/e78BG0uru3nsYZ9Si
1W6tbySEJJFG9zEIVa3cukPzKwb5RyfwR/4Je+Jfhj+1R8I/iND8OfhbpEvh3Udb1PxVdXXxI17x
frbXF9Zw2izW19qli0852wqzI7wKucDccuzp8smubS6Xqm9bPZbaOzdmuqaZFXmjFuOrTa+Stquv
3paeas/afjZ+1v8AFnwl+13H8LvBPwy+G/iG2uPCsniuHWvEHxEvNDXyIriK3mjeGHR7vaweVSp8
wqy5JKkba5v9oT/grf4W/Zz+GfiFNS0zSta+LnhHwZB4z1jwHpHiiylmtrd2CyFLmQxmaOMbpC6Q
lzEFYR5dEbnf23f2E/GP7SX7Zum+Nr34Lfs6/GDwPonhGfw9Zab4/wDEVzbXMdzPcxTyXaRjRL2O
FkEZjUo+8hydy/drnP2rP+Ce3xv+OHhL4inR4fhDBqnxQ+E9h4Av9Putb1GKx0ee3u72TEM32KWS
eEQ3uPNeNGdrfBiQTbolhrOnB1N7yv8AJ1OX0TSheyfqmzT/AJeT7Llt539kpdel6j1a20TR9bj9
r/4Ux/DTVvGNx8TPh7b+FvD12dO1jWJPEdmun6TdqVVra4nMnlxSqzKpRyGBYDHNWdW/ar+F+g3F
tDf/ABI8BWUt5DHcW6T+ILSNp4pIZZo5FDSDcrxQTSKRwUhkYZCsR8P/ABH/AOCY3xo+LXjjxD4i
vtM+G/h5Y/GumeMNJ0Tw78Sde0hdUEGhf2NNa3Go2On211ZMECzRzQCXJ/dvHtyx5/Tv+CLfirwl
8O/2kPDHhn4ZfATQtH+L/gDT/DGhW8vivVNUktL+B7l3ub24utMeeYo12HSYu8jNYW/yxhgIG7cs
n1sml58qbX33S3213QUlFunGb3td9ryS+fKtXsn0tZn36n7Wfwrk8FeIvEq/Ez4ft4d8IT/Zdd1U
eIrM2Wiy7Vby7qbzNkD7XQ7ZCpwynuKyPBX7cPwo+JPx5j+Gvh7x54W13xdNoEXiaG0sNVt7g3Fh
KxCSx7HJkBA35QEBGViQHXPxv44/4Ji/Gv4qalql5f6b8MvCkVnd+F9X0vTfDXxE1zT/AO1J9JsJ
7KS1uL2z061ubONluC0c9uXdDbxAxMpKj2X9ib9gHXf2S/j6PEWm6d4W0Dwlq/gy30a/0aHxNqvi
G702+i1LUb5xFeXyCW7jlk1FmaeUxsDGQIcODHUYR5nd6JtLzXI3d9ry0S12s370W8lJulzNWlZO
3m5pNedoat7O+nwtHqXhL/gol8EfGGieP9Vh+KHgaz0f4Yaz/YPiPUb7XrS2tNMucLgSSPIFjUuz
RqX27nikC525PoPiD42eDfCXwtfxzqvi7wxpngqO1W+bxBd6pBDpS27Y2zG5ZhEIzkYbdg5HNfK8
n7Evxe8BfELU/FXhmX4ba5NpXxO1PxvoujaxqN5aW2r2uo2LW0yXM6Wsxs7iEuxiaOG5VgrZ2+bi
Pote/Yl8beF/2HdL+H3hGfwZJ4ltvFieJ5re9JttMtUk1ltSmtLKdrW5a1MIkMcFwtuXQxoyiJsM
mUbunBvSTVO/k5KPPfuk29trW3L1U5J7Jzt5xTly+jaS33cr6WZ9LeA/H+hfFPwfp/iLwxrekeJN
A1eEXFjqel3kd5Z3sZ6PFLGWR1PqpIrxDxj+2n4q+FvxR8YaZ4l+Ftw/hzw94Vv/ABZZXmheILfU
NTngs3RWhu7WVIILSWcMz24F1KsiwybmiZCo0P8AgnF+zX4k/ZG/ZasvAfii50y8v9M1rWLuCey1
S61JZba71K5u4PMmuUSZpVjnVXL7yWUne2c1w9l+wLD8Yf2vdW+J3xF+GHwj0EXWkah4b1KHR76T
XZPiDYXHkJF/bCT2FrERFHAAsTC5xvwJQq4a6iSqtQ1jaW/+F8v/AJNb8dHqOlJct6i1uvwlr98U
7b9NepqeBP29NV+KX7Z3hf4e6d4Q1jQ9BudC1C61yfWbezae21GKLT7iG0jlt7+TDrb3qPIDA8Z8
6MJPuSRB9NVwmmfstfDHRfihp/jiz+HPgS08a6TYrpdlr8OgWkeqWdosZiW2juRH5qRCMlAisFCk
jGOK7uiTjZKPS/5t/r8lpd2u4jzW97fT8lf8f89L2XDfF39pHwf8CtU0qy8Taje2t1rMdxPbpa6V
d3/lwwKrTTzG3ikEECb0Uyy7I90kabtzqp4r/h4l8K00u7vZdQ8X21tYeJZfCN09x4H1yD7NqEUD
XEocPZgpAkKPI10cW6qpJlApv7ZP7I+q/tQR6HJo3irTfB+paN5iQ6q2hNeanp4keIvNY3Mdxby2
twFjwCWkhJIMsEwUKOL8I/AG2+MH7VHxH8caTJ4t0XRr/Qv7DMGueH2tLG710LNZz6olpeQpJcFb
RLeHzWBt5oyBGXXcahXcfP3tPSzTfk1ePV8zi3ZXRo+VWfTT73pp6XUv8MZLdprZ8W/8FPPh14e8
YfDLR7W08b6lN8TfEEnh+3I8IavA+lyJYveb7mJ7USRAx+U37xVAjkMxIijd1L3/AIK0fs9aTe21
tqHxHtNJuNSvrXT9Li1LS7+xfXnuZDFbyaeJoF+327uCBcWvmw8E78DNcZov/BLfUrCfwjLL8RbW
2j8H+LbrXbHTdL8Py22lWGnXGkzaW+n2lvLeTG1PkzGTejmIS7mW3RW2Dy3wn/wQnn+FHw/8PeHv
Avif4K+Em8K6/pGp2muWnwbii1/VrTTbyK8gttUvYNRia8lMsEO6ZViDASFoy7K6bRVNzipNqN43
fWztzf8AgKvbvrorLmznKSptpXlZ6X3a5rdOui8rrf3mvqP4Uf8ABRb4QfGvxhoOgeHvE+oT6v4l
ub6wsYLvw9qen/6ZZbjdWMrXFvGsF5GqO5tpikxRS4QoN1a/xj/ba+GnwD+KGieDfFWvXlhr+vG1
EEcGi397bWv2q5+y2zXVzBC8Fms1x+6ja5kjEjgqpYggfP8A8Ov+CY/xQ8G/FHwT4jvvjH4G1CPw
n8Sdb+Ik9rB8Orq2a+OqwSwT2aO2sP5QVLm5KSFZCGaIlWCMsnU/tvf8E3tb/bH+KthrjfEa00vR
dLGjXVho+o+HpNUTS9Q07VFvhd2zC8hSNp0XyJSYmkKKm2RAGR5goN0XJ2Ta5/JWu7adNlvdq+zR
crc1VJ6K/K+/vNK6/wANpPbe2rVjX+Ov/BWH4RfBPwT8QtTXUNe8Q33w80u81Oez0/w9qTxaoLWR
YZ1tLr7Obe5EU7pFM8DyLbs373Zg1auP+Cmfwh8M3+uaj4h+Jvh/RdJ0saHYzaTqGi32n6tpGoak
kstvb3Imw5mmiCMtsbeOaERu0mQ6hOYvv+CcXi/Vv2Z/iX8GLv4rWE3w38Y2mqW+hxDwnt1fQTfS
SzFJ7r7WY7uCKSZiirBBJtVVaV+WPKfHD/gmD8WfjF4p8Zagvxt8C2Mfi+bwrcNHN8NbieS2fQbv
7ZD86axGHWWYsGG0ER7VB3AyMQ5bRUnvy3fZX97TulfTXW2r2Jm3dJLTW/3Kz6aXv2drppaHtepf
8FIfhBpfwyj8WSa/rsuny6xeaAtlb+E9YuNZN9aBzdQf2ZHate7okRpHPkYWMeYTs+at/Sf21fhx
rX7Ltl8ZodZ1NPh5qVtHd2d9PoGo291exyyiKDyrKSBbuRpnZBEiQlpfMTYGDqT8U/td/skfEH4e
aNBZ+JPGF3r1r4r+IGo+NG17wf8ACjxLeHw68tj9m+xPFoWsjVwJQ3E8E0ce2OVJgyyKp+nbT9nT
xh8Tf2ANH+HdhrOmfCvXLKG1tLO50bQ7m109LO0ulMURsPtguIbe5tolSS3+2CVEmdDLuBqY2dHm
+17norx9+/pLbyV0pXQ1pUXNpFuXq0pNRa9YpN9m7Ox0mkf8FCfhNrvg7QdetfEGqzWHiGS/jtx/
wjeqLc2hsJDFeG8tzb+dZLBKBG7XSRBZGRCdzqp2P2l/2zvhz+yDY6fc+P8AW7/S01OO4uIhZaJf
6tJHb26q1xdSpZwytDbQh0MlxKFij3rucbhn548Of8EjdU8D/Bi18IaD8QfDWivp/iPWdb07VLPw
U1te6DHqV8LuRNPlivkktpovmjR97QspXzbebaBXf/8ABRP/AIJ+ar+3p4UtvDw8fR+HvDkuharo
up6XfaK+q2l9JeQokF8sa3MCrdWrpujaQSqBJJhEcrIrny2i499V5Wv2te+nXXV2RpTUHV5Zu0dd
fm0n91nb1XY9p+Lvx78KfAz4cjxX4l1OW20WSSCCBrSyuNQub2WdgsMNvb26STTyyMyqkcSM7EgB
Sa8Ys/8Agr18A7zwbYeIP+Eo8UQ6XqN1eWiSXHgTX7eSD7HNHBdzzxPZCS3tYJpY4pLmZUgSQlGk
DKyjL/4KM/D7Wf8Ahh/QvCca61qVxBqWjwX2saF4U1HWpNMS1kSU3q2GnXUWpgb4VVTY3AuImkV1
cBWYeFTf8Er/ABR+19+yza+EL7xlpHhfweNK1TTrW0uvAOsWyapLevBdxa5Jp2p6q95DqUVz5waS
/knncl5B5DybqukqbqTUn7qla/8Adsnf1b0StrrsotmPvckHLSTSb62d2n92jfl6o+kPDv8AwVI+
GuqeJPiXp19B400xvhv4nj8KMP8AhEdXup9du2tI7kpYwQ2rSXTqpkJjgEjrFEJmCxSI7XNX/wCC
pvwR0fQNa1U+JPEN7pvh/SbDXL2607wbrd/Eljeu8dvcI0Fo4lQyRyI5j3eU8brJsKMB5J8af+CN
UHxpvfEN7qvizwlrU2oeOIPH2naZ4k8Cxa3oMV9/ZEOl3MV7ZS3K/bIJIot8arJC8LsDvcqDXU/E
b/gk54d+JvhzwfoU+oeHvD/hjSPDOo+Gdf8ADnhvwtBpWi67BczR3UCxWySEWsdtdx+aiZkYh3Vn
JZnbNuKjF72Ub+b5Lyt01novJ32LTu7NWvfzt72l9Nfcu/8AF1S37r4h/wDBTj4NfCjXLvTvEOv+
JNOu7C8ms7oN4M1t0tvJ8jzrl3S0KpZxm6gV7skW6tKFMgbIGzcft5/De21bxXYNceM2u/BWt2Xh
3VYo/A2uSMl7eMFtkh22Z+0o+5W82DzI1V0dnCurH5+/aD/4I/eIv2hP2eNA+H+rfGCG9trbwzqO
la5NqnhZ7yDVtWu5o7ga1HbJexRQ3MUyNtEnnlEciNom/eH0nSPgwnxL/bt07xlZv4psofA2hNpH
iM3Gh3OlaT4h1WHjT5ohcKrXSW8V1qJEkLyQ5uEHmM8Q2aKMLxje71v6R6rtzJWSeznC+qaebcuV
ytbTTybtZPvvrb+WVtGme4/GiLxrc/D26h+H114csPFU00Edrd69YzX2n2kZmQTSyQRTQSSlYfMK
os0e5goLAZr4Mv8A9vn9qPwH+zF4s+LeoXXwA8T+HfBni/VfCur2UfhzVvD89lDZas2n/wBopK2o
3izlim42pSHHmf8AHx8mH/Qnwvaa3aeD7ODW9Q0vUNfjtwt1eWWnyWdnNNjl0t3mleNCedhmcgcb
z1r5Dtv+CZvxMl/Yv+IfwnvvjB4JmvvHXi248VRazb/D25hi083OpnUrm3Ns2ruZQZjtRvOQonBE
h+YZR92T67enxRW3bl5n0eujva2tWzo8q+Lm/DlnfX/FyW39LXv7DL/wUY+EcfgW/wDEC69rlzBp
uuTeG57C28K6vcayL+GITSwrpsdq16+2FlmLpCU8phJu8s7q7jU/2kvA2k/AmL4my+JLCTwJcWMO
pQavb77iG5gm2+U0SxhnkaQuiqiKWZmCgEkCvkH4k/8ABGvxB8bPFHiDxD448c/Cfxlq9741PjLS
7DW/hSdR8PW7yabDps9td2Fxqkn2pTBbW7RyJLBJFKjtuZX8seu/tg/B5/AH/BODWfAfh7QYpoYb
C20xbTwr4QaW202BriPzZbbSbSVJjDCm5lhtZPtICDypPNCyUVWlSvH4vd9LuK5rvTRSbSd9Er6r
UUFeoov4ddetubTTvy6+b7bD1/4K5fAv/hDtR12TW/HEFnpOpz6Pdwz/AA58SQ30NzbwG4uVNo9g
LgpBEN80gj2Qgr5jJuGbkn/BTv4aWXxw8Z+DbyTxFa2/gzw5pXiKbWj4f1GXT79NRkkS3gt5Etys
00hWIRRxs0k7yskSO0UgX5w+HX/BO3xT+0z+z23hi48YWmmeC7qfUZr46t8P/EWny+MWv7M28k1/
Y65q02oyXVq6RtFPeyyI4O37PiOOSu4+JP8AwRni+LXhHVtH13x5YX1rq/hLwpoU9tN4VjuLKe+8
PTzTWlzNbzXDrNaSGUiWzf74GPOAOKuyV+bpy/inzfc1out0rrWSzhNyttrzXd9rTjy/fG93Z2td
K9kesH/gqn8E/s2pSjXfFsh0fRLrxDfxJ4D1957K0tbhLa68yIWRdJ4JZIxLbsoniVw7xqnzVP43
/wCCoPwa+HVrcTavrHi+BbaOCZli8B6/cO8c1kL/AMxFjsmZ0jtSJZmQEW4ZRMYyQDwcX/BJzRLn
wJ4G0RpPhx4YtdC1C/bxJpvgj4fweHdD8T6Ze26xXem/YxcSmFJ2gtXkkeWZm8krwGXZheIv+CQ2
r69+zB4Z+F8vxYbUdL02HUrLXP7W8Om7tfEdtPZrZWfm26XcSmazt4rdY3lM0bGNmaIsylIqO0JO
GrSVvN3d/RWsl1um2rWNadm48+ibd/JaW9Xo79PejbaR7jqv/BQT4X6RqXiq0fUPFlzN4M0yw1nU
TZ+C9bu43tL5lS0ltXitGW8EjHAFsZSCkmQPLfb1nxS/ab8G/Bi60WDxHqGo2c+vwTXVtHDo97dv
FBCitLPOIYnNtCm+NWkn2IHkRCd7qp8D0j9mRNb+Ovwa0FLzxXNd/BXQ4dM8VapH4fuNJ0TxNBDD
by2MAecMtwy3cUVyBbTSiIwypI6lwjek/tk/sj6r+1BHocmjeKtN8H6lo3mJDqraE15qeniR4i81
jcx3FvLa3AWPAJaSEkgywTBQo1lGmpxSd05PX+7d2ltfVWdraee6xpSnKP7xWdk7dpNK6+TvrfVN
bNarq3/BRT4VaFYeJbq91DxfbQ+D/ES+FtXaTwNrq/Y79ojMBj7Hl4BCPMNym6BY2RzIFdScPxb/
AMFPPh14e8YfDLR7W08b6lN8TfEEnh+3I8IavA+lyJYveb7mJ7USRAx+U37xVAjkMxIijd1xW+Ad
v8dv2wvFXi7SpfF2i6Zp/h2Xw/frrGgPbaZqeuKJ7aG/igu4kN35FpNcRmVQ1tMlxGFaTyzsxtF/
4Jb6lYT+EZZfiLa20fg/xbda7Y6bpfh+W20qw0640mbS30+0t5byY2p8mYyb0cxCXcy26K2wZQ+F
Sl1Sa89bO+9k7c6evutKza10k9XFLa6fk7XVu7i2otO3vJ3stDurr/gqt8ANLsbi61H4iWmjW8Vz
a2tvLqum32npqpupGit5bEzwoL6CR0YLPa+bEdp+fANanw//AOCjvwe+J3jbR/DmkeJ9RbWtb1i7
8PW9teeHNUsDDqdrG0stjcNPbottc+UrSpFOUeWNS8YdBur5i0H/AIIUyfDX4Et4I8C+Jfgx4Qns
9Q0mWx8SWfwdhi169s9Ov4L6GHVLqDUImv5jLa24aZfIDASFo2dlePttL/4JkfFK2+KOmeJbr4ye
BJzY/FeX4oyW0Xw5uohK8mnHTnslY6w21fIdyJCGIkKnbtBQ6U1TckpvT/gwt36ObfnGyvdNlTRP
k3189oza7byUF0spXdrNL3L4y/8ABQL4TfAf4h6l4Q1/xLeXHi/SNJXXr3QdD0LUdf1W1sDII/tT
2thBNMIgzDLbcAZY4UE1z17/AMFWfgDpHhu91nUfiBHpGk2OiaR4ia81PR9QsIJ7DVc/2fNC80Ci
czFWUJFvdXRlZVZSBp+KP2TPEHir9sjVfiTN4x0mPwzqvgWTwS2gJ4fk+3Rh52nNyL77XszubGw2
3QD5s81833n/AARh+IM3wgg8MxfH/T4ZrXwHonw+jB8AI2nSWelX7XVvcSQ/bvtBuChEbFLlIyWk
fy8FEjzo2cF7XR3/AA5qifzsqb/7efayKn2+Tolbzdqf4K9RW0+GOtnr9LWP/BRT4R6lo897D4h1
d1s9Wu9Eu4P+EZ1UXdhcWsSS3DXFubbzoIEilhc3EqLDsmiYSESIS79uL4o/EL4R/B/S/Ffw+vvB
trb6drenf8JE/iHSLnUI00ea5jhuriHybq3MckEchmy5dSsTDaCcjxLWP+CXnxG8W6t8QdQ1r4te
ArjUPGviJ/EdjeWfw5ubO88M3EllaWDy2dyNXM8U62tooSRJEAeSRpEmTbEv1h8RvhPp3xX+DOt+
CNeaTUdL8Q6PNo188wBe4jlhMTsccbiCTxjmnJqMIzWslytru7Jyj6c1477W9Qirz5JO0XzK/ZXa
Tt35bP17bHylpn7Y/wAYbuD9o3wyfEvwhuviD8NfFOlaH4TjtfCmoNaSxaitu1ob6I6nvkeR52gZ
oniWJrd3IkH7sdx+07+2n4s/Zv8Ajn8JdAk0vQNV8J6pqdjpHxA10pNbnSptS8220xrWPewVZb6L
a4kdyiPGMktvDfg7/wAE5bn4afEv4b+K9S8f3PiDVfCujz2fiiRtIWA+Nr4zPPbXkx81vJFvLPdM
kQ38zL84EYDcd8ef+CRNr+054F+KFz44vfhRrPxa8ZX/AJ/hj4gt8N86p4It0EQtooGkv3mLwCIs
jRTwJ5js7RsWcPS5YuF9Urc1vtKNo6X2c1zT3SV1fVWZ8XMtr3s39lyV7u19IOy6t9FZ3NHxP+3J
4/8AgV+3VrHw7+II8Hn4beIYLKDwv4wsdHubQeH9VvpLpbPTtUR7uUTrKLfCXMZtlaUCMohkQ15J
47/4KD/Gv4R638I4fHnxp/Za+Hei/EmDxAZ9e8ReCL+xsbGfTbhI44lM3iKNWadJM7TICpQ43A8e
/eDv2G/GnjmX4h2Pxy8ceAvid4c+I3h2z8P3+n6N4Iu/Dso+zGXZP5z6rd/OfPkb5EQq4RkZNuDy
Gl/8E2Pid8L9W+DM/gP4z+FoU+DPh7UdDtX8X+BbvX7vWXvpEM9zczQ6vaFn2QwgYXJfzHYtvCpm
1blSd7dddVaVr7ap21W6cbpuMmynJyblNWTT089LWtfRrdO1mpW0kksyH9u/4r/DD9oT4GW/izUv
hR42+EHxb054rjxP4Y0a9017C8nmVNLulNxfTqbW78yCPy9rNHLKo82RSGr0LwB+1x44+K3/AAUw
8T/DHSovC1j8MfBfheHVLi8nsJrnVddvXuri1lWCdblIreGCWHY2+CVneOUAoMGsPxr/AME8PiD8
a9Gv9C8f/E/wLqPhnUPCl14fFloPw8l0abS7l7hLi1vLKQ6nMsItZYbdo42jkbMWTLkgr0fwW/YZ
8VfBT9reDx5ZePfD134Ph8H2vg86DL4VmGqzpDLLcm7k1H7eUa4kup5pHb7IAyvtxuzIdIOPNDm6
Opf0fPyXtu07dErOO3KyJX5KnL/ct8nDmfldc27v7r/mR2/ij9u/4V+CvjsPhvqviaey8UhjE+/R
77+zYZhaPe/ZpNQEP2OO4+yxvP5DTCXyxv2bSCcL4d/8FPvgT8VrW6utC+INnd6fa6FP4lGoSafe
W2n3WnQXH2aa4t7mWFYbgRzbUYQu7KXjyBvTdwnxg/4JseJvij+2BpnxYHxN0wy+GfEkHiHw9Y6r
4Yl1CXRVXS5tPnsY5hfRKtrK0v2jbHFG/mht7ygrs8w0j/gjJ8Q5/CvhHQdb+OfhqfS/CPhvUtBt
5dK+H09hfNLdapb6rHdiWTVZow0V1Z2n7sxMrxrKpwZAyRTs0ufTR39eVtevvcsWrrrrZ3WtZJSX
s3pZffzJNdPs3afmu1n71+w7+2vqH7XPxO+M1hNpltpuh/D/AFyy07Ri+n6hp+oz289jFdb7y3vo
YJoJv3gHlmJQoxhnBDGTxD/wVd/Z98HanLaa38R7LQpPtMVpZvqmnXtjBrTyTeSrafLLCqahGJfk
aS0aVEPDMtWf2Tv2O/FPwL+KXxR8Z+MviZJ471n4qzWFzfWlnoEOjaXp0lrZR2m63j8ya4G9YwcS
XDhQABzlm+aYP+CC48C/Di48NeAfEfwY8Itbatp99pniMfB6KXxRJa2mow6itrqOoxajC99umtrc
GQLCSqNvEjkOtRUfaQjJ+7aN3u76KXbzei11t0TNHFu9nf5W1ffpstf8z6a8M/8ABTT4MeL9estK
sPEmtS6nfalfaKlpJ4U1iGePULOFp57GVHtQYrswo0kdvIFlnQbolkXmuB+Pn/BWDwja/sx+K/FH
wlu4PFHi+x+H1/8AEXQrHX9G1fSdP1LTrKXyriQzSWqjzI3+U2+Vl3NGGEauJBgaZ/wTH+KUHxQ0
zxLdfGTwJObL4rS/FGW2i+HN1EJXl046c9krHWG2r5DuRIQxEhU7doKHmvFH/BGLxnrvwvk8MWvx
2t9NtbTwl4n8D6cqeB45YTpmt3Uc7/a1a7Mk08OzAkhkt1ZliJQKskcspJxjzXV4626S9ney8vaN
R9FJ6XTV0ZRjXi5q8OZX9PaNf+mlzPzkktmj3rWP+Clnwt8C65a+HPEOs6sPFv8AZiXlzaab4Z1S
9tvtB09tQNmlzFA9ubs2yPMtr5pnaMBghBBOb8J/+CrXwl+I3wp+HvibUL7X/DT/ABC0u01SKzvv
DmqD+yI7l/Khe9m+zCO0hlmDRw3FwY4bgrmJ5FIJ848Rf8EmfFfxB+MPhXxf4p+LWka1ceFL6zvb
NP8AhEJkeyRNFl0u7tLR31F1trWcym5VFRmSXPmPcDbtxPDP/BDnSdD8QfD3VtV1b4XePNR8JeEt
L8F38njT4X22uh7PTS4tZ9M826B066CSNvdjcxyMEYxfKFro/dOUuZ7yja38vvOX/tq69d0c75o0
oqOsuXW/82it6bu/oj6++F/7RvhH4y6/qmmeHtQvru70eSSOYzaVd2kUwjfy3kglmiSO4iEmU82F
nQsjqGJRgO4rwz9m39kDUvgD8ZvFfiVvFGmT6P4hg2RaHo+htpFr9oad55r25jW5kt5bp5JJMywQ
W5ZWPmiZwHHudc+nLF9ba+v9eb/Qpv3pJbX09LL9b/1q/n79rj9qzxV8IfjX8Nfh14V8JahqV98T
YtWUeIAtpPZ6AbWzaRZpIJbu3klVJHikdUyWjR1XLsMeK/snf8FhdHh/Y50DxV8ZrfxFomsWXw+0
/wAZ6nr95Y2djpWvrcXAtHNpif8Ad4uWSPFwsK4ljcMyEyD6Z/aF/ZT0z9oTxT4R16XxJ4r8K654
Ka+OnX2hTWyS7bu2MEqOLiCZGXGxxhQd0aglkLo/g3hD/gin4N8O+FtF0DUfil8YPE3h/wAPeFI/
CGnafqM+ixJa20N2l5azrJbabDMLm3uIoZI5fM6wpuDgsGmF0pKXXr1tapt0vdw33V7vRGja5V1d
16WvHmv11ipW3s7WtdnWfD/9u/w3+3n+xL8R/GXwn8U6r4Z1LwxDf2E15ZT6Pql3ot/b263ACyxN
fadOCjxndG88ZVyMhgQvl37LP/BViw8J/CHwn4f8bR/GD4jeMbHSvCd54t8US+G9PsbKzk8RkC1m
Hli0jltUnYQ7rWGVlGM+YyTOv08f2atSv/2edd8Bar8U/iNrd74gtZbOfxVeJpA1mKKRdpEaR2KW
KkJlcm1JOSTub5q+dtK/4IiaNo/hzUNLj+P3x9eHUdP8P6U7ufDPmR2uhTGfTIlI0Yf6qQkliC0n
8Zat6cqaqz5l7r9nb5c3Pa+qTurLyV27XeDU2oa7c9++rhyvs7JS30u7210TxF/wWv8ADHwc8P8A
jnVPiV4O1vwjBofj288FeH4brWtBsm8QNaQLJO6z3WpRW0bJh3Inlh3LJEkYlk3LVqx/4Ls/CHxH
8JfF3j3w/wCF/i/4l8GeBdNstW1nVrDwnIsNvb3kDSwOiTPHJMp27WeJHRCdzssYaRe81j/gmH4a
ufEF9r2lePviZ4a8VS+KJ/F2na3pt3p5udDvLm3EF4kEU1nJbvDcqCZI7iGYbmG0oEjCZnjf/glP
pPxE8NfGbS9W+L3xhuYvjlaWVlr8pl0Qy20dsmwC2J03935ke5GDhwFc7BGQpXKk0oRVTVpRvbuo
xUvW75n0s+6sW789/s80n/265PlT9I2WjfXUq/E3/gsb8M/gt4G8Rat4x0fxV4S1DQPFEXhNdH16
40jSbjUbqWxTUIZIri5vo7GOF7R/MDXFzCwIKMqy4jNn9i//AIKe2H7dfx88QaF4L8Kay3gSw8I6
V4j0/wAVzTWL29zLeS3cZheOO6aUYa2ZF2xkbrefcyqYTIxv+CUGk3Pi/WfE918YPjFd+LtR1uz8
R6frjNoUV34e1C3sTp/nWqx6YsJElmfIkjuI5o2XnYG+avVfhf8AsjaZ8L/jlqfxDXxT4y1vxHru
g2Wh6s2o3VuYNT+ySXMkV1IkUEYWbN3Ou2PZCFZQsS7VI0j7Oz5uy/8ASdfP4rvpbTdXspuXKlDs
r+vMm7eSjot29b62v83/ALIv/BUu88PfDcRfHZNZiuG8R+L9Lj8dQaPa2Xhu+bRr7UCbWOGO5luo
ZFsrJ5B5sZRhE48+SQEGrpv/AAXj8E/GHTdLT4UeEtc8ea1P4x0bw5fafY6zoF09rbagZWiuhLDq
bW+ZI7edVieZZY3A86OPgN69b/8ABK34aT6pq0OsXPibxL4Rv77V9Us/CWqXMEuj6Leaslymo3Fu
VhW5Z51vLkYnnlWPz38pYwaup/wTwsr74aaH4Y1r4qfFnxHB4U1zT9b0C9v7zTVvdF+xH91bRvDZ
RrJGULI0k6y3BViRMGCsopRc4t6K8L+nOufvry6JLRq93e17xXvc7o6N+0t2TafJbyV9ezSSvE56
3/4KweGo9e8OaXqXw6+I+hX3iPUPEOkrDqNxoMMljd6LDLNdQzKNTLEvHEWjaMSIVeNmZFYGuWg/
4LwfA3TfjIngbxLNq3g3W4rWSTUI9WvtIebR7qKxa+lsrm1t76a7WRIFYmZYGtS48tZ2kIQ+gfFD
/glt8Ovix448V+INQ1Hxjb3/AIu13TfEE4tdRjSOyntIooJEtw0TGOO7hhSK5GS0iZwyHBGxf/8A
BPnwxfeMvHk//CTeNIvBnxP8+XxR4FSezPh/VbmeFYJrklrY3kTyIq70huUicgloyWYnJN8mu/L/
AOTWWvo7yS0veMb6Skyny+0/u3+dm3t0utN2k05bNI8h+GH/AAXp+CfxjeG18N2fjHXtZu9e0/w/
b6dosen62zyX6ytaSvc2F3PaW8cghl+W4njlQoQ8aHAr0D4qf8FGINB/4Jw+MPj94Z8FeJb+XwzY
6izeHNS+y2t/aXdlcy2k8VxicxbYp4X3mKV9yoTGXJXMWs/8E0W8Q+EPBui3vx0+N11B4A8QWmv6
HLNLoMktobVGS3tWLaWRNCgZvmlDzscbpWwANfwb/wAE5/D3h/8AY48b/BLWPGvj/wAYeG/Hkuqy
3uo6tLp0eqWx1KWSe58l7W0giA8+WWVd8T4aQjlAqDV+zcZb76d3G0fkpN81+isrPvlSc1Ug5Wa0
uul7yv5tL3VHq1e6ueUfDr/go74p8DftOePNF+JWgeK38OXGs+E9M0iGz0ewjTwQ+s2+I4dRljvJ
PPc3TJE0ls86qSh2ImZD3/7I3/BXH4O/ts/HHW/h/wCBtWN7relWM2qWzDUNNuk1S0hmWCWZEtrq
aa2KyOg8u9jt5SGDKjLlhh+N/wDgkXp3jrxH4i1Of44fG+2l8UavoeuXscT+H5ENzo5VrIqZdKdg
gkRHZSxDFccLlT61+zD+x9Z/so28ul6D428c6l4PtkMWieF9Tmsn0zw1GzFjFatFbR3LJzhVuJ5g
gACbBxRDktefnou3LHl111Ur9+ZbtNpmcYzUEr66X9bvm+TVrbW6JrR+O/B3/gq1e+Or5YNa+C3x
I0yPVvGniLwdo15Dd6E1ncXOkpdP5MjtqYdJphZzqpKLH5i4LhMSttfDn/grB4W+K3gbw3r+h/D7
4j39t4v0e21LRooZNEml1C5uLm5gg0xdmosgunFncS7mYW6RxMXnQgqOg1j/AIJp+Cda+GPiLwk+
veOINJ8QeNG8cL5GoxRTaXePeteTQ2ziHKQzSSTq+7fIUuHQSACMJFH/AMExfAWl+DfEelaPq/jL
w/c6z4ubxtpmqWF7At54U1Es7j+zw8LRRwB5rlvJljlRvtU4cMrlaiLXKubpy37tWjzeXM7ya6Xg
r6SZ01nHnk6S0bla/rJxv5WUE7a2lJrVIt+J/wDgo/4L8DfsieLvjDrmgePtM03wDPNZeItA/sX7
VrukXULqkkEkNu8kR270fzUlaDy2Enm7Pmrjfib/AMFjfhn8FvA3iLVvGOj+KvCWoaB4oi8Jro+v
XGkaTcajdS2KahDJFcXN9HYxwvaP5ga4uYWBBRlWXEZ7n4i/8E/NA+Jn7I/jD4R3vjDxzb2/xBaS
XxJ4mt5LAa7rEspTz5XZ7RrVGkSNYyI7dFRAFjWPC44xv+CUGk3Pi/WfE918YPjFd+LtR1uz8R6f
rjNoUV34e1C3sTp/nWqx6YsJElmfIkjuI5o2XnYG+ah21T3sttr+7zWvrb47Xs7NX11FFrqv5rfj
yc3ys5cvVadjg7b/AILh6H4i8VXGp+GPhh4/8afDG18F6d4wn8S6NcaLi0hu7y5tTJKlxqMLCKF7
WVXMayMDG7YEYV39W0X/AIKceGNW8ZeKtFl8F+OLF/BHiq48L69dTXGjPBpaw6d/aUmpSeVqDv8A
YxbFGyFM26RUMIbcBv6p+wH4Y8TeMdZ13XPEfjTXr/xR4LPgfX/tl1bCLXLXfdOJ5kjgRRMpvLna
sQjhAkH7r93Hsy/hf/wTH+HPwy1y9v2uvFHiI6x4MXwTq0GsX6TQazAXmea9uESNN97P58gklGAV
OFRRTnbllyb2la/fmbV9tEko9H799HEWjmnd2fLfa9uWKk1uruTk9dPdW/Mc14y/4K7eCfhZYySe
MvAXxf8ACtxPLpzaVa3Hh6O+m1y0vrlbW3vYPsU86xwmZ40ZbhoZo2liV4laRFbm/wBmj9vXx7rn
7Qnxi8HeJfC3inxjrOi+NrSw0rw5o1to1nf+EdGuNKtbsT35fUPKeNHmZWlSeV5H4jiHMab/AI0/
4JIaD8QPh1BoGq/Fz4yXlxp0+nDStYmutHm1LSLKwu4ry20+JpNOaN4BcwW8jSTxyXEpgjEkzqCp
v6P/AMEtNJ8NftMeKfi3pfxY+LGmeNPF2qrqd5cQDQtixi0W1NkA2mEtatHFbEpIXIe1idWV97PU
PZptv+8vleDh82k1Nrb3lHRq42/ZO9ubTbvb3tX0vflT/uuWqdvUf2Zf2stF/apsdVvdA0fX7LTt
NnaGO8vfsr298FlliJja3nl2OGibdDN5c8eV8yJCwFeL/wDBUqb4qfDnwPF448E/GbxZ4BsU1fw3
4fi0jSNH0S6hma+1qGzu7mZ7+wuZC/kXKiMRuiK0WWV8kV6h8N/2KLT4XfELXvFWn+PvHk+veIf7
Nguby6GlyymzspGdbNm+xAzJKZJRJNOZLnErBJo8Jt0f2yv2S7b9s74U2vhG/wDGnjPwTZW2r2Ws
tc+Gv7PF1cS2c6XNurG9tLlAizxxSfIqsTGAWKFlbNcqdOT1s43XdJrm7J3V9O97aWbuEkqkk/he
39brVfda73R8w+JP2s/iZ/wT6/ah8V6L8TfGPi/42fDbRfAreLYJbDwrpdrrek241BIJrm/mha1t
5xCm8gW8MLGMYEM8ilq9Xt/+CvHwcu/22rf4DR6q8ni+5vm0hJlvtOaL+0Ftjcm0a1F1/aCnygT5
7Wgti3yCYyEJS/tK/wDBMDT/ANqDxRr+q6v8Xvi5o8nijwSvgLU4dK/sJIrnT/N82V/32mSMk0r7
t7IyqAxCKgC4674MfsPW/wACviPfa9o3xI+JEljrcsd/regzy6b/AGZreprFHE+pSeXZJPFPKIka
SO2lht3YEmH5mBui1ywjV15ea/nebcdeyh1avzcqfu3tzzT5pyh9qzSfT3Ip6d+e90nblvZqTR5V
+2P+3h4m8PfGPwJ4Y+HNvrttpVl8TtE8J+MfEL6Na3OlS/aXjaXS45ZLgTRTeVNG7TJayRAExiWO
U/Lf+Nn/AAVs0P4XfDTxX4is/h58QL6ysfDuqa/4U1SeKxh0nxsunwtLcC1kF0ZYwiK0mLmOBpY0
d4VlA52/il/wSp8DfFn4q33iO98XfFDTdM1LxTZeN7jw1pOviw0qTW7VEjS+DRxC6RmSNA8a3AhY
qH8sSfPT4P8Aglb4El8Ia54W1LxJ481vwVfaZqek6L4cvb21+w+DoNRikhul0947dLjJjldE+0yz
iJSUjCISpyV/q7i/i1fzcIKyfZTUnHpyu8vebN6fKsWpz/h+6reSnNt27uDipf3k0tEjzwf8Fkrf
4deJvGrfE/4b+J/h/wCGfBPg7w7r91qWoahoqh77VppoYbQsuovHGJHRVjd3ESeXM00sShGd/ib/
AILA+G/jp+yzrGt/BO31/wAQeNrnS9Ylhg0+003XF8MNYBFnvLsxX62dxBFJNDhbW6maYOPKWUBs
d94q/wCCVfgbxtcalc6n4p+IlzqOqaLo2lyXo1K3jnjutIuZbnT9UQrAAt3DLM5AA+z42jyMACrH
xO/4Jqab8YLXS7jXvit8X5vEtrpF/wCHtS8RW1/p1lqGv6VeiMT2NwkNkltHHmKNle2hglRlLLIG
dy1YtRmpxp6X5kunR8rv/i+JaNQ5XF86aIw8nH2bqLblv1vZR5l67tPVOV1JcrTXIeKP2mPiPZfs
x/smeL7XxJaw3PxB1jw1a+MN2jRzz6zFe2RlmWLbhIC0gydkTEg7U2cGmaB/wVw8E6R4K0OSx8P/
ABv8e6j4m0fxB4rsLd/DFtZ3xsdNvpYrqFjIbW2jeDAVIXYT+WIvNzLIN/eePf8AgnDofif4B/Cz
4eaF8Qfid4J0v4QX1pqGhX2m31jqGoSS2sbR2/2iXU7S7EqoHJC7QPujG1Qo890b/gjRpuhJpHk/
Hr47mTRNL1/SLaR/+EaZxBrc4nv8/wDEnwWaYK6nHyFQBhcqdMTUUpVnSVrznKOn2XBcsfJc61S2
TdtXphg6coKiq7vaEFLXXmUpcz87xaV920r7a7HiX/gtP8DfC37QnhD4b3Otv/bPjD+yo4ZWvtOh
NlNqcccljDJaSXS3zmVZY8vBbSxR7x5jx12/7Q37YQ8M+MfFfw28LQajH49sfDLatBqrWdrf2Gjy
TJMLaSe0N1FdSx7oJWLonkgRMrSo5VTQ+B//AATk039nrxRpep+Gvid8UbZY7Gxstes2l0r7P4w+
xQLbW017tsQ6TJBHFEXs2tjIsSB9+DnX/ae/YP0r9qfxLY6lqnjnx5oR0xnms4NKbTWjs7gwNAlx
C11ZzyQuiu52xuscpciZJUwoxxcU4ONF6ty120e3zW6aeul0rNvfCykmpVt+WPmuZb/JvTZ2V2r6
I8m/Yz/4KoWPjr9mnw1eeP8ARvGtr4yg8C+F/EN1cz6Zawx+Lp9YAtoG09IpeGlvVeIJMkG0srYE
ZD12Vn/wU80ubxXpXh66+FXxY0zxJfateaBeaXeposMujajBpr6lDbTynUfIc3VsjNBLbyTQkgrJ
JEQccz4N/wCCNfhPwvpMGnXnxS+L/iDTdP8ACWleENOtr640aH+y4NKuBc6bdQyW2nQyrdW0+XWR
nYMT86uMAd/4h/4Jz+GPG/wo1Dw54j8W+Ptf1fWtfsfEep+Kp7y0ttbv7m08pIlJt7aK3iiMEQgZ
IIIwY5JCMO7SHqxU6dSrOVNWTbt5Jysnbuo3bW1+VKy5kTSTjCKlq1Ff+Bcivfy572a1te/RnGeF
/wDgsB4N8YfDvwt4qsvAfxAbRPF+n2V7YXT3nh+OFZry8uLWCzklOqeUk7G1nkGX8sqoQSGZlhPb
/tUfto6t8Cfh38MNb0H4eeKPFFx8SfE+l6CtgPsdnd6al0S7GWO6uYAJfLV1C78B8bsAYJoH/BO/
wr4H8EeNdC8M+JfGnhqDxtr11r80lrNZ3A097hZd9rBBc20tsbQSTzTCCaKVfNlZjngDW8R/sMeF
dd+APw/+Hdvq3ijR9M+Gd9puoaJfWN1Ct/FJY8RhmeJoyrIWRgEGFc7PLYKy4txcou2nPBv/AAtp
zj6pXSa3/Fk07SUX9mSX+JJqMvRu0rdNVqrI+e/2ZP8AgqvJ4H8Ea/D8c21p5dG13xrC/jO10OCx
8Pvb6FeTB7dYlne4WUWqBxlHRirr5zOpWvXf2Uf+Ci/g3/goT8K/Hl18LNWg0/xB4TQ2swvLjTtb
i0+eaBpLWdm029ntp4zjcY0uQ42Mj+WwIHAj/gin4R1PToNL174sfGLxP4cGqa/qt1ouoyaEtpqL
62H/ALQjleHTI59jmWUrslR4y52sMLt+gfhd+zxqfw4+FeqeGbv4ofEbxbcX9o1lba3rbaY2o6VF
5bInkiCyit2dNxYPPDK7kDzGkAArKqnKhJL4uRJdPe6u/fovm2777ymvrDlFWi5yfdcrfuq3l136
JK17fO/7OP8AwVAmsP2K/hr4p8Z6H4y+IXii48Daf4v8cX3hjTbPyvD1ncCQfb7iF54WMRaCciK0
SebbCxEZAyex8V/8FWfC2hfHPS/BWmfD74oeKbfVdf8A+EZTxFpNtpjaWl+NP/tOSLZNex3j7LL9
9mO2cSD5YvMk+SqPgL/gkR4S+G/w78P+GdK+I/xYgstK8NJ4M1aVbzTI5/FmiRyTNDYXxSxVQsSz
zIk9qtvchZGBmJJJ838L/sV+O4/27fFHjSw0Dxt4G1e6vvsll4ot7bwRqOgjQ0WCBbaG5ntJPEMU
ht4y62x22qTj7zR539VWUJ15ci0fM10W/up/3bdFZ3vrZJPOoly3holZa7/D03d1K7d7rl5V8TbX
rHgD/go/4e1f4c+DLzw74c+MHxPn8S6UviO5FpolkNW0XSpruWGO7vLYPb/KHR0WG2jluSsLExMV
c1g/Hr/gpfFNrnxU+GHhXTvE3gf4meHPB+t+IfD+r+ItKs59P1AacEWWeOzW7F35fmSII3uYYI5h
l4mlQZO78LP+CXGmfBe08Hv4d+LvxhsNY8J2EmiyasJ9Ha613S2uWuRYXinTvIaNJZJCksUUVwgl
cLMNxrK1T/gjz4NvPEOv6nafEX4qaXc69D4ktt1vcaVI1lDrzwvfRo81hJJJ88KtG87SyJkruKBV
XkxEHKnKMHZuNS3q0/Z66be62+6l05TWhKEakXPZOH3L47+rukv5XHrc71P2xLb4SfstfCLxT4tg
1PX9a+IFppNmq2JsrZ7q9uLP7RJIWuJre3RQqSvtDhm27I0d2SM8J4j/AOC1PwQ8G/tL2Pwr1rVL
rR/ENy1vbXRvrrT7d9KvJ7RbuO0nsmuhqAfymXdKlq9ujnY0wfKj1LXP2OLXW/2YfD/wuPjrxvb2
Ph7TY9KTV1TTJb6+hSAwAXMMtm9jN+7P3Wtdu5VYKGUEc18Mf+CbXhT4MeILpvC3i3x/o/hbWbO1
tde8KLeWk+leIpLezis0ubh5bZ7tZmgghRzBcRLKIxvVstnpxM4yrVZU9m249F6O2yts0m7tXXKn
fjwsJQw9OFR3kopSe+qtdq+9+za0T1u1bIb/AIKi6TaaZ4d1O++Enxn0zQfFevaNoulavd6Zp0dl
dxatN5NjfhvtpIgeTYGiK/a4hJG0luisDVfwX/wVl8H+N/HWkeE4PAHxZtfFmrvra/2Zc6RaotoN
Ivvsd+8t4Lk2QEb/AD4W4ZihQ43SRq94/wDBMfSp/gBa/Di6+K/xfvtF0HUNN1Dwtc3N7pct74SO
n3MVzaR2zmx23CxvBGoN+t05QFS5yc0Phb/wSY8IfCT9oWz+Ilh8QPixf3MM2uz3Wi6rqtpqGk6g
2sypLfBkltWliV3ihIS3liUGEHBLymRT9nqof3rX7cseS9uvNzc9u65dNV0QtyXqb+7t/wBvc9r9
H7vLd3Vnza76H7EX/BWT4Rf8FAPiDr3hnwBqjXOpaJYpq0Ya/wBOuxf2LyGJblVtLqd7f58Aw3aw
XC7lLRKCDX0xXkv7LX7JVt+yf4fTQdI8b+Otf8Kabbiy0DQtanspbPw1aKRttrd4baKeVFUKqm6l
ndVUBWALZ9apT5NOS/z3+fRO1r2bV720slGvNK+19PT1663tdJ2snqrvxb9rH9rG/wD2Z9a8Lwxe
GLbU9M1z7Sb3VtR1STS9P04xiMRQm4+zywrPM8gCLcPbxlY5T5u5VR/DfCP/AAWH1D4ifETxpY+H
Pgl8RfEXhjw6utQabrum6Lrc8OoXelyvDNFLINM+yKsskUohNpdXkrbNrRJIRGfpv46fsu+Cv2kr
a2g8Y6bqGoQ28bwGO11i905bmB2RpLacW0sYnt5DGm+CXfFIFAZWHFc/pv7Bnwu0bxZ4h1i00LVL
V/FE73eo6fD4i1NNHe5kIMlzHp4uPskNw5BLTRQpI25ssdzZzXw67+9+Pw/drfTt8RcmtOXvH7k3
zferL5dDzNP+Ck96LPwXcyeFPDJsPEdxcWWoatH4rkOj2F1FNDbC0ivGslj+1PcS7VgvfsUpWNyF
MimGofBf7cut6+l7ovgv4cTzfEXXfF3iGwtdB8WeNZLa18vSXijurlrtIrz7PG3mQ+Vb28ToDKM7
AZGX0Nv+CePwli8PW+nzaP4gmtba6N/cyXPi7WJp9Vffvb7fM90ZL+MsFLR3bSoRHGCpCIF5ew/Y
F/Z9u/hZf6nay6u/h671u58ZHxFB8SNa8+yvpFZLq7ttTW+861V13rKIJo43G4OCMihuK1emjT/8
Ci18klK/fTRPVRZt2tfVNenLNbW3u4dX116Pyxv+Cy+tavJrkmk/BTVBaeEdE0rX9dl1XxPa2jRQ
XOpTabdJbJDHOZpbee2uQBIYVl8hiGUNGz/RX/BQTVtZ8P8A7DHxe1Tw9r+reF9c0jwhqeo2GqaY
Ylu7OaC1klRkMiOoJKAE7cgE4Kthh5rrP/BNz9mj48eI9YSCG/vLvWPDWl2WoWHh/wCI+tWMEmjL
I8unk2tnfJGsDSRzOkgQCR/PbcxaQn6CnsPCfiPSb74e3lxputxrpItdQ0a/vBf3M1jIhhzcLKzS
SJIoZS8md53ZJOanFU3KjKktJPm/G9vuVul97tmuGqxhiYVnrBcja80o83yk721WjWmp8Waz/wAF
d9d/Zt8L+HvCPjX4cT3/AI/1vRdCufCkOmaxf68PEsd7BPmS6Fnp017BMjWc7SJDa3fBVlaT59j9
M/4KbfHLx74/F14b+CFnbadYfDK+8X3XhXxTrOoeHNcnvINQa2KIk+ktIFYQMYPMSLzEuFd1jOEX
6Eg/4JsfBqDwDqHhw+F9Qms9Qltpjdz+I9Um1WzNqztara6g9wbu0S3MknkpbzRrCJHEYQMQdbwL
+zn8J9J+LVjeaVjUvHHgHRjo8j3Pia81PUrazumMi/bhNPJJO8jRuyTXW+T/AFu1xufO1WfPOU1v
eTXazhJK68puLfpdcukVhGKhCMVslBPXdqUXLXdc0U0u19b7nhGnf8FatS1nxj4o06z8E+ELyy0G
10PWbS9h8X3hXU9KvrK4vrq5TdpYTzLW3tnby0d1csqtJCxArl/DP/BcO+1P4Oax4q1P4G/EDSWu
p9Jh8ICTRfEIsvEzak7rBD5kmjR3BnjVPMmSxtr5AjqYpLjJA+mvhj/wT++D3wb1DwtdeHPBFjp0
vgvSL7QtHBubiZLSyvJVluISkkjLIGZcBpAzIpZVKqzKc7S/+Cbfwd0j4Van4ITw7rE3hbUZI5It
PuvFOrXSaMY5FliGmtJcs2mLHIiMi2RhEbIhUKVGFJxu7LR2+Vnr98UntpJyWqUbVZpWv5X76LW3
TW+l3pbVO585/wDD6rxsfDPiG9n/AGbfF2gXPg3wjceMtYj8Tas+hCeztr77LcNYxXNmt5KCivLC
bq1tDKAoYRZJX7s8S+L7Twn4J1DX73zVsdMsZNQn2rucRxxmRsDudoPFfN+p/wDBL79nr48Lrd5N
/wAJj4oN/pkngvWbqH4q+JLh7y2gn/fWV1ImokyOsqFZBITJlSrkjIr6Q8OeDbDwv4LsfD8C3Vzp
lhZpYRrf3c1/NLCqBAJZp2eWZio+Z5GZmOSxJJNKq06Fqek9bPpq3y/cuX1112CKarXn8N9V1VlG
69ebn36W03PiL9qP9p/4s/En9kfSPGZ0PU/hJp134r8F6noWpaB4rg1FvEWl6jrFrBJZXo+zxy20
vkzBpYoS8Z3oFuZR5iVL46/4KzP8H9JltNG+E3jbWvHPiHxd4isIfDk97q2tTGLSZIYrm4H9m2ep
SQI/mQ+VDHD5CmQb5ItzGvYr/wD4JUfBG/8AhK3gV9D8XxeEU1C31K102Dx94ggh0uS3kEsCWey9
DWcEcqpItvbmOFXiiYJmNCtHwB/wTa+AWs/D4R+Gx4o1Swl12612DXLP4meILvU7fUWJhu5YNUF+
11CzsjJMkUyq7KRIrEGnJxvLk0V35uz9na78uSTts21ZJ6q204QUleS3ey2nsterT3uldXa0fB6L
/wAFavEfiHxi1v8A8KN8R+HtD0/XPCejarL4l1mLTdWs/wDhIAi28i2CxStuhlliSWKaSFwN5xlQ
jeqf8E8/2h/Hv7SngPx1rHjrR/DmkNo3jrXPD2lrpOpy3oe2sb6W0/eB7aHYwaE4OX3g7jsz5a0P
F/8AwSc+CPjnxFq+q6hpHjn7Zruoadqt8bX4i+JLOKe608AWU3lw36IrQlVZdqjDKrfeAI9N/Z/+
F3w8+Hlt4lvPh6tgbfxFrd1qGrSWepyX0Tag0rNcgbpHWE+c0jNFHtUSSSMVDOxNRlTs7rXX5L93
b7mp62+0l10ytJQSvd3Wu3SpdfO8NP7re+/hnx1/4Kb6p8FP2w9N+GKfDmDxFp2rXTaVa32n+Jo3
1SW//sqfUkia08g21vHIsBiU3d7BKzHeITCPNPK/Dr/gsXe+J/Aei+Itb+Fp0Cz8b+FtI8Q+EYV8
TR3Vxqc+o6nFpkNndDyES1InuLdvMV5gY5GJCsuw+t/Hn9hL4E6nq/iX4keOLe80BhcDxHq2tDxt
quhWenzwWElk2obobuKG1kFm7RvOgRiiruY7FK+J/s//ALLH7CPxmvYfCnw78ceFfiJNpnhs+H4d
D0740al4iFnpQmE6xpbf2nKI1jmCSRyKoaJ442RkKKRnStop6tWvbtyyv6Pm5bOzVotuO6e9dwsn
BW21ffmV/W8dLXWr3WjXef8ABL3x18QfF3j79pKy+I2p3t3q+gfEr7Jb2L62NXtNEhk0bTLn7JaT
C3tgbZHnfZm3jcg5cGQszeQ/8FFv2rvjJb+Mf2gfCehXMXhXwz8M/DvhPW9M1TQNc8nW7ye91KaN
4HSS02rHOkUkbFbhGiEUZVmMz+V6j+zR8df2H/2ZPF2vWnw7+MHwHsPFPji/gGszt8SLPU9a168j
XyYxcT3F3JczzZJHzszM7uxy7sTual8Fv2V/+CnOpeLNZ0nxJ4X+JtxeWun6V4huvBXxCuRiO1ml
uLOOc6ZeKEdZHlZWOHILDJUYrWUlL2coLSMYJ+sYxTfW+qvq9b632eVW7VSM9HJu3o5Xt0tpdabb
I87+KX/BY/W/hbqupeEpvg/f6r8T9P8AEupaKmgaNearrlvc2tlZ2F612sunaTc3IZ4dStVCNaCN
ZSytMqgSN9f/AA7+J0nxD+CujeMR4e8RaRNrGjxar/YeqWbWmq2bPCJPss0L4Mc6k7GVsYYEV83/
AA8/Yn/ZX+J/i/xXF4T8RXfiLxWviF7/AFm70n4va3ea3pWrRwiGXFxHqRubOUwiOOWON498ccSu
rLGgX1j4xftU/Af9me3t/AvxC+Kvwx8By3emhYdJ8SeLrPTLu4tH3RbwtxMsrqxV18zkllbkkGsp
2dFRj8bUbPpfl1a33lqt9NVo7Kox/e315U3df9vaX2tZWW++93qfPnjT/gsle+Ffhzoctv8ADJtX
+IHiPUn0+18Lafd6xqFxYmO1N5Kt9BaaPNqdpMkBiDRtp5Akkxv8oeedLwn/AMFPvij8Zb3xjp/g
j9nPU7TWvBXhXSPFl1pvjzxP/wAI1d3MV/BdubaOGKzvJkuUktXiCTxxBiGJMahDJ1Hj39nL9lnS
rzSvD3iHxHpOl6/4suh4m0Ge4+Jd/Z+IZvs8LgTaZefblvYraKCSRRHaSLCkUjqFCMQV+HPin9kz
9nr49fEjxXpPxZ8Dad45s9MgsPG41H4qyXh0y1tZVhjN5aXN88VsUmm2mRo0fzLl9zF5n3VNxtNb
N3t5WWunVKW+ui89EoOVo6X2+d5aarvHbTVv5nK/F/8A4K0av8L/AAf4S1Wz+HujeLP+E/t9Lg8P
roGt6trIutSudPm1G5t3jsdHuLoQQWsSuJobeZ5POjLQwrvZOq/Zg/4KM+Kf2n/jhB4Li+CvijwO
9t4Z07xTqtx4uvf7LuLW3uprm3McdmYWuWlWa1kCrPHb71UuSgMfmdX4J/Y/+Afxk/Zt0jSPCVpp
2s/D261R/E+iap4b8T3e6G7d3P2qw1O1uBPDjLxqbeZVSP8AdLtjGwdR8L/2Jvh58HfjTe/EPQrL
xLH4u1HRodAu7y98WatqMd1ZxOZI1kguLmSF5BI0j+aUMpeaZi5aWQtbcPaNtNK707Llej2ekra6
OyvvdC3p2i7uyV+75l73VawT01Sk+qsyv+2p+0xqv7LXwrs9c0Tw7o/ifVdR1FNPt7LU9eOkQEmO
SQndHb3NzM+2IhYbW1nldmHyBA8ieU/AP/gpT4n/AGq9N8I6n8O/hKdc0u+0HRNe8TrdeKItPv8A
RI9UVmjjtIZINl40Ko7ymSW1+UDy/McmMe+/G79nLwh+0Va6DF4s0+9vG8MamusaXPZ6pd6bcWdy
sckW9ZrWWOTa0cskboWKSJIysrKSK8q8DfsBfADwl460jSfDNncaV4i8BaFbaX/Z2leNtVt7ldJL
zG1gv4I7sG7tgxn8lbxZEX94ExyKyp7SUtXdNeSSd0/V280uvQ0m1ZOK2Wvm29H5WWnZvS3U4r4Q
/wDBS7xx8c/h94e1LRvg/pmla9441vVdA8OaNr3jVLd5LnS7i9jvnvZra0uEt4kS0XY0P2lnklK7
FjQTPqfD3/gpjfePPFvhLTpvh6dAg1yWXTL+fVtaNuIdWh1OfT7mwspPs5trx4ntppCDcQyujQeX
FIZGEb/il+y3+y5+yV+zjo/hfx3r1j8OvA9r4kl1jRtS8SfEzUdLvbHV5/Nllks9WuL5buCaQNcM
ywzruEkxIId82Piz4O/ZS+DfhnwH4l8a+LvAngzw4Tb3Phy51Tx8+k6RrrQs11BMyvdpb6iySTNc
K8wmIkk84HeQ9VKULuS2ul+Gq9W9l1tfTYh3d1s3zNeiemnXS13dWu1Z6SXefse/tXX37T2m6y2q
+G7PwlqejGI3Glf2pJcX9j5rSlYru3mt7ea2nVEQspjaMs7COWZULn5a/wCCwP7Ufxi8FXHxS8He
DL6Hwn4d8O/CK78ajX9I1s22vLdx3ioiRxvZugUmMxHbPE2y4kcOrogHvv7P3j/9mL4Q/DnxT8Tf
A3xN+H03hCaa303WfFMnxBXV9LsPIXFvYi7uLqWK1ijE5KW0bRxqZyQgMhJo/tmfBT9mD9ovRdN8
Q/F/X/DUWneIrb/hE7PUT4+ufD9vrEc0qzCxWW2u4FuGZ1BVMs2GdR8sjhm9K9OSWi3XduDS01+0
4tJ7/chp+7Kzs200/KMlKS/8BUot9L3ZwHxI/wCCt2tfBnStY0TWvhXcT/EKz8ZQeD9I0fTdR1DW
4NVEukJqy3Uj6fplzeR4tiwkjhs7jZIuNzR5lH1D+zr8aLv49/AXw940uvCXibwffa3Zm4m8P65Z
S2OpWEoLK0TxTpG6ncp2l1TcpViFzgeWaV/wTD+Bmt2WtX9vYeLNVfxXfWmsT6q/xE8QXd4t5axG
GC7tbtr5pbWZYv3Xm2zxu0fyMSvy17v4R8Daf4G8HWug6cL5bC0iMSNcX091dPnJZ5LiV2mkkYks
0juzsxLFiTmlNpwlb4tLfKNn33lrt6JbERVnBLZLXzd+nklp37tvU+LPCn/BaS5TwNL4y8afCTUP
B/g4eHfFutJIviKDUdWSbw7fi0urWS2ii8pTJuUo8dxINwdSNoWR8LRv+Cq3xp+LXxU+FHh7QPgp
F4Tm8UeLZ9J1D/hLJ9d0Oy1a1XR7u+Q2c1/ocE7lfJYyEWwCyQpGrMk3nL7D8Kf+CX37N0F1bz+H
LDWPEEHhSTVtIa0n+I2u63YWz35L6la3FtPfSwOZmkDyxzI2WKsRkKR3nhr/AIJ6/CnwtYeGbePR
vEGoDwdqi6vosureLNX1W406ZYJbcRxzXV1JILYRTSp9mLeRiRv3fNXGULpyWllt5ybvrv7rSXe3
zKqSbTVO17y/KyXlZ77tO/ZI8E0n/grj4uv9d0bRZvhb4Sg1/WfDet3gsV8b3jm313TdQksv7Gkf
+yQoM7xyNHNncwgnIhKxhn6rWf8Agpl4p0DToPER+Eket+CL7U9V8MWd7oviuKbU59c09btZrc2t
xb28SWsk1lcRRXLXO8kIzwRK2V9L8YfsbfA3wv4ih8U6/oGiadfXPjm18Xw3t/qk0KP4hkX7HbyJ
vlC73MuxYFHlvJKWEZkcsanjL9iX4HD4jX11q1m+ma78RJb2OOxTxbqNhFeXc9rIt3c2NmlykUF8
9sZt91axpcbDITJgsaxneVP3FaVmu65t7fK/Kn2jGTi3KUSo8qm76q913tqtfuUna2rlFWSUj5Yv
f+Ch/jvXf2i/2dviBcWc3hzSfjP8O9UufDHgC48WA6Zq2oSDSJLFr2dLIC2nZ7uaLeTcII1jZVWW
RoT9ReGf2wPFVv8AtG6L8OPGHgjw/wCGb7UraHddx+JbiaG7umt5Z5E09p7C3S+ijEWxijrcKxJa
2WMCQ5+r/wDBJf4Fa9onhHTbzw54ouLHwJ4cuPCWhQN461/ZYaZOP3lv/wAfvz9I9rvudPIg2svk
xbO20z9iD4d6X4r0rXBaeKbvU9Fd5rWW98YaxeDzmh8j7TIk10yy3CQ/u0nkDSxKSEdQTnoqzpXS
pxtFOVl5OUnG73vZq7vbSySS96G5Sir2vypN/wB6yu15aNL73du0fWJkMkLqGKMwIDDqvvXwD4G/
Y1iP/BQrxh4DX4qftA/ZPDfw88PeILC5l+K/iO4CapNqOpRz3T28l61vIsi2sIa3kja3wpAjAJB+
8fC3hy38H+GtP0m0kv5rXTLeO1he+vp765dEUKDLPO7yzOQOZJHZ2OSzEkmvPNP/AGNfAel/tLat
8XoIPFKePNc05NJvbs+LtXazltEDBIRYm5+yIqFndQsI2vI7jDuzHBWjU5l2euz2aXpq03Z6WT1a
Rop/uZQa1fL6K0ot/wDkqa21u1omz4k/Ze/4Kg+KP2W/2c1/4WjpXiPxxpFpH44v7Lxbc62t7rmt
S6T4iezW1ls47dVQOlzbrG0TH/VsogjUIG+vf2Fv2ttf/a18Ca5qHiX4beJvhtqug6l9gMGpadqt
raapGYkkW4tH1KwsLmWP5yjF7WPbJG4G5drtwM//AASs/Zn+FUOhLq2m6vBYpJfaNptn4g+I+u3d
hdyavITdWv2e7v3hne6lbcUZGLyBWA3KpHvfwQ+Anh39nnwmNF8NnxDJZgjEmt+ItR1672jO2P7T
fzzTeWuTtTftXJ2gZNa86knKSu7W+fNfpp8LSta3l1ec9/d6tt+jva3z3872dtF5D+0D/wAFDrf9
mv4t+ItK8T+G49P8K+HNGl1dtXutSe1utUWGynvJhZQSW4gugiQFGWK6M6uSWgWMeafKPAf/AAWJ
8S+KvCNxquqfAzxT4Vsre8tnbWddt9e0jw8mnTW805ne+vdGgKTIsBRg0QtRJLCv2zbIHr6e8a/s
g/D34jfEZPFOu6HcapqQMjvbz6reNpk8j2wtTLLYeb9kllEAMayPEzqrOFI3tngdS/YQ+B3wy8B2
3h/UJvEOi6RqV2mnab9t+I2twzQvMVRNPsp5L7zYIZMBBaW7pEwZkEZDMDjTvZqWrdkvXm16dVZL
T8dS5uN01ole/wBy9dndvVdNkmZnjH9vzVtA8f8AiTw/J8PWuo9O0N9T02OLxElrqPiUrprXsv2A
TRRW08IYpAJYbt3D+YzxxIgd+P8AC3/BSS90v4OaP4h8MfDuXWvAfg/QtCuvGd3f+M5p9a0JNQsr
e5jECzwSPqbQwTxyTSz3EDsCSvnPlR2HxX+BP7Mtt4Ln8beKPEGh+HvCdmlxoB1MfEG70bRdPmMR
0uVYzFeR21verGj2nnJtuEAeIOuWU1fhV+x9+y//AMLF0rw34TvNN1PxN8PdIsYJNDtviDqF/cDT
4mL2H9p2hvH+2xRFibc3ySiIACIqAANouF3dfy/hzuV9dbpx7W1at9rCaqWXo7+r5EradGpX82lb
a1L4S/8ABSvxB8Svjzo/hi++E9x4b8P6x461r4frqd34kgnvor/TrGS9EptIY3jMEscMw3C43owT
KEMSvqX7YnxmX4O6N4CWfw54g1618U+ONG0GSfS9abShpDT3SiO5ndJFklhEgRGgUOsu/ZIvls5H
NaF/wS2+DXhv4i6b4rs9M8cR63pHie58ZWrt8Q/EUkEerXC7Z7kwNfGFjIhZGRkKFHdNu12U+h/t
Efst+Df2qdE0TTvGltrt1aeHdWg1ywXTPEWpaK0V5A26GVmsp4Wk2NhlVyyhgGxkAiKcopUXLeLh
z+dnFza7N+9ba2mqezqKf71Qe6ny36N83LfyS5b73s91vy/7Nf7Wt58ePiV4u8Naj4btfC974anm
2Wc+pyHVGt1uHginns5reF4llaKV0kiM8DpsKzMWKr7VXn3wy/Zd8FfB/wAd6l4l0LTtRi1jVLYW
byXes31/FbQBg5itoriZ47VGcB3WBYxI43MGbmvQanTliuttfX+vJfqaP45NbX09LL9b/wBaL4e/
4K2ftT/Ff4G/EX4b+HfAni7wP8MNE8TWmpT3Hi7xdrtvomk/2lC1uLTTpbq403UIsSrJO5hEcEso
hIjuI2UhvKv2m/2t/ifqngf4yeFZfiS6eLb74c6rrGk6b4KFncjSGtNKV2Zobmzi1K2Et0bhFncT
wyiONUa2myh/Taio5V7OUJa3Ulr53t93la6SXdvaFXlrQqpfC4u3ezu/vS63tdvVWS/LHV/24Nb0
n46/CfwRpfxfk8Y+B5W8NeGfE2j6/Y6Hb2uu2GqWVwpvMLZ+feLJJ5SrPCbO0G3ywLhmauE+BHxL
fwn+wTN8OtX8Zad4l8A6R8HfElr4/wDCGtaTp8Vn8M720VRYwzMIkmgmnMzAW940jP5ayRCNVOf2
B03VrXWYZJbO6t7uOKWSB3hkWRUkjco6EjoyspUjqCCDyKsUYmPtoVYP/l5za/4otJeai5SkvXS1
tc8JJ0JU3uoKCt5xbbfk5aJ/4debp+V/7Pf/AAUhuPGPwz8W+FvCHx/+Fr2PhDwf4IudLm07UtOg
fw/aNbOmrq93JHewC4j8nJluYfIiLxJIsWTIfM/iD+3v4f8AA37RPxE+K+g/GPwz8O/Ftx8LfCGs
akl9b6JBfeJ511q+Rra6jYyo6GzkhXzLdt7RS2skcqoU3/sL8QfiBovwp8Dax4n8SapZ6L4f8P2c
uoajqF3II4LO3iQvJK7HoqqCSfaovhj8SdF+Mnw40Hxd4bvhqfh7xPp8GqaZdiJ4hdW00ayRSbHC
uu5GBwwBGeQDXXUrudWVdLW935XTSXo7Xs73ae+pzYei6OG+rX0cVFPr7soSv20tbRXXMtdFf8x/
DP8AwUq/aA1rxn8X/Emn+J/hjqtr4YtvED2vw8j1ddS8Q2Vrbs/9mapb6Vb6ZFcNBLAsc7SyalcQ
3CzJ5PlMyx16l/wSY8a+F/E/7b37Rl34Y8cXnxSs/EOneGdU/wCEyTQLe0tddlFvcrKxurG2gsp5
Y98cfyjzAqBG3NE7V9nfGb9onwV+z1H4bbxn4istBbxhrlr4b0VJw7SalqNy+2G3iRAWZmOSTjCq
rMxCgkdpWUJcsU0tLcrfd/E9e+sW1va19GrXWg5yu315kui6adbaSS1tfzTv83/8FG/jXrP7O+mf
CnxVa+PZPAvhk+PdO0jxVNNFYf2fPpt3viY3M1zC5gCyeXtkjeP5mwxYECvlj4Gf8FEfHE1v4HPi
P4satqMdr4q1Dwtdx3mhWGlav4ml/wCEhuba1mFpPY28d7F/Z8Slm0yaJ4THNI8UwBVP03oqKT5E
1LX3ub5WiuX00b0trK/TW6qctnbRL5pyd/V8yT30ikfkp4d/4K2a58RG8C6TeftX/Cnw9FqmqfED
T9e1bSbXR0njXS5rg6Zcwm6lnhgiaDyHVZI5TIpDeY4bNU7z/gqB4/8AjzqnwNstF/aO8MeBrjx3
4X8JandXOn6v4OsLKWa4nePWluI9XSW7ln/cyRWyabFKsc4aOdV4I/XevG/GX7HEPjD4s654j/4W
H8RdP0XxZCkHiDwnBcWEui6yiwGAKxntZLu3Ux4ytpcwKTliNzOW1o1IxnHmjezi9dvd5rp9bS5l
ff4UrNbVWSnKc1pfmsu3M42S2XupabbvZvX166sYtQ0+S2uUS6gnjMUqSoHWZSMEMMYII6jGOa/K
T9kH45+Pv2Y/hHB4U+FepyeM9S8Had41GufCmPR7KNPAzW9zfXWlSFIYo7uBrhzBGkE0jLNFKGhR
AhY/rBHGIo1RQAqjAA6AVkfED4gaN8K/BuoeIPEF/Fpmj6XH5tzcyAkIMgAAKCzMWIUKoLMSAASQ
KwcuXmlfdP8AJpN69Lvz7NPUlRu4NrVNfmrr52S8+qZ+Xf7RP7R3iv4l/DN28M/tJeIPGfw1tvFn
gfUL3xtpmn6LBL4enudbWG90uaWOy+y7IEWGfyZojNC21LhpUkCNW/4JZ/tgeEPh98YvA/gvwj8a
vBDeDfHPxH+IOlweB7NtJhijRb+a6sLiIRqLiOR8gKgZYnjuECxAgMf0k/Z2/ah8HftU+GtS1fwZ
ca9c2OkX76ZdtqnhzUtEkiuUVTJF5d9BC7Mhba+1TscMjYdWUeg10QqcitbR3fnaSh5WaSjeLt1v
q9Wptzpcils4+l486fzbk+bXpZWWhk+PfGOj/D3wRq+u+IdU07RND0i0lu7/AFDULhLa0soEUs8s
sjkKiKoJLMQABzX5HeCfjN8OP2of+CV37PXwy+GXiHw/45+PGmatodzolr4YvIb/AFXwaYdUjku7
26aEs1hAtmJ1dpjGJFfyxuLhT+w9ZfjbxrpPw28Har4h1/UrTSND0O0lv9QvrqQRQWcESF5JXY8K
qqCST0ArnjKMJe0nsnGXb4G3v2d9fK+vVbXlKLpwWruu+6tt/V/z+NfAPjb4WN/wWB+JXw1/t3wS
ZLP4SeHdMXw6NQt/NgFre6pO8HkBtymGCW3lK4BRJI3OAwJ4/wD4J+f8FHP2dfDnw6+LGmXfxl+G
Mmoa78UvFM9jpFj4ks5tU1mK51B/Ia0to5DNP5wZfLMatvyCCRzX3d8JvipoHxy+GOgeMvCuorq/
hrxTYQ6ppd6sTxLd20qB45ArqrqGUg4YA89K6CqqwldwqrXllB385qT39LWfn6DqVud8y/mhJf8A
blP2aXzve/y8z83/ANhz4hWnwV+MPhXwD4Pl0L49aF4Q8F38nhyLSra10vx98PLMpbTRaLq8Uk0V
tm5ARIpLg2rl4AXD/PMJ/wBsz436l8W/28v2avDthr/hj4EfErXND8WWzaB8RLLTfEN79nuUtIYo
2s7DVhExuDDIYSt0wYwupRiHQfoVr/iS38NrZtcx6hJ9uuo7OP7LYz3ZV3OFL+UjeXGP4pH2oo5Z
gKv1VWSqyUp6pXTu9Xfmvr3tJXve+7u5NvOnJ072ettPK+m3a6bSVrPROysflT8YPgt4T/4JveDN
S0Lwt400HxNLpXhTTfBuv/Dzx5YxxH4ppbwy3EEGiXMRWWLUMXLqsESzIp8oeVH8spwP2nP2mvD+
n/tyftDeKYfFXgfxL4C8C6D4cvPij8O31i2i1DV9Ot4ruK6QSLJ+8ls5ZYkls5P3U5lEMhBdFb9d
a88+NX7U/gz9nzxf4L0LxTca/BqXxB1E6ToS2HhvUtUiuroLv8p5bWCWOA7AzjzmQFY5GBIjcqnU
m2m3eTba9W00rdVe+noouNkyXSi9k0ktbdktX5NJb/OXMP8A2Yf2j/h7+1b8F9H8Z/C/xHovifwf
fxiO1udMkVo4CqjMDoOYpEBAaNgGXoQK+O/+Cov7d/jD9nH9qLwvo/hX4jf8I7FpA8O3+reHru10
y3stV0+/1xbC6naW4imurny4jgram1S2yJJZ5PMSIfRfh3/gpZ8JPFnwPv8A4jafqHja58KaZr//
AAi9xOPAHiBbtNR84QGAWhshcttnYQs6xFFkyhYOCo9C1f8AaQ8E6B8edB+GF54gtoPHvifSbnXN
M0do5POubO3eNJpd23Yu1pVAVmDN8xUEI5W2v30JpOyd7PW9o8zT7rl956fDr5jheFOUJ72tfa3v
JfJ393ffTyPzB8Bf8FifGUNpBrVr8dPAPxT8TX2ofEDRNO8FaPbaXDb6xJpayyaRNbxxO94ZJvKj
Cp9oZZkuUChn2yN63/wSx+Ifhvxz/wAFK/jRrOgeO7v4qDxj8PvC2pz+K4vD1vaWt7dRXGpJPA9z
ZW0Vq0sAlghCSE3CrEY2aRreQr9deBv28Phl8SL/AOImn6Pq2u3Ot/Ckb/E+iSeF9Vt9asUKGRJI
7CS2W6uY5FUmN7eKRZcfIXriNP8A+CuPwW1nUtIsrB/i1qd7r2kL4g0+2sfhB4vuprvTy4QXSpHp
jN5RYqN+MfOn95clGqoJJK94pebTUnf52cr9VF62WlV23z/ZUpN27e9FqPTayS/xbXaOe/4LcfFb
wl8K/wBg7UJPF3iLQPD8GpeJfD0NqdUvYrZbqSPWLOd0j8wjeywxSyEDJCRux4UkeOf8FQv+Clnw
K+I3w2+Hmn+BP2h/gY/iKw+JHhvUYtRl1y01nTNKWO9Bae5WC7hDRooZnT7RE2wE7lHNfW3w3/4K
AfCn4r/G7TPhxpHiDVF8aa34dTxXp+naj4d1PTDf6a2z99FJc28cchUyKrxqxkjYOrqrI4Xf0z9r
LwHrn7TGqfB+x1e8v/iBoWlw6xqdhbaRezW+mW027yTcXixG1heTYxSKSVZGAyFI5rOEJKUG+k1N
dL8jV18nBptbardE1nzUp09rxcW97c6sn81JWvvddGfGvxA+Kfgv9oP4Q6F4im/aK+E15478E+NZ
dcsfid4L0SC48GaVdxadcCNNUR7qeNIRZPJHIXvS8ZkiImhLxAcVbfEzRvEPgDwV8U08W/C/4F+N
vCkvidbTX7+1F78MPHFjdahbrdzCaaSNreLUJRDNC0cyvu80KblN2/8AUSSQRRs7HCoMk+gr5ek/
4LJfAK21C6gutb+IFhHYWEOrXl5ffDDxRaWFhp8zukV/PdS6csENm5jkxcyOsJEbnfhSQc/vWi+n
lf4eVvbrbVW5WrqSe5TUnC7vZPzta7aXlrJ8r+JP4Wtj0r9hXxJ/wl/7Hvw61EeDV+Hq3OiQFPDs
cjSRaSoG0RRMyqxiwAU3Kp2MuVU8D5S/b/8A29PF/wAC/wBvLwj4c8PfERdI0jTtV8J2+veGb2DS
7W1vLDVtTls57oPNFNe3RXMQ3QvZw25HzyXDuIl+3fgv8afC/wC0R8MdJ8aeCtZtvEPhfXY2l0/U
rcMIbxFdoy6bgCV3I2GxhhggkEE9RW0p2xMako6Rkm4vqk9Yu/fZ3TMY+9QlBO/NGyl2v9pefbU/
HjWP21dO/Z6+GHxBsPhX8U/C3gHSNR+M/i+znm8P6p4WsZra58mKW2Ik1tl01IDNvaaMkXEqktCG
KuR7DL+2Z8RdCt9F0iX472t98RNI0bQb3wxokNpot7Y/G83UUUl9NbyxWsbTxrI00KNpxgFusSzT
LIjjP2x8dP2bLj4xeMPD3iHSviJ4/wDh3rnh2Oe2juvDkmnypd28xjaWGaC/tLqAgtFGfMWNZV24
VwCQe48D+C7D4d+FrbSNOWRbW13vulcvJK7u0kkjsfvO7szMe5Y1hh7U6cIy15VBa9oR5dN1aW7T
9GnZSHVi5Tk46c3O/nOfNr5x2T7a6XaPzStv+ClHizSra98U6z+0v8ORp2k/H9Phzc6ZDp2l2tnP
o7XUKsiu8kk0dykfmMZjIy+Usx8sHbLH5FN8RNG0D4+/C+Xxv8d49A+IOnfG34hWY8Q+I10SLU/C
umCx1SFBA8tskapIq2Em2dZYw0lsRGEaJK/ZjStWtde0y3vbG5t72zu4xLBPBIJIpkIyGVlyGBHI
I4NWKqm3CmofaUeXm6/DTTd99XCUv+32umtTTbnrpJ3t0WtXS221SK2+wu+n4u67/wAFsvE/iP4F
Xmtad+1J8MrTWPD/AMDovGLWunWujNd3nieC5WN7O585pVzcYCm2iihkUT/IVJRh90f8E7v2yk+P
H7Q3xj8FS/Fvw/8AE9PDseia5pLWcunedZ21/YrNNEi2iruto5SoRpPMkUSKHlkJBr6Q+Nvxv8J/
s3/CrWvHHjrXbHw14U8OwfadR1K8YiK2TcFBOASSWZVCqCWZgACSBXRaRqsGu6Ta31rJ5trexJPC
+0rvRlDKcHBGQRweatVE09O9/wDt6TkumllaK/uqy3YqsG2pR0V9N+kYRa316ye+s7u+h81f8FEP
jdr37P3jz4F6zB8QrrwJ4N13xo/hrxU0lvp5sJbe5028a3klmuYJGhlS7ht1jKSIrtNsZZNygfn7
qn/BX34gaV8OfEh1L9pXRtA1fwV8MrzxFDBq/hfTdI1fWtZtdZkt4o547qJVljuoEjULa28WRKTG
27DD9b/Fvx/8GeBfi34U8B6t4i0+z8ZeOEupND0hmLXWoR20fmTyKqg7URerthclVzuIB7Cs6bcZ
Rm9Um35P3XFJ90pXfqknsXVcZ2W1lFO3+Pnb9ZRtG/SN7bn5H/tu/tj6f8ZfjV4V1S78WvrmpeAv
iz4avPCHgbRvDcGrNqWjyW8FyniC3lht5b50nMk0QuIJRbbP3JQyEued03/gqh8f9B/Z6uvHPiX4
5fArw1Nfaz4fstT0a81G31bWfBl5danFb3unT2n2DThpyx28ksnl3c15OBZzETOm6WP9kq4vwl+0
V4J8efGfxZ8PNG8RWOpeM/AttZ3Wv6XBuaTSkuw7W/mtjYGdY2YJu3BdpIAZSboyUbQtdKSlbvZQ
jLb+ZR1fRvRJKzjkd3Ul2Sb02UpNdNNZpLq1u3J8y6DwTpc+i+E7C1udbvvEk8UQ3aneLbrPe55D
sLeOOLkH+BFGMcd6/Lz/AIKD/tK23ir9qnRbPxh4un07WfhX8aPDy6J4ITwrFqEsOkeXDM3iEMkD
35R2e4jM8MyWwRDAyeZl6/VHUtQTStOuLqVZ3jto2ldYYXmkIUEkKiAs7YHCqCSeACa4v4r/ALSv
gj4FfDnTfFnjLXY/DWh6xdWljaS6jbzQTTXN0ypb2/kMnmiV2YDyygZTncBg4iLtWjUX2XFpefPG
Udur5XFertqk0qsVKhOi3bmjJN+XK0976LmTforuzaf5lWH7YHhz9rW6/ZH1Lxt+074Xj1jUfGXi
rSNTXRpvDsOnav5ceo20TfZ7u3uSiTxNb26qXO6O8XBaV0lryn4K/Hy7+CHwS0NvhD8Zfh3Jptx4
78baNP8AEHxDrHhrRtP8GRJqjy2Ngt9b6Hdw20OpKEuTFJAscohQQSW6+UtfsX4o/aa8A+Dfit4U
8Daj4r0mHxf43uLu10TSVlMtzfSWkJnuQFQHYIo8Fi+0AsozllB7qtOf3eZKyl26q+tvLdaaK9tr
p1BOEXTlq7p69LRlH9b3fWP3fk5of/BRj496v8HPj5qx+LPw58WeMvhPr+haJcWPhC1gtdF0Ozv4
LE3+pzyz295d+TaNJd7J2g2q1tM8lvKqmCPP1v8A4KSfFHwpeeGvDviz9q34KaPZ614H8Wa9Z+IP
C9/pOty3j2Jt30+VtQubO1s7h38yeN1t9PjjY2c4XD7hD+udFZVPeTto2rej5OW6/wC3vfSd9bpt
6NbQnGLi7XSd7d9U9Xv3T2W2i15vgn/gnj8dNQ+Pn7ePiLxTd/E7U/EGmeK/hH4Q1nTdFtfsMmjS
vMdQ+1zQGODzQsM8bKSJsB7h0k3kQrH97UUVvXqxnK8Y8q10+bf4Xt/ktFy0acoRSnLmdoq762io
3+dr/O2u7+Kv+CmOq+IYf2j/AIW2MOrftBW3gi80LxF/wkdt8PNH1me1Liz/ANDeW50u2e4iuPOL
CNVmUkqCFzgn5z+Gl5+0f8b/AIh/Bm/8ReM/jP8AD62g8JeG3s1l+HPie7k1bUoFKa5a6kIby0s7
SWaSMp5urWsiGORZbaVDlq/WGisqMvZ7q+qf3c/589ne6aSVrGlRc17aXTX38v8A8j66vW+p+UPw
d/ZT+IPwg+FOmLoOn/tFR6x4k8YeM/BOu2E3jHxMllYrqF/fTaXrqRm8AihhMdsXvLfZvW8kcyPJ
uYd/4B0D4qaT+zj4X1/xpZ/HwWMes2Xg/wAf2um6x4in12fStN0+e0fU7C3jnkvV+06mEmeezxcz
W+xgzgkn9F9X1aDQdJur67k8q1soXnmkIJCIqlmOBzwAeleS/sz/ALYI/afvnfTvht8TPDmgyWMe
pWOv67Z2MGmatbTJHJbS27RXUkj+dG5cKYw8QjZZlhdo1eoycuZJJ25b9la7S8r++kr6p215U05y
SfM38XN6vm3fm17lnZ8rinpzO/wrpFp8To/jhZ6T4v1n9qnVvhvb/DzxPe6bYHR9cZZvK1NJtFS9
ubO2FxNfyWccoaC5naeREiimj3zyxy+o/wDBFFdZs/hX4K0/4h+HPjP4a+Img+CtN0eG11Oz8Saf
4VXT4baFEVLS4VLCG+RoykxkQXDOrtGxgkQV990VcK7jBwWt0tet06ju31k1U5W+sVb0ipFzmp7a
t2WyuoKyXSKcLpdG+ttfl3/gq/c3ifBz4dR2OgeLvEM0XxR8KX80Xh/w7fa1LbW1rqsF1cTypaRS
tHEkMLsXYAZAUEsyg+G20fxd8TeNtSlsbr4/+HviPFd+I7Txs01rqV34ZGlNb3o0q40aKZk02SdZ
P7OMa2LpOR5ouSG3MP0UJxz6V55+zV+0xoH7VHg3V9d8O2mv2Vpouu3/AIduI9Y09rC5+02cxhmP
kv8AOq7wcbwrEDO0cVjCXuula+spf+BRhB/L3V63NJaSVX/DHyunOS+era7OKfk/hzU/EvxNtPhV
ol/aad8frhfDGrahp9jp0K+Kll8UsYbG3guFmnU39qAftIQavFc2hfzpnmCiCasn4f8AhL9ozxB8
cPirdeJviP8AFHw5rk8uvWS6FYfD/wAQX+l/YJZnXSbu01F9TXSWMMRgJTT4ra7bdIspLKZl/Tyi
qlO6V1d2av3ukrvpfTXydly2Qtlyx0V0/ubaV+yv96Td9jxH/gn7r+teIf2flk1vTPF2mvbanc2t
mfEUupvd3lrGQkM4XVI49QjRlH3LsNLuDEvKCJG8w+Nba7f/ALfItPE0/wAe9O0W3stKvPAV34Ii
1KTw/cXCSzHULXUxao9oGk2woTqaiIRPmB45A7D69oolO84z7W9dFa9+/Xa2+ltCVG0ZRXW/oru9
vNW016db6n5U/GzVPjgPgj411jw1eftP6D8XrLw5rcXje3tdP1fUdLn1Da39lnQYpYJrNt9wIUDa
WgK20kzXBjlAdcv4z6neePvgN8YfCupaX+2B4l0y9ufBus6Ks/hvxyl3LeFYv7TEDxwJKsKhDI9u
CIY5fmSNXC4/WqqGv6xc6OtmbfStQ1Y3N1HbyC1eBTaIxw07+bImY06sE3OR91GPFZ9OW2/Kvud7
eSvb0stdLmlSV7S1VnJ+t0lZ97JaerXU/L/XPjN40i+EPxb07R7v9prUNDg+JmkDwvb+JdD8Z6Hq
Wr6BJpduJbCG9i09tYWJJ4bvdNawz3YMayTblleZqHhLwJ4z8HeCfAcmneKf2ofG0fiLwP4x8P8A
iSS01fxtLd2Ovs9rc6VHJDftHdWE0cbSxxXk0NqJFCklVlRa/SX48fs3+Ev2k9B0/T/Flpqkn9kX
Yv8AT7zStavtF1HTpwrJ5kF5ZTQ3ELFGZG8uRdysynIJFcz4l+Lngn9j7xJ8MPh7/ZviYz/EvWJt
G0m4jhuNSRrpLaS5eS+vpnZjI8cLnfNI8spUkBtrlW0pxlB3vJKKfV3pqm7vu9Zf4/e73tVGqsas
Yq0U2100bne22ny91W6K35/eBL39ov4h/C740X+nz/tIad4+0HQfCzeHtN8WafqFraWRNpHFrf2Q
W5gt9SnCtOyp9qklMmxlkjlCyLt+H9N+Kvhn4b+FtM8TeI/2h/iX8LtZfXZIZ9A8I+K/DPiHTdT8
qz/suwuY728udZex8xb8+feT/Zy8kazMbcKa+1fjt+3x4T+APxDu9B1LRvFeq22gWtpf+Kda022t
303wda3cjxW0960kySlHaKTIt45mjVC8ixphj3vxu+PXh74AeD7fWNelvJRqF5Fp2m2VhaveX2rX
cpxFb28KAtJI2CeOFVWdiqKzB15e0UpNfH7v6aLXVNpwa1UtbyTaMcJBUeSmtXDXX06v5e8trdE7
M8w/4JR+G/EHgr/gm38EtB8V+Gtc8IeIvD/hDT9Kv9K1dIkvLaW3hWEl1jdwobZvAJDhWAZUbKj5
buIvin8N/wBrO502x0v9pbxBbaJ8dGv7cQahq11o7+F9R8PqHLT3k62VzZw6gruIPMc2zJtSNDIi
SfZPxe/bD039n/8AZpt/ib418IeOtBtpJLWG40MWMGoatp8lxOsMazC0mmt0AZ1LSeeY0B5YHitj
4t/tP+HPgv8AFv4beCtXt9ek1j4qajc6Xo0trpsktlHNBaS3Ti4uOI4iYon2qW3uQdqkK5XorVpV
sVOvbWbaaXdyjN2+5L/DJ7XuTQtGl7Pe0W/lyTjd+STbXmk+mvwToPxK+J/w18TeBbC7m/acvLHS
fG+lprWp23hbxHfw65by29894bm2mtrmW3WGaW2ZzbXElgxaNIfkheJOZ/ZW+K3xM8MX/hy88Qa7
+1pJq2p+HPiBaa3qnijwjr62Nns1Az6FdSQ3NpDp1vcfZVlZHCxA7hE5VfLRf1hrI8f+AtH+Kfgn
VfDfiLT7fVtD1y1ksr6znXMVzC6lWRvYg9ua5ptuE4reV/K14cmnZLdW2+RvGaVSM3srabp2lKV2
urvLr1S2PiD/AII4rrN54z8a6t4t174pR+INY0zTza+HPFWpeOLm1tY4kxdXtt/wkdraIWnndGeO
1hdbf5UEpSRRX0r+3b4W1vWv2c9S1fwvp91qvivwRd2vivR7O1jMlzfT2M6XDWsQHJe4hSW3wOvn
kd66X4H/ALNfhX9nrTpbbw8PEly0qiP7Vr/ibU/EV6kY5EKXOoXE8yRA8iJXCA8hc13laV5qTUoa
NWa00TTuml5Ozt3OfDw5Lqeqe/W6as0297rTW+m9z4W/Zm+G3jy0/aGvdG8S6D4v/wCEN8ZajB8a
prq/sWFvpV5KsyHQm2qALiCZLG4EYyxMchPPXyz9or/hZ3jXxRon7U2g6br0+n+CviNaS2Xgo/B/
xHF44udJRX0u4iDtKJDbyWtzdXiqdO2B5ADMCCR+nlFKM+WUXBWUbWXTRxsmuvuRjD0XyLaupKWv
Mmm+uqd9ejcpOd97uyPzm1DwVrX7QvxQ+L/xl+DXhzxz4f8Ai14T16C/0NPF3gzWfClr460aTRtP
t7nSJnv7SEyRyS2k2wqGa3nihlICP+843xFJ4i8NfGr4LJd6j+0v8KG8OfAu30PVNX8DfCe+8SCL
UJXspBYSu2i38eUWJ2bygjo0YUuhO0/qXRSUuXlUdlbT0hOD7bqbk1tza21ld1n7X4vLa2tpQkr3
vdrktfezt0jb86f2j9Z1b4xfFLw5458C+BvivefEz4P+GtL8T6DLrXgPVtMXXo45bhNR0v7VPEsK
3F3YXB/0d5fMWV4g6CSF1Tb/AGUNQuPgd/wUg+MGq+KPCvxGF74l8EeHn1bWrP4f63c6Xf6xHean
NdwQXcdo0VwII760iQo7fu4wAT5MgT77orSFZwuls+b1953duy2utrq6s27qesWl1UF8octvno9d
7Sad9LDKHUgjIPBB6GvkLwz4oh0z/grb8TFuPCfj0aFL8MdG0iHUv+EI1ZtFubi0utSuZ7eK8Ft9
mlZYbqDCpI29mMa7nVkH17RWGt9OzX3pr8Lmin7kqf8ANa/opRl+Likfjj8DNe+NHw9+EOl6L8MN
I/aL0zxhrnwx8TRy2Gv+D/ENtoul6susJPYCKO7ghs7a6Nkb/YVeIyt5KvIXaI191/8ABKfwz4t8
NfBjXP8AhJPHXjjxvZX+pi60seKfB+v+G73RUMSrLZhddvbvUp0EitJ5k0rIDKVjYooVPqOitlUt
HlS6W/8AJ3L8L2WzsrXtdGLjd3v1v/5Ko/pftq9D86v+CrGs+P4/2k9cs9B1f9pddBHwc1mbT7Tw
FomtvpkXiVbqBtMZbnTLUlrl9s25JJmQJGqsqpKwk4nUdC+Pf7Rf7Teq3WreMvi54Q0PV7K0fw5o
tv4F8UwW+t6PLpMS3NvcXkd9badpd19ra5ZjeWi30bInlSMrJHX6l0Vg4p0vZS7NffKUm+zfvKOt
04Lla1ut3Vd7rT/hoK3e3uuStZqUm077/k94I/ZS+KOhfsd/Bzwt4LP7QPh7VviF8MB4P1Jr3xX4
ngHgbX7YWtzHqTRG8RrOIbL6IKPKSTy7eBR5UgVvUY28aav8JfA/jPx3on7SWg+DfiRdT3XjLRNA
1XxLc+JfC00NnBb6dGlvZSvqFvatLDcSyi0Cl5JommUoXx+iFFdNau6k5ya+Jt+l5OTS+b0erVkl
orHPCmoqC/l69W+VRu/klta7u3q2z8g/izoXxn8U+Afjx4Y8f3P7S3i0x/BIJ4d0qHw9qz6de6xK
9/bRwmTT7VYry7NrNpzTxPLKvmzXBZSID5H2V/wTF8Q3XiXTNSvfFmkfF3RviNcWdsuqQa9b+I7X
w0bdIIfIbTLe/VbS2zG6CSKNFuFlWdZdxQtX1lRUwqcqatv+d5O/42fkrdra1pc8YR25fu+GEbW/
7c5vKTb9fkn/AIKafD2XxB8SPgl4jv8AS/iRe+DfC+r6qviC58Cx6nJrVhHd6XPbQvGul5vwDM6K
XtxlAdzFVBI+WfjDN+0b4dt/hQlzH8fR4q8IW+hahLc2D6zqNlqWnv4jaO5t7qHTlW1nv49LMJuT
fvcFl3GCAMJZq/Vyis6b5JRkuklL7r2T+b17rTzJ5V73mrfir/elb8T8ivAXxd+OmlWkGoeGpv2q
fEXxHv8AUPiBpdgPFvhHxDaaPJbFZX8Py3MMtlDp0DFltikzRptMkiOVQMiaHhr4T+N/FfxJ+NXi
/wAD+FP2prCG38AeGdf0LVPEeqazpuo61rOk3uo3V5ozfaLhL2WO4+0PD9nCNbfMxjCp9mLfrLRV
wqOCSjukkvK17fi+Z66tK/W+s580pNrSUm2vWUW16LlUV2i5LqrfmBN4O+LyeFvjPJfTftH+HY9P
03U/iH4OvdL1LxDqd9DJqlnHBYaKtvJLci5ntpIrh5LTynjt2liYJFw1c9+2BffEz44fDZ4r3wP+
0j4l1VrLwVf+C9M0nT9VsrC8gju7GTVxqcEvk263yzxykjUtrqgjeEqPOcfrBRUxajJNbLksvKF7
a92mot7tLXVtmeujk7tc3zcnFv5XTaW0XLTRWPyD0n4Pal4B8a+AdH8Q+Ev2mtPht/jP451/XdQ0
6w8UavLY6bcWeqw2b295bC4aASJdWg8y0dS7yMwdpElZP0H/AOCZ3jLxF43/AGEfhldeL4vG0Xiu
20SGy1j/AIS7S7zTtZe6hHlyPcR3cccrOxXPmFcSZ3AsDmvdaKpVHycjXSK/8BTS79GOo+apKp3c
n/4FJydvm/wR+df7ZPgH4tfDX4++MZ/Btr8bvEWhaPq+jfFi3ksPEevXNrdW0MjQar4btYobpUke
Xyo5o7Mq0WLiTEWFUDjvi34e+MXwt+PvwyGgf8NESSaDf+FNT1lpNR8TeINIvrbUNUl/tmBUiZrb
FvHMocXsl08cUUYgggRWmP6i0UqE/ZODtflkpW72srejUYprZpPROTFW/eKabtzR5fS/X1u5O+95
LpFHyp+w/qPjKz/aG+IGk68nxG1XTtsmpLrGvQatY2aSz3TNHZx296ZLctHbeSA+nTm3wj74beVm
Vvquiipv7sY9lb+vyXkl6g9Zyl3d/wAEvx3fm3aysj5T/wCCg37PmqfGD4t/DzUtU+Flz8cPhnYW
GqafrXhK2v7C3uLO+uGtWs9XiS+uLeB3gWG4jDiZZoftG+LLZrzDxF+xp448R/tETX138MJl8S2v
irSdd8PfFG3120mm0LQIEtBd+H2kknXUAzpFdQ+WkbW0xufOeRJC2Pvuiim+Rprp/wDJKWvfVaN3
fK3G/K7DqPnVn2t+DX5PVbXSlbmVz8hPgx+xH8RPhbo2grqn7I/j/wASy3eheOdB8Si+8SeFtVuN
WtdU1VbvSYLqS81pjdxwoCW81mKO7ld5didvwl+zj4p/Z0+ElhLcfA3xn8JNA079nrUvBWvXlr4r
0DTLCz113jdHgW01CYRTXM0crG6igLSPcwGXJVhH+sFVPEHh+w8WaJd6Zqtjaanpt/E0FzaXcKzQ
XEbDDI6MCrKRwQQQabqS5ZW1bTX3qov/AHLJ+tn01HaVSM5P4Zc3z5oT176wiv8ADdX1PyN+Bv8A
wTmj8Eappviay/ZusrT4w+G/HPh/xffWWneF/CvhySTREieymXThb61fxRB9jSyxz3sQncSOkeci
uh/Zf/4JqfEvwx+0Jplhr/wWXwp4W0Tw14x03QNSg8UWWq+HNDurvXzqmizjTTOhhltwGwYLV9rC
1bzAyYg/TH4PfAjwP+zz4T/sDwB4N8KeBtD81p/7O8P6Rb6ZaeY33n8qBFTce5xk11dU6lk4rZ83
lZyp+z0ttaOq1+JuXWyyUXdSvquX/wAlk5697tu6/ltHW13+UXwH/wCCZvxI+EnwQuvO8A/EbxFf
XmqaQ3xE8Fa7q/hGHRviLBamUXUliunJbpcPO8okeXV2imuUhjin3All+g/2R/2bvif8HP2Bvjl4
Sn+GPh/w9rGva54p1Hwd4Xg8Tkx3FrevLJa28s9sYhZ/eEYEM/yLgiSPgL9tUVNSbmpxl9tNP0fL
t/4CrXvbW25rCThKEl9lpr1jzJee0nfW7srvRH5SfCz/AIJ3fEn4dfCfxtpcHwc1q1sE8XW3i/wj
4dhj8KLp1tM+iWtq0UmnJdpbIsN4JZS8N1FcI0QmjuJpGbzPpL/gpD+y94t/aX/Zx+GfgxPhvpfi
2ITFNftYZrO8j8Pyf2XPFFcQwalMlrcrHcOgD3Edy0YxIkDyKrp9k0Uq7dWDhLS/Lt/dSivwS8+1
h05OEozjulJbL7Wrv/XX0t8FftC/s4fFPx3/AMEivgx4JuPAXjbxJ8TPDUnhFtc0fTfE9jY3aGxl
tzqBmuGv4be4RoYp0Cec4Z5Ym2grvTzzwn+x74yTUtW07xF+y1qevfBeDxX4juLX4b3WpeG3iK6i
1nLZ6pbwHUDaKIJILwGN5I5Yje+ZErNuA/TiitKtVzq1KzSvNyb7e9yXsvLkXLe7jdtO9ms4x5aV
OjHRQtbvopJXf/bz0Vk+qte/48eP/wDgnL8ZtJn8bQ3nwZ+IHxI8QnSfAKaD4lXxvpdyLfUdJuZJ
NQns5b/VIri1ItZBbrKscLyMJm2qJWZ/QB+zV8UvBnivVYdG/Zq+KVt4U0z42t400XTNB8WeHNMt
Rosukra3IjgTWYkWR7pZZ1RtpDTCUMkhfH6j0VMpuV2+v/yUJfnTivS66jkk1b+vglDT5Sduz1R+
RPwU/Ys+M3wu8A6fZ6d+zR4tt/EGofCjxP4V8R3mq+MdHddbvrnUUutPhurm31n7ZOFhS4RZPMUo
12F8yNWlkTr/ANnn9jT4vfAjxT4A0mz+DXiWLwhoPx1k8b28dpdeF9PtdA0W48PGzYLaWt7HFGI7
26mJhgSRtsUjbpnZXl/UeitaeJlCSktbK3/lT2v/AKVp/h031Fyrl5Vtr+NP2T/8l/HXyPjD9tL9
hLWf2m/2gdfs/Dsfj7wfo/xC0Cx0Lx5rsWq6Wvh/XtMhnkf7OlqwmvzfpG80SyILWIJc5aSfyxFW
t+3v+zzeftC+J/AWtah8Epfir4Y+Ges6ha3vhDU59JY+Ira704QpqFklzdLbMYncx7Lx4H2+eyrk
R+Z9c0Vz/YVN6pXf3v8ApLsm+upf2+f+trfjZX72XTQ+Hvjp+y18VPDX/BGYfCjQtG1fx18RVtLW
1trK01SyM1ig1FLhI/tF9NDFKtrAqxBmfMnlLwc8ec+JP2I/EXizwx4E1PWf2YrDUtc8IeOpvEHx
BhhPh2Ob4uRzafqti14oa88uSVmu45pLe/liREleON5AuK/Seir53zznu5O+uvZ9emmvfd3ai0oJ
QioR6Jr70199m7W26Wu7/jTJ+wX4j8OfGnxT8LLv4cX/AMQvEOv/AAva48P2Q8TxNYfC+W41/Uzp
c0H2y5C26afALWPzdPR5la3HlxOHLV9j/AL4FeP/ANnn9p3xR4of4d6z4mgvNJvbrVNZNxo39o+I
L4vbpBDZzi6gklV0gZ/L1KMC2EiRxXOzdGPqO3+AfgWz+ME/xDi8F+E4vH91ZjTpvEyaRbrrE1sM
Yga7CecYvlX5C235RxxXWU4VXFLv71+3vSk/wTWu7aV27KzrWnJvZe69NNVGKe1lq46JaJOySu7o
jFkUkFSRnBxke3FLRRWYgooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKK
KKACiiigAooooAKKKKAP/9k=

--=_mixed 0035B28665257EC4_=
Content-Type: image/jpeg; name="2_mapping_DTLS_record_encrypt.jpg"
Content-Disposition: attachment; filename="2_mapping_DTLS_record_encrypt.jpg"
Content-Transfer-Encoding: base64

/9j/4AAQSkZJRgABAQEAYABgAAD/2wBDAAIBAQIBAQICAgICAgICAwUDAwMDAwYEBAMFBwYHBwcG
BwcICQsJCAgKCAcHCg0KCgsMDAwMBwkODw0MDgsMDAz/2wBDAQICAgMDAwYDAwYMCAcIDAwMDAwM
DAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAz/wAARCAGQAiYDASIA
AhEBAxEB/8QAHwAAAQUBAQEBAQEAAAAAAAAAAAECAwQFBgcICQoL/8QAtRAAAgEDAwIEAwUFBAQA
AAF9AQIDAAQRBRIhMUEGE1FhByJxFDKBkaEII0KxwRVS0fAkM2JyggkKFhcYGRolJicoKSo0NTY3
ODk6Q0RFRkdISUpTVFVWV1hZWmNkZWZnaGlqc3R1dnd4eXqDhIWGh4iJipKTlJWWl5iZmqKjpKWm
p6ipqrKztLW2t7i5usLDxMXGx8jJytLT1NXW19jZ2uHi4+Tl5ufo6erx8vP09fb3+Pn6/8QAHwEA
AwEBAQEBAQEBAQAAAAAAAAECAwQFBgcICQoL/8QAtREAAgECBAQDBAcFBAQAAQJ3AAECAxEEBSEx
BhJBUQdhcRMiMoEIFEKRobHBCSMzUvAVYnLRChYkNOEl8RcYGRomJygpKjU2Nzg5OkNERUZHSElK
U1RVVldYWVpjZGVmZ2hpanN0dXZ3eHl6goOEhYaHiImKkpOUlZaXmJmaoqOkpaanqKmqsrO0tba3
uLm6wsPExcbHyMnK0tPU1dbX2Nna4uPk5ebn6Onq8vP09fb3+Pn6/9oADAMBAAIRAxEAPwD9/KKK
/KGH9l3xV/wUS/4LOftleFtW/aQ/ag+Gfhn4T/8ACE/2DpHw9+IE2i2EX9o6F5tzugaOWMZktw48
sJlpJC24tkAH6vUV8Af8OC/+r1P2/wD/AMO9/wDclH/Dgv8A6vU/b/8A/Dvf/clAH3/RXwB/w4L/
AOr1P2//APw73/3JR/w4L/6vU/b/AP8Aw73/ANyUAff9FfAH/Dgv/q9T9v8A/wDDvf8A3JR/w4L/
AOr1P2//APw73/3JQB9/0V8Af8OC/wDq9T9v/wD8O9/9yUf8OC/+r1P2/wD/AMO9/wDclAH3/RXw
B/w4L/6vU/b/AP8Aw73/ANyV5F4k/wCCbnhjR/izrfgzTf2vv+CmPirV/CctvF4jbQviJLexeH2u
IVnhE2LQM5eJ1cLAsrAMCwFAH6uUV+X2pf8ABMD4W6N411zw3ef8FGv2yLXxB4Ys5NQ1fTpvjzbJ
c6ZbxrvklmQ2+6NEUhmLAbQQTgEVkTf8E/vgpb/D6x8WSf8ABSz9r+Pw1qV8+mWupv8AHu2W1uLp
AGeFXNtguqkEgcgEE8EUAfqxRX5SXn/BPf4T+HtEfUfEP/BQ79tfwraHXb/w7bvrHx2tLYXt3Zzm
CdYj5JDBXHIOGXI3Kp4rpZv+CUHw8tvi5B4Ak/4KGftqp44ujiLQD8coRqMn7kT8QfZt5/ckSdOV
56UAfptRX5lfGH/gk98Pv2ezpo8d/wDBQr9tfwedZZ1sBrHxxhszeFCgfy/Mthu2mSPOOm9c9aP+
HTvw/wD+FvT/AA//AOHhP7bP/CcW1v8Aa5dB/wCF4Rf2gkXliXeYfsu/HlkP0+6c9OaAP01or8nL
b9hz4D3llY3UX/BTb9reW21O4W0tJl+P1sY7iZkSRUVvs+CxSSNsDs6+tXPH3/BPr4K/Cvxxf+GP
E3/BSz9r7QPEWlgm703UPj5bW91bfuxLh42twyny2VwCMlSD0oA/Veivy61X/gmT8KtD0vwjfXv/
AAUa/bLtbPx8VHhueX47wJHrmSoH2Ym2xLy6D5c8so6kVyfw4/Yx+CPxO8CeLPEtl/wUa/bYs9G8
D6tLout3N/8AG+G3SwuFuJLdd5NtgLK8T+WT98DIFAH640V+WU3/AATg+EFvr2n6XJ/wUj/bDXUd
W0+PVrO3Px6tg91ZyRSypcoPs/zQtHDK4cfLtjY54NdD8JP+CQ3gj49+EbjX/BP/AAUB/be8WaJa
zvbT3+lfG6K6t4ZUVWZGdLUhWCsrEHnDA9CKAP0sor8wvh3/AMEtPhn8XbOa58K/8FFP2zvEkFvq
CaVLJpnx1gulju3zsgJS2OHbB2jq2OM1iz/8E7vhVb/HLSPh03/BQr9uH/hK9dW6WxtR8a4j9pmt
rn7LNbL/AKNkzpMHUxgZBjfPQ0AfqvRX5neP/wDgkr4B+FPjTRPDnif/AIKE/treH/EHiVwmladq
PxyhtrrUWLbQIo3tgz5YhRgcsQOvFcH+zd+wD4M/ajv/AImyeG/20/8AgoMdB+F+pS6Ve6zL8arN
7e9mhMq3BjjjiaeNI2hYbp44g4IZN6/NQB+ttFfjD4X+CHwD8Ux+C75f+CiH7cWn+HfHGhXet2mt
6h8cLa1sbVraSxR7Kdmg+S6/0+JvLAOAkhJGBn2q+/4JOfD3TPipp/ga5/4KGftpweM9WhFxZaG/
x0gXULqMqWDJCbbewKgkYHIBIyAaAP00or8zPGn/AASZ8AfDj4i6L4Q8Qf8ABQn9tfRfFXiLb/Ze
kXvxxhgvb/cxRTHE1sHYMwKjA5IIGTxVSz/4Jb/DLUNc8W6ZD/wUU/bPl1DwFDJceI7dfjrAZNDj
jz5j3I+zfulQghi2ApGDg0Afp9RX5eeEP+CYvwt+IHhy+1jQ/wDgov8Atn6vpemaW+t3d3afHSGW
G1sUeSN7l2W2wsSvDKpY4AMbDsaNS/4Ji/CzR9Q1mzu/+CjP7ZdtdeHbN9Q1WGX4726Pp1upjDSz
A22Y0zLGMtgEuvrQB+odFfmv4V/4I+eDPHPwvbxvo3/BQD9t3VPByQS3T63bfG+KXT0ii3ea7TC2
2KqbW3En5dpzjBrj7n/gn98FLP4cW3jCX/gpZ+18nha7vW02DVT8fLYWkt0q7mhWT7PguFwxUcgE
Hoc0AfqxRX5eax/wTH+Ffh7xtH4bv/8Ago3+2RZ6/Npx1dLCb4826XBsxC0xuNpt8+WIkaTd02KW
6DNP8C/8Es/h98VNN0zUPCv/AAUC/bf8UaVqt3PZR3+l/HCC5to5YIGnkVnW34KouSBkgEEgDmgD
9QKK/KiH/gn58FLj4eSeLY/+Cln7XsnhiK/Olvqq/H22Not2IjKbcyC32iTy1Lhc5KjIGK7jwt/w
Ri8L+OPhzb+MNH/b2/bk1TwpdWzXsWs2vxsjlsJIFzulEwtdmxdrZOcDBz0NAH6P0V+Uc/7BPwOt
vAdv4pk/4KZftcL4dur19Oh1E/H+1FvLcoqu8If7PgyKrKxXqFZSeCDVSb9h34I2Ov8AjHTL7/gp
F+2bpl54CuUttaS8+OcEP2MusBVzm2+4WuI48nHz5XqKAP1nor8pPGn/AAT1+FPw71jwhFrf/BQ3
9tfTdL8d6bLqehavcfHS3jsNSRJLeMLFIbcCRm+0oRtyMA5I4zqXP/BLPwnpHi/WNI1b9uD9vzRP
7DuLyG5vNQ+M8FvaolraWd1NMWaAERrHexZbGAQ27aMEgH6j0V+SupfsQfBXS7LRNTl/4KPftl/8
I1r0d8bfX/8AhfNqNM860e1SS3Mpt8ecftSMFGTtVicDGdv4h/8ABOX4O/CPxadA8U/8FJv2wfDu
tqiymx1H4+W1tOqNGJVYo9uCAyEMCeCDxmgD9T6K/LXVf+CbPwk0LwF4e8U3v/BR/wDbItPDfiyZ
rbRtTm+PFulrqkisVZIZDbbXKsCDg/KRg4pviP8A4Jt/CXwj8Qr7wjqX/BRz9sqz8V6asrXOjS/H
aBL+HyrYXTgwm23gi3Ilxj7h3dOaAP1Mor8uv2df+CXngH9qn4GWXxG8Fft7ft4ar4Vu7f7RJdL8
ZE/0IiJZXjnxakRyIrAupPy96xfCH7CHwL8f+IdO0jQ/+Cmn7W+r6rq94LCytLP4/wBrNPdztjbH
Gi25LM25cY6kgDJoA/V+ivzAsf8Agl38MNS8f6/4Vg/4KLftmy+JfC1vLdaxpg+O0H2rTIYsebJM
n2bMapuXcWwFyM4rgX/ZL+BS+KtMsh/wUh/bJbSdVsrm6h13/hflmNM82Ca2ia1Mpg/1/wDpUb7M
fcyxwMZAP19or8y2/wCCTnw/T4vwfD5v+ChH7bI8cXVuLuHQT8cIv7QliKGQOsP2XcRsBbIH3QT0
5rF0T/gmx8L/ABj4c1zU/DX/AAUM/bX8WQeG3tY9SXR/jpbXTWZuZBHD5mIAqbmJxuIztYDJGKAP
1Oor8rdU/wCCd/wZ0TVPEFle/wDBSr9r21u/CkiRazFL8fbVG0p3mSBVnzb/ALsmaRI/mxh2C9Ti
rHw1/wCCbPwj+Mvimx0Pwl/wUi/bD8Ta1qdu93a2GmfHu2urmeJM73WNLcsQuDnjjB9DQB+pVFfA
H/Dgv/q9T9v/AP8ADvf/AHJR/wAOC/8Aq9T9v/8A8O9/9yUAff8ARXwB/wAOC/8Aq9T9v/8A8O9/
9yUf8OC/+r1P2/8A/wAO9/8AclAH3/RXwB/w4L/6vU/b/wD/AA73/wByUf8ADgv/AKvU/b//APDv
f/clAH3/AEV8Af8ADgv/AKvU/b//APDvf/clH/Dgv/q9T9v/AP8ADvf/AHJQB9/0V8Af8OC/+r1P
2/8A/wAO9/8AclH/AA4L/wCr1P2//wDw73/3JQB9/wBFflDN+y74q/4J2/8ABZz9jXwtpP7SH7UH
xM8M/Fj/AITb+3tI+IXxAm1qwl/s7QvNttsCxxRnElwXPmB8NHGV2lcn9XqACiiigAr4A/4J4f8A
Kdf/AIKK/wDdNf8A1Hrivv8Ar4A/4J4f8p1/+Civ/dNf/UeuKAPv+iiigAooooAKKKKACiiigAr5
U/aq/YX8T/Hbx74q1fw9/wAK/wDB/iHXrSGx0zx9psd9YeK9BiWNVO57d0F4VbzDGryRooZQyOAQ
31XRQB8T6X/wSql07VvEEGr2/hnx1p154g1/xFp11rGua3bTwNqv2gyQNbRTm3WQC4aM3UYDFAuI
g6hq6Hxv+xD8RfFngy5Nvrej2PiwyahHomrSeIdVubzwhDc2tpFtiumAkv4/NtjM8FyoRiyJuCxg
n63ooA+L/B//AATh8dfDDUtb1LS/EHgjxBqPiN/F9tdjWdOlVIYNc1IXqzRlM4eMfLLDtCTDaN6B
Aa9S8I/sUv4K0ixs7fVobx9O8U6Hra311GXu7iDTtJstP2yP1aV/ssjbs4xKfU179RQB4L+1j8Kf
FvxU+I2k2Hhqw0KS31XwV4j0G+1HV1lMGmi8l0xAyhEYSOVSRhExQSCNhvXBNYdn+xf4qtfjjpes
zeI4tQ0HQ9Ra8snu9U1CS5SA6HJpotvsu8WilZHMpn2l3DMCAcsfpaigD4/1n/gnj4wg/ZJ+Gfwv
0zxHpTW/hD4dN4J1Efb9Q020luzbWsI1BY7VlNwAYZcwTEKwmyTkEN6drP7IT6z4nj1KS50p2j+I
1r45+e23Pth02OzEecf63MeQ3ZcCvcqKAPkrxN/wTp1C5+KF3r8V5Y63p+uWV5pV/pNzrmqaRa20
EusXuoI6CzcCfK3pSSGVQrGJCHXkHP8AEP8AwTl8WX4sEj8R6dNB4S+JWreP9Ehh1HUNJOpR6ml8
s1ndS2zCSB4Tes0c8TPu2ANGAzA/YtFAHyp8Pv8AgnVH4Un+LLXen+D7zTPiX4I0rwmNCuHvby0i
FtJqr3Ec08jfaJYZjqKjO4N8jHA+UDqPBH7JHirUP2b/AIseA/F3i+fy/iPHfWenGzu57+XwvaXG
nR2nlJd3GJ7llkWSYPJgjzAg4UE/QdFAHxj4Z/4J1+PtF8Z2fjR9d8B2/ibw7pXhnRNM0zTbCez0
i9g0eeWRpbgglkkmWZ0jCq4t1AUGUZrq/wBmP9jbx78AfipbeJ7zWPCWrPq1/wCJJ9ct4VuLcQJq
mrrqUbWzENuaLDRsrhQ24MGXG0/UdFAHyh+2R/wT48Q/tJeM/iDLpXiDw7p2j/FbwtpfhXV5r/T5
JtS0KOxvLm4FzYurAGR1uWAVtgjljjlDMV2H2b9nL4F3PwU+GGs+H72/hvn1XxDrmsiaFSAkeoaj
c3aIc9WRZwpPQlT2r0migD5M+Dv/AAT88R+FrX4f2/iXU/C2oJ8PvhjrHw2ga3glcX6XT6aIbtlk
H7s+XZSLJGC4/eDDEZFYvwx/4Jd3vw7+Ls+r6hfaX4v0rUPEei+Kw19rGr2k+j3un21pABHbwz/Z
rlQbUPEZVTy97KwlXivs2igDwH48fss+JPiD8e9N8X+FL/SfCl7nSodR1yO7uzfXNlZ3jXD2Ullz
aXCSLJKiySYeEzu65IUV5s//AATQ1ebwTq2gvqtnLNZ3Ml5omtX2u6rqMl1nWrfVVt7qxmkNvHHI
1tFHO0JJlwXATJSvseigD5H/AGhP2Lvih8a9Y8b63aaj8PtG1T4kfDu5+H2qWzfa57fTkaa5khu4
pAiNM+LqRWRkjGdhDfKVa98SP+Cc9142+CWq+H7fW7Kx1i48d6d44jnhE9tHfNZfZtltcSQOkwDC
AgSI26M+W6glAp+qqo+JtX/sHw/eXuV/0WJpPm+7wM81STbSXUUpJK7PGfA/7JFtoX7M/jvwTd+H
fDOfHk19c6jp8ur6nqdlfyXUSxyfaLm4f7S5kC/MybMZyFzknze1/YT+IcOr6frl54lttXm0261B
LLQn8U6zZR6ZZXUGnp5K6rAwu7hlksWfM6MNtyyDAjRq+vKKkZ8geLv+CdmuanfRafokfg3QvCl3
Ypaa/pa3+qT2vimBdGOmrZXNu7lVAxDi7R/P8uBFIJyxm1//AIJ3+Lvin8HfEvhPxP45azs/ED6p
DZRWtxcajL4ctLvRW04QxXk+2e5Kys8+6YggP5YO1VNfXNFAHzFov7FfinxF8YvCnjXxRd+CrS78
O65p18+naNZy/ZpILLS9Ss43DOATO0uob+VASOCNAWK7i+9/4J+XGt/8E/vHnwRm8RwabL4w1PxD
fwajZW7+VZrqOtXepxRtGHRmRVuEikVWXeA4BAOa+mqKAPj3Vv8Agnvrlyw1yw0Xwjpnjc/a0TXE
8Z+IZr+yae2t7fz0uZGZ5FK28Ya2dfLYRRAtwTXa+LP2ZviPcxalZWeuaNf2V7rVhr0851O90W71
Z4dMt7Ga2le0XdAjPALgPE5yQsZj2lmP0bRQB8feHf2AfHHgz4I6R4Ss9U8HahcP4c8UeGdSu75r
txaw6zqQuxLBuDvN5UY2GOV1LkKTIMEnofi3/wAE/pviV4k1i4u5fD+vaPqg1VJdK1cXAivIrux0
m1EcskRDqQdOdi6HIMiEZIIr6gooA+bfhl+xr4psLzUL3xZ4h0/VzPZa5ZaZYyyTal/YUN/DpsSQ
reXA8+5CmyndpJQHxciMfKgzseC/2NX0D4ZS6Hf3OkX93car4X1Ca4a13CVdIj0tWVtwySzWEhTP
3fNHvXvVFAHy38V/2DtX8X6tDeQXen6rBJJ4lgu9Ln13VNFt5rbV72G5O6SxcM5QRFHidSsgkJ3I
VGdvQP2H59J8RePL+TUNLZvFvxF0zxpbssDtLaW9ppem2JgLNklz9jmIbONs2D1bP0TRQB498C/2
fte+HH7Gll8LNWvdJnu9E8PN4YstQtPM8u5gS28iGeRGAMbkcsilwD0Y1QX9kRrfTlign0mGZNH8
J6UsiW20gaNfyXbYIGdrBwEH8JGa9wooA+Kvin/wSz1P4sfDjxh4OvdVso7fV7jVrzSdfudc1fUJ
LaS9u5LoRyaXJKLTyz5nlTbGxNHv+VC52938Rv2NfE/x31LxHqvipPAen6jrHgDXfBNtDp0EtxFb
nUFtVWdnkRWYDyHDAKPlKLztJP01RQB8vaL+xR4xsPi54J1S78QWN7pHhC/0+/Rn1TUQ6R2+i/2c
9rHZBha/NMXn89gXxKybeA9XdQ/YTvZPhnpOgWmqaTaNp3g3RPDLvHbMqSSWF7FcvKAP4W2OAOoL
k9zX0pRQB8Zat/wTW8Ua340t47fWPDHh3wDaa1bazL4XtWu7+x1K6TxDaavLdhLkkWbsIbhDDCWj
d7ouxG0Cu08D/sCz+CvG2k6zBf6JFJY/FrWfiNO0FoY5J4L6zvrcW5YDmRTdqSx4IUjvX0zRQAUU
UUAFFFFABRRRQAUUUUAFFFFAHwB/wUP/AOU6/wDwTq/7qV/6j1vX3/XwB/wUP/5Tr/8ABOr/ALqV
/wCo9b19/wBABRRRQAV+ev7B4mb/AILd/wDBSEW+/wC0NB8OBHsOG3f8I7cYx75r9Cq+AP8Agnh/
ynX/AOCiv/dNf/UeuKadncT1Vj7v/wCEZt/+euof+B8//wAXR/wjNv8A89dQ/wDA+f8A+LrjrD4b
aN428a+LrnVbWS8mg1OKGMtcSqI0FjaNtADAAbmY8DqxPetH/hQnhP8A6BX/AJNTf/F1XtJd2Lkj
2Og/4Rm3/wCeuof+B8//AMXR/wAIzb/89dQ/8D5//i68V0/xD4C1r9oPUvh7YeCfE1/PomxNU1mG
VDpmmzPbrcLDLm5FwGMbxkOITHmRRvyGAy5f2g/2Y4tHudQPxE+HzWVnqC6XNMviZWVLlldli4l5
JWORhjghGI4UkHtJd2HJHse/f8Izb/8APXUP/A+f/wCLo/4Rm3/566h/4Hz/APxdeOweMfghqfjT
VPDWmaxoGs+JNDuba11HS7LWhJd2LT3MVspkQyjAWSaMMOoLAYLFVONe/Hz9mbTdO1m7uPiF8P4r
bw9qEelanI3iZQtjdyGRY4JP3vyu7QzKoP3micDJUgHtJd2HJHse9/8ACM2//PXUP/A+f/4uj/hG
bf8A566h/wCB8/8A8XXjPxL8S/C/wD+zyfibpukXfjjw1NHaTWTeGr0XkmppczRwxPAzzpE6lpVO
TIBtyeelcxpnxx+F7+PJNH1fwN428N6cdbTw1b+INRizpF3qjSLEtoJIbiR43MreWGmSONnG0OSy
hj2ku7Dkj2Po3/hGbf8A566h/wCB8/8A8XR/wjNv/wA9dQ/8D5//AIuvE/jZ4n+HXwH1S9Os+HNS
bRdB0C68S+INXhnle30OzhBCGRQ/mSPMyShFjVjiGQnaAM82Pj38JdC+H2j+KfGHhvWfh1oms6v/
AGTBdeJr2K2iYm0nuo5lkiupYnjdYGQBXL7iAVFHtJd2HJHsfSH/AAjNv/z11D/wPn/+Lo/4Rm3/
AOeuof8AgfP/APF14xrPxE+AHh3xJY6Pf+K/CVnqep6Sdds7ebXCj3dgIXnNzHmT54/Jjkk3Ln5E
ZugJqloHxr/Zu8VaroVjpvjzwHf3fiiYwaRFB4kV21JwwXEOJfnyzBQRkFiAMnij2ku7Dkj2PdP+
EZt/+euof+B8/wD8XR/wjNv/AM9dQ/8AA+f/AOLrxz4S+Kvg58dviB4l8PeELrTPEc/hKKBtSn0/
VHuIbeWWW4j8klZDh1Ns5PbkYzzjk/gH+0l+z9+0D9us9P1jQdP8Q6brN5ol1od3rgGoW80Gpzaa
paNZSQJZohs7nzowcMwFHtJd2HJHsfR//CM2/wDz11D/AMD5/wD4uj/hGbf/AJ66h/4Hz/8AxdeZ
66vwe8MfDi+8YalqmhWHhbTZpbe51a41Z47SGWOYwPGZDJt3CZTHtByXG0ZPFYnh/wCI37P/AIr8
UaPommeLfCGoavr9h/amnWdvrxkmvLXa7+aiiTJXbFI30jY/wnB7SXdhyR7Hs/8AwjNv/wA9dQ/8
D5//AIuj/hGbf/nrqH/gfP8A/F14x8PviL8APiv4fudW8NeLPCWu6ZaRRTy3dlrhmhRJZPLibcsm
CHk+QY6tx14qva/Fz9nS/wDCniLXYPG/ge40bwjcxWms3sXiIPBpsssvkxJKwlwpeX92ufvPlRkg
ij2ku7Dkj2Pb/wDhGbf/AJ66h/4Hz/8AxdH/AAjNv/z11D/wPn/+LrxL42/Eb4H/AAB+Fdp4u8Q6
no1ppur2T3ujB9WaN9bAh85Ut90g3llK47fOuSMitXxJrvwS8G2F5davrvhzTLfT57u1upLnWGiS
3ltbY3VzG5MmFaKBWlcH7qAk8Ue0l3Yckex6x/wjNv8A89dQ/wDA+f8A+Lo/4Rm3/wCeuof+B8//
AMXXzpJ+0t+zdZPez33ivwrp2j2zW0dvq9z4iiWx1OSdLl1it3E5Z3C2c5wVG7Ydm8A46x/GPwIT
xf4b8PnxL4WOt+MLOHUNEshrbGfVbebPkywqJMukm1tpHDbWxnBo9pLuw5I9j1//AIRm3/566h/4
Hz//ABdH/CM2/wDz11D/AMD5/wD4uvlv9oX9sL9nP9m/xH4t0DXNTsT4n8Dx6Tc6zpRv5LeSzttQ
uo7eO4MkrrHsQSeZId3yIATjcue2sviz+ztqMHheW38a+CZ08a3D2mhFPEIb+1ZklELxxYl+ZllZ
YyOzsFPJAo9pLuw5I9j27/hGbf8A566h/wCB8/8A8XR/wjNv/wA9dQ/8D5//AIuvGP2ltf8Ah7+y
z4NXxHr/AIP8Uah4ftg82q6hpSSXMOh2yAF7q4BmVzGufuxLJIecIQDiHWPH/wAG9Nt7wQQ3t9fW
trc3aWcNvfiaeO3do5ZF3ADy1kUoZSfLBxluaPaS7sOSPY9t/wCEZt/+euof+B8//wAXR/wjNv8A
89dQ/wDA+f8A+Lrn/wDhQnhP/oFf+TU3/wAXWD8U/gt4b0b4Y+I7y10+S3urTS7maGVLuZXjdYmK
sDv4IIBo9pLuw5I9jvv+EZt/+euof+B8/wD8XR/wjNv/AM9dQ/8AA+f/AOLrQoo9pLuw5I9jP/4R
m3/566h/4Hz/APxdRX3guw1O0kt7kXlxBKMPHJezMjj0IL4IrVoo9rNapsTpwejSM/8A4Rm3/wCe
uof+B8//AMXR/wAIzb/89dQ/8D5//i60KKPaS7sfJHsZ/wDwjNv/AM9dQ/8AA+f/AOLo/wCEZt/+
euof+B8//wAXWhRR7SXdhyR7Gf8A8Izb/wDPXUP/AAPn/wDi6P8AhGbf/nrqH/gfP/8AF1oUUe0l
3Yckexn/APCM2/8Az11D/wAD5/8A4uj/AIRm3/566h/4Hz//ABdaFFHtJd2HJHsZ/wDwjNv/AM9d
Q/8AA+f/AOLo/wCEZt/+euof+B8//wAXWhRR7SXdhyR7Gf8A8Izb/wDPXUP/AAPn/wDi6P8AhGbf
/nrqH/gfP/8AF1yXgX4c+H/E2lX17qWhaNqF5Lq+pK89zZRTSuFvp1UFmUkgKAB6AAdq2f8AhTfh
D/oVfDf/AILIP/iaPaS7sOSPY1P+EZt/+euof+B8/wD8XR/wjNv/AM9dQ/8AA+f/AOLrL/4U34Q/
6FXw3/4LIP8A4mvDNZ+PvgS1/a6b4S6f8K9O1S506KCbWdU8zRrNNLSaNpEkFpcTR3dxDtAzNBC8
YO9dxaORVPaS7sOSPY+h/wDhGbf/AJ66h/4Hz/8AxdH/AAjNv/z11D/wPn/+Lrw+y/aK/Z41VFFj
N4T1OeVohBa2OgPd3V2kqSyRTQwRwtJNA6QzMs0atEwichiFNaOmfFL4MeKbu6ttA03wtr1zYahb
6bcC30uJIY5JLyG0dRM6LE7xSTIJI0YurYUqGIUntJd2HJHsev8A/CM2/wDz11D/AMD5/wD4uj/h
Gbf/AJ66h/4Hz/8AxdeHw/tG/s5XK3Zi1DwJM9nJBGY49KV5bnz5mgheBBFuuI5JUaNJIg6O6lQS
eK6fVtR+G6fC/SfF+k+HPCusaLrN7p9rBcJYwxJsu7yG18wlkyPLMpZlYA5Qqdpzg9pLuw5I9j0n
/hGbf/nrqH/gfP8A/F0f8Izb/wDPXUP/AAPn/wDi68esPjL8AtU1nSLC2m8EXE+uiI2LR6WjQzrN
M8Fu3miPy1WeWN0hZmAmYYjLnFdh4e0j4Z+LbXztL0fwrqEZ0231cGDS4nLWlwJDDKAE5DiKTA6n
aeKPaS7sOSPY7H/hGbf/AJ66h/4Hz/8AxdH/AAjNv/z11D/wPn/+LrwX4W/tNfs//Fb4T2fjK2s9
C0jSrrRR4haPWPDwsbi3sTIsfnujx8pvZV3KWUk8E1LrXx8+CraFrs/h/SfC3iO/0E3CyWsWlCBJ
mt7xLO6SOZofLdoZnCSBCxQlQcbhR7SXdhyR7Huv/CM2/wDz11D/AMD5/wD4uj/hGbf/AJ66h/4H
z/8AxdeafDzxd8Fvix4wv9A8Ox+CtW1bTUlklgg06L94kU3kSvExQLMkcwMTtGWCSfIxDcVyfjf4
v/D/AMC+JPiSl14B8PNoHwus7GXV9T+z2yZuboBxAiGPbiOBo5JHaRSolQbSDuB7SXdhyR7Hu/8A
wjNv/wA9dQ/8D5//AIuj/hGbf/nrqH/gfP8A/F1wXwksfAvxl8OS63pfgrSY9Dmmxpl7c6PDCurw
eWjC6iRkDiJmZlVmA3hN65RkZmeHr74TeLPiPq3hLTdL8MX2vaHlb+CHRlaO1cLGxiaYR+UJQssb
GPdvCupKgHNHtJd2HJHsegf8Izb/APPXUP8AwPn/APi6P+EZt/8AnrqH/gfP/wDF1418ffid8Lv2
c/G3g3RNe8G6ZJL42a8jsZLXR4JiZbeNGWERhd8ksrSJHGiAlnYCu78C/Dzw74o8FaXqmp/DzR/D
t9f2qXFxpl5Y2klxp7MoJikaLdGXXODsZlyDgkc0e0l3Yckex1X/AAjNv/z11D/wPn/+Lo/4Rm3/
AOeuof8AgfP/APF1wnwrPwu+Nehyal4a0PQNQsUKgTPoP2ZZVZA6SR+bEpkjZSCsiZRh0Jwa6f8A
4U34Q/6FXw3/AOCyD/4mj2ku7Dkj2NT/AIRm3/566h/4Hz//ABdZ3i/w/LbeFtRl0yTUm1GG3eS2
UXszlpFUlVwzYOSAMHjmmf8ACm/CH/Qq+G//AAWQf/E15/8AtZfDLw34f/ZX+Jl/YeHtDsr6x8Ka
pcW9xb2EUUtvIlnKyujKoKsrAEEHIIBqo1pJp3uTKnFpqx8yf8FD/wDlOv8A8E6v+6lf+o9b19/1
8Af8FD/+U6//AATq/wC6lf8AqPW9ff8AWRoFFFFABXwB/wAE8P8AlOv/AMFFf+6a/wDqPXFff9fA
H/BPD/lOv/wUV/7pr/6j1xQB9t+Bv+Rn8Zf9hiP/ANN9nXSVzfgb/kZ/GX/YYj/9N9nXSUAfPvxD
/YSi+J37VVv8RdS1bQILa0hkiiWw8NR2niBg9nJatBJqyShpbXbLI4heEkOVIcBQK8A+G/8AwQmt
/g1oAt/C/wAUdZsdXsp7CLS9duX1m61OwsLO3u4Iod51YJ5oS8l4jSO0J62bDAX9AaKAPnDwd+wH
e+Fvi94w19viDqb+HvE+qW2rxeHILMxWVtcpqNvfTXDbpnUTyvBtLWyW6ESM8kcsnz1z3w+/4Jcw
eD/Engy9vfGr6rb/AA7vNLj8PwDRIYGi0zTvtZt7a4kDk3E+67Ja4+UZQERKWdm+sKKAPBbz9i28
0z9iaL4Q+HvFkGlXVpNHNaazc6P9qjh2akL4KbVZo9w48vAkGBz7VQt/2INd17xbcReKfH8GreBT
4pi8ZwaDYaALC4bUY7mO6QT3bTymSBbhBII444mOFVnZQwf6JooA8u+Ifw48Ra98VNZOnrZxaL4w
8KjRrrUJIobptLubeWd4C9tL8s8MiXk4ZecGNQRhyy8D+yx/wTysP2bLqO9TWtOkupPEI8Qz6dom
hro2gW8q6ddWAWzsBLKLXclwHkIkbe8YOFBwOF/ad+B3xf1/9uKx8TaZpniXxN4BXTIUii0jxINL
jtFSK5F1ZTQvexJI1yXULN5EhBdAXh8pZBykH7N3xk0L4N2umeJ/Cnjn4h3un+ILa81G3074kmwu
tfsDpckNvDHdme3ZPsMxjSVGMa3TobrLO7RAA1fGf/BLjT/2k9U8ParafGXW73QfBuiS+EbGwtvP
extJ4NOvNGusQR3SWrEPK7sJIHmSSN1E2wqidD8af+CQ/hv4xfGvwH4zl8Uaza/8InpWjaNfaYLm
/hsdTh0q4a5tHWG1vIIllEzsxM6XKcLhFILHzfSP2Ivi58JPDut33h3TfEOp3fimHxi+t6JP44uZ
bWd7rXoLnTRbg3cKxTfZGvWWSNoP3khErrvNc2v7CP7QHir4Y+VeXXjfQdT0Hwj4pk8N2tn8QrpH
s9auLzTZ9JWZxeP5xjVLwYmkmhjyybipUkA+y/2YP2ata+AV1eDVvF1r4ms4NKsNA0aGDRRpzafY
WbXBhWZhNJ585E5DyARqxQERrk14V4h/4JY3+kfD3xew8Tt4t1a0tNel8EWVtYRaM+lXmpa0muLJ
Ncs8pmeK/gtijlURUiOY3LV5B4N8G/GLxt8ffjB4a0K915vFSeHPFcVx4g/4TmbU9L1C6uNVtn02
CO3SYLpUsdoJrdBiKSMrIw3BN7fYn/BPnwH4w+HP7O8OneNrDXNI1Q6jczQ6fq2rLqlzYwMw2xmY
XN1lS29lBuJCocDKjCKAcH8Sn+D3xT/Ztg+CFl8ZPhna+IdJjtYY2fW7e4u7a+sJUnacwwXUFwsy
SwNKWjlikRlLblIrkfg1/wAE4dA8b/FPwl8VtK+Neo/EqzsrJYbu9GqXV3bavew2ktkLpBaXyWG4
K+G862nkJQ5lDEsPWvGHwQ1bw1+0h8QvH+ieCNF8QfaPh9bWGkWcj29v/a2qQ3GozNbMzf6sSCeF
TIw24c5Jwau/sXeHvGNr8IvE1z4o8IT/AA68YeINXuL6a3uDYXFv5pt4Io5oorKeWNYVSKNNjSmR
jEzMcvmgDI07/gnfo8Hw2+CXha58QX0um/CDRrDRrlILZbceJY7JLVrcy4YmIJdWcFxtUnkMpJDH
PC/shf8ABIDw9+yIdVj0/wAW6zrsdxNokdhNqU9/d3NrZaXqAvobaQ3F5NCTv3AG3it0XcSIya+j
IPC3jW3trI3/AIi0TXYreynjv7L+xjaLq0rb/LxJ50nkIAUUjbJnBPGcDnv2Yfgv4p+E0Gpy65rp
NhqpSa28NQ3c+pWfh6TnekF7c4uJUbj5WVI0xhI0HBAPOv2mPEfgb9ofxJJpPhn49fDTwz4h0rR9
Z0LXbWW4stWuU06dYmvh5X2qJreWL7IrGVtyoFffGeCvnPxG/Yp8H/tIeNrqPSvjfo1x4d+JMviD
XdD0uys7a+NzPeaO2lX8sN0k2J4ohKkgRVBUlwzMCpj9Pb9n3XPBf7Sfx78d2XgfTdetvFXhjQrX
Q7WO4tLabVLm2Gp/aolaQFYnP2iHDSgIzEZOAxHlv7LHwV8R/AzwB4K8LeLvDU1v4x8V/FK58UaV
5s1vqOr6VZJbiS5vNUurREtTO8aTWxaBUiCXdtCN7As4B7ne/sRWN7+1RZfE8644ksbuwu49M+wq
YwbTTNSsFAfdxkaiXyF4MQHO7I8+P7HvjT4ffHLwdZ+Fr2S68Eh9Fu/Ec95bWyoZNMRo4hA/nmZN
ypFmFYCm5y/nL86N9aUUAfOX7Q/7As/x0+JvibWYfGKaTo/jaz0C21zS5tGW8adtG1Jr61eGXzU8
sMZJY5FZJNwZSCu0hvP/AIj/APBHbR/H3xeh8WjxtrFoZvEt5rmoafHJqFraXcFxfLemDy7O+t1a
RZQcSXCzxndzDnr9m0UAeKftgfs1+Mf2j28NW2heOPD/AId0PRrsahf6TrHhZtbtdYuInSS1eQJd
2zBYZE3hCWVm2FgdgFdjqn7NvgrxELCTU/DmlXd3YKQkyxGI/MzvIBhs7GeR2KElSWyckAjuqKAC
ub+Mv/JIPFf/AGB7v/0Q9dJXN/GX/kkHiv8A7A93/wCiHoA6SiiigAooooAKKKKACiiigAooooAK
KKKACiiigDm/hT/yK91/2GNU/wDThcV0lc38Kf8AkV7r/sMap/6cLiukoAK8b+NX7Gek/H/4hafr
HifWbvUNP0u4jurLT30zTvMsJE7QXn2f7VEj87wsuWDuu7YxWvZKKAPifwR/wQu+Fvwv+HreH/De
o6lo/ly2rWupW9jZQ6pbLbQXEERW6iiSYTBLmUecrq3zEjBYk3ovgn8E/wBmT9pCXRNc+Ms+neMP
iA1lqMXhm+1S0tpNaltruC4S8e3jjXz7qR7IRm4KiWRfMUl2wR9lV812XwS+Jfwq+O/j9PD2geDv
Ffgz4ta6niHUtZ1bW5bHUvDjrY21mbaO1W1lW7RRaJJExmh2NMwKkLuYA5/9lv8AZP8Ahb4xu/Cf
ivwj8Qtb8Y2vgXTdMsPD6ObeNdI0wxxX9rbOqwRyMXilt33TZk2bPukuW9S+JX7J3gjxH+yhqnw2
8WX12fAzyNfarPNffYmMC3v2+RXmQp5ceQVZgVITPIPNfJuq/wDBOT46aF+yjYeFdI1fRLzVdK1L
QJ/7KOsRxWd7a2nha00qeLzbmwu44wt7FJOqm3YNtVso5BGj48/4JYfEH4heBPF1pe63ZT694ovL
+zkvr7W7q6EulT+Ck0lIJwEVZANWX7Qy7ADgSgB8KAD1i4/4JN+AfEHxu8LfEXV9a1bxJrnhe30+
2tJ9SstPuSbexmkmswr/AGcFHTzdpkTBZUQ/fzIbn/BNm+8EL8NfGeqaD8Q9B8cHUdavb2WfTtTW
9tdD0tLm4isLFHCrtiggiZTkcSedyetdX+zz8SE+Dfws0Hwj4m8BXvgrxBYJ5M+k+FdF1fX9Ftyz
kq8d/Fp8cTbwQ7/KPLZ2Uk7Sx8R0f9jj40t8KvBSrZ+EdA8RiTW/CPiuxh8QTXdnc+HNVvDO97FK
LaMte2v3oomQITJKC435ABuav/wTw8Bn9nTT5JPi34k07wNYeDm0M6tI+mxwS+HzLFdwLJLJb7VE
ewETDazJI24k7WWH9i74MeEv2kPg9qGpWPxX0/x5pEereIIbRPDl1aXFlpAv9ZbUCvmLGJGlMYt8
rISF3PjPysPUPGuh+I/2s/2Htf07VPh5pNpqfiEXENn4X1vUrrS43tIr5hatLPFF59pO9vFFMu2M
tDKyjnYTXzD8Sv2Cf2nvHnwQ0+2n8WwX2oW+t3M1toF94thu7nSrKS1ihjLazPpEn2uaGSORo2ks
xMqzf8fDMpZgD6L/AGQf+CXvw4/Yp+KuteLPB8U327V7a5tA1za2xuIori5W5kQ3CxLNIvmIuA7H
gDduYBhua5+yjL41134ueG9aeCT4cfExLO9jtISrG1uwuy+RonUpsnEcDnGQzNMWVWO5+e8b/sw+
OfDll4n8YeCW8P3fxVOvW2oaRda1eTfZb20Gn21lNbXEiIWSPH2mZUjXb5oRiAWavAdf/wCCYvxy
0P8AaNj1DSviTqOv+Ezo6QJf3XiEWN7BMmjvZSwSw/YppJori6ZrpvLu4VEku4ozxqxAPrTwH8JP
Ef7MnhG18J/DjSdH1zwnZu72Ft4g8T3FpJokTHIs4CtlcM9uh3FPMfKKwjHyIgHAfBrxJa+OLbxb
dfDD4r+HbrVdV1S4m1TRYLy21LTtAvkurZdVeK4+ypPI8SudqSgKJJUDBVIC+naH4v8ACH7Oem2n
hK10XxZALSNHf+zPCmr6pbySOAWdrmG3kR3Y8szOWySW5zXh3iL9m34yeKvhwgtNO8JeH/EEnizx
JZ3MY16a5huvDOuXM0s04f7MhjvIWeCVYSrKzWu0yKJMqAd38Yvgf8LP2/8Axh4NvrzWNQv5vBVn
Jruiy6fvt1ZdQgCQahbXBT5nj2B45YHOxwN3oe/0t/ih4cNppP8AZnhXxHYWgjt31zUPEktpqV6g
ADTyW0OmmBZTydiOEJ/ug4GZN4Rkv/2rtFk0prnSdM8I+GXtrk2cSiG7E0yeVZybgUCosJkAQCRc
j5lVir+s0AfP/wCzr+xvrn7LfijTbHw1441W88DTXF1qGr6dqLJKfM+zW9tZ2llF5fl2loipJK6Q
lP3ix7VCtID9AUUUAFeb/tk/8mhfFb/sT9X/APSKavSK83/bJ/5NC+K3/Yn6v/6RTUAfJH/BQ/8A
5Tr/APBOr/upX/qPW9ff9fAH/BQ//lOv/wAE6v8AupX/AKj1vX3/AEAFFFFABXwB/wAE8P8AlOv/
AMFFf+6a/wDqPXFff9fAH/BPD/lOv/wUV/7pr/6j1xQB9t+Bv+Rn8Zf9hiP/ANN9nXSVz998MNKv
9XvL4vrEFxqEiyz/AGbWLy2SR1jSMNsjlVQdiIOBzj1qP/hVWmf8/XiT/wAKHUP/AI9QB0lFc3/w
qrTP+frxJ/4UOof/AB6j/hVWmf8AP14k/wDCh1D/AOPUAdJRXN/8Kq0z/n68Sf8AhQ6h/wDHq+Z/
j/8AtreFPgF8W9W8JXWg+N9RuNJ8oPcReK7xEk8yJJRgGXPAcD8K7MFgMRjKnssNHmla9vL5nJjc
fQwlP2uIlyxva/n8j68orzT4MQaL8ZvhZofim3/4Smyg1u2FykEniS/Z4gSRgkTYPSun/wCFVaZ/
z9eJP/Ch1D/49XNUhKEnCSs1ozphUjOKnF3T1R0lFc3/AMKq0z/n68Sf+FDqH/x6j/hVWmf8/XiT
/wAKHUP/AI9UFHSUVzf/AAqrTP8An68Sf+FDqH/x6j/hVWmf8/XiT/wodQ/+PUAdJRXN/wDCqtM/
5+vEn/hQ6h/8eo/4VVpn/P14k/8ACh1D/wCPUAdJRXN/8Kq0z/n68Sf+FDqH/wAeo/4VVpn/AD9e
JP8AwodQ/wDj1AHSUVzf/CqtM/5+vEn/AIUOof8Ax6j/AIVVpn/P14k/8KHUP/j1AHSUVzf/AAqr
TP8An68Sf+FDqH/x6j/hVWmf8/XiT/wodQ/+PUAdJRXN/wDCqtM/5+vEn/hQ6h/8eo/4VVpn/P14
k/8ACh1D/wCPUAdJRXN/8Kq0z/n68Sf+FDqH/wAeo/4VVpn/AD9eJP8AwodQ/wDj1AHSUVzf/Cqt
M/5+vEn/AIUOof8Ax6j/AIVVpn/P14k/8KHUP/j1AHSVzfxl/wCSQeK/+wPd/wDoh6P+FVaZ/wA/
XiT/AMKHUP8A49UOo/BrRdW0+e0upfEM9tdRtFLG/iDUCsiMMMpHncggkUAdVRRRQAUUUUAFFFFA
BRRRQAUUUUAFFFFABRRRQBzfwp/5Fe6/7DGqf+nC4rpK5u6+E2iXd3NOY9Qhe4kaZ1t9TuoIy7MW
ZgiSBQSxJOByST1NM/4U/ovrrX/g6vf/AI7QB09Fcx/wp/RfXWv/AAdXv/x2j/hT+i+utf8Ag6vf
/jtAHT0VzH/Cn9F9da/8HV7/APHa8E0X9pLwhrX7VL/CxdA8UpepfzWH28+IroxFo4WlLbfMzghS
OveunD4OtXUnRjflTk/JLdnPiMXRoOKqytzNJebeyPqKiuY/4U/ovrrX/g6vf/jtH/Cn9F9da/8A
B1e//Ha5joOnormP+FP6L661/wCDq9/+O0f8Kf0X11r/AMHV7/8AHaAOnor5pm+N/h+L9sNfhIfD
+vGUkL/af/CT3m3m0+0/6rd6fL9739q9v/4U/ovrrX/g6vf/AI7XTiMJVocvtY25kpLzT2Zz4fF0
q/N7J35W4vya3R09Fcx/wp/RfXWv/B1e/wDx2j/hT+i+utf+Dq9/+O1zHQdPRXMf8Kf0X11r/wAH
V7/8do/4U/ovrrX/AIOr3/47QB09Fcx/wp/RfXWv/B1e/wDx2j/hT+i+utf+Dq9/+O0AdPRXMf8A
Cn9F9da/8HV7/wDHaP8AhT+i+utf+Dq9/wDjtAHT15v+2T/yaF8Vv+xP1f8A9Ipq6H/hT+i+utf+
Dq9/+O1X1b4E+Gtf0q6sL+21G+sb2JoLi2uNVu5YbiNlKsjo0pVlZSQVIIIJBoA+L/8Agof/AMp1
/wDgnV/3Ur/1Hrevv+vgD/gof/ynX/4J1f8AdSv/AFHrevv+gAooooAK+AP+CeH/ACnX/wCCiv8A
3TX/ANR64r7/AK+AP+CeH/Kdf/gor/3TX/1HrigD7/ooooAKKKKACvyq/wCCjn/J5fjL62n/AKRw
V+pPiKyvNS0G9t9Pvf7Ov5oXS3uvJWYW8hB2vsbhsHBwevSvye/bL8F+OPDPx+1iTxyfturag6GL
UILTyLbUo1jREeIAY+6FBAyQ2QfU/eeH6iswlJyS91q3V6rb7j4jjxyeBjFRb95O/RaPf7z9Ff2F
v+TRPAP/AGC0/wDQmr1ivnn/AIJ3+CviP4V+ENivjW7Sz0mG2WDRtGazSK5tosk+ZO2NwY54Q8gc
nngfQ1fJ5rBRxlVKSl7z1Wq1Z9Tlk3LCU24uPurR76IKKKK887gooooAKKKKACiiigAooooAKKKK
ACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAr86/A
f/KXqf8A7GK+/wDSKav0UZtoJPavzV8A+O9Hf/gqg2uDUrVtIn8RXfl3YfMT77WWNQD3y5Cj1JxX
1nC8W4Yuy/5dS/Q+W4mklPCXf/L2J+lVFAOQD60V8mfUhRRSSP5aMxyQoycAk/kOtAHwzef8plU/
66L/AOmcV9z1+dd38b/DR/4Kmr4t+23f9hLcrAZf7OuRMJP7NEGzyPL83d5vy42Zz7c1+icUgmjV
xuw4BGQVP5HkfjX1HE1OcVheZNfuYL5q9z5rhypGX1nld/3s/wBBaKKK+XPpQooooAKKKKACiiig
AooooA+AP+Ch/wDynX/4J1f91K/9R63r7/r4A/4KH/8AKdf/AIJ1f91K/wDUet6+/wCgAooooAK+
AP8Agnh/ynX/AOCiv/dNf/UeuK+/6+AP+CeH/Kdf/gor/wB01/8AUeuKAPqXx5+0lrPhjx3q2jaZ
4Fvtch0iWOGS7XVLe3WR3gjmwFc7sASqMnuDWV/w1T4r/wCiX3//AIPbT/Go9e/5Kp41/wCwnB/6
b7OvmL9uv44aV8H/AIheGTq3iYWnn6bdNY+HW1/UtBl1+68yLy0tZ7NSLi5yNgtpAd3mqQBljX+e
vF30j+O8NxrjuHMrVJwpVakYL2TlK0L2v76Tdlq20lu2kfWUMowrw0a076pde/yPqH/hqnxX/wBE
vv8A/wAHtp/jR/w1T4r/AOiX3/8A4PbT/Gvgn4nft8fE3w78YvirpJ8YfBjwTb+HEkg0/SPEn206
losSXFtHHqtyYYyrWs0crurHbGpkhUv8r1jah/wUV8eSXHge1g8W+FNfg13Q79p7XS9DlGp6yyHU
VXVE23ISHTgLWBlngkmY+bllj3LjOl46eLE6UayeGtJX/hzenJz7r3XppdO19b8vvA8swKdve+9d
7H6H/wDDVPiv/ol9/wD+D20/xrF8X/GO/wDH9xpU2tfBuTUpNDvFv7Fptbs2NtOoIWReeoz34zg9
QK+K/wBoP9vn4gfC/wCKfi3SNB1rwzf32kaRfyReE5NDnlv9Mt4NCa/i1ua6E2Gt3uglvsZFUmQI
JDICK+iP2TfiV4y8XX/j7QPHF7o2rav4O1qG0j1HTNOfT4LqG4sLW9VfJeWUgxm5aPdvO4RgkAk1
4+Y/ST8T8vwUcwqTwyUoqaSpzUuVuMb6tKycop2dne8eZJtWsmwNRum0391v60PUbz9tvX7Hxxp3
h6T4Xar/AGhqljdajDjW7Mx+VbyW0cmTng7rqLAxyN3THOr/AMNU+K/+iX3/AP4PbT/GvOvEn/J1
Pgz/ALFTXv8A0s0WvQK+bxX0vuPqdOjOPsLyi2/3b355R/n7JG6yDCtvf7/+AS/8NU+K/wDol9//
AOD20/xo/wCGqfFf/RL7/wD8Htp/jUVeA/tiab4r8W/Ev4e+HfDF5c20mr22sNKF8RX2iQq8cEPl
TPJaAvJ5bOWETYVsnJFbZT9LXj/G4lYdzw8E1Jtuk7JRi5Peolsu6FUyLCxjfV/P/gH0H/w1T4r/
AOiX3/8A4PbT/Gj/AIap8V/9Evv/APwe2n+NfnpoX7fPxg0y1+K1hqfiH4YQ6n4PSSyitLu1v49S
8LrDqUVl/amooIij20tu7XhcMq7Vym5A5T0j9j79pr4m/Hz4m+FdLuvG/wANPEGhW2gXGsarq3hn
Tp7q018rfy20aW8zuiwkLt8whZRviYAjJC/XY/x+8U8Hh6mKrTwqhDd+znr7nPp3vdJd27q8feMI
5XgZNRXNd+aPsP8A4ap8V/8ARL7/AP8AB7af40f8NU+K/wDol9//AOD20/xqKivz/wD4nF8QP+nH
/gp//JnV/q/hfP7/APgGf4i/bb1/wxq+g2N18LtV8/xHfNp1ps1uzK+attPcncc8Dy7eTnnnA75G
r/w1T4r/AOiX3/8A4PbT/GvOvjL/AMlG+Ev/AGNc/wD6Y9Wr0CuzFfS+4+p06Mo+wvKLb/dvfnlH
+fskSsgwrb3+/wD4BL/w1T4r/wCiX3//AIPbT/Gj/hqnxX/0S+//APB7af414v8At2eKtf8ABPwD
bVNFutUsbK01rTH8RXemKTe2mifbIv7Qli2/MpW28wl0+dEDsvzKK+d/i/8At8x/D+fw9H8HvFdl
rfhPUYrq802+1Uah4hHjjVYpIYx4fsbyWb91JIrlhJulwwcKmIpAPo8j+kl4m5tRhVwnsHzSlH+F
LlXLFSfNJSdm0/dVndKTdopsxq5Rgqbalf7z7w/4ap8V/wDRL7//AMHtp/jR/wANU+K/+iX3/wD4
PbT/ABr5F8a/FH45Q6xrWqad4y8G2WixweJNVttMm8IyXFxbwaNfrALY3AvFDvcI/MnljZtyqtmv
NPir/wAFEfih4Z+NHxL0bw9q3hHWz4Yl1y3XQk0KZrrw3bWunrcWmp3dwJtskct1/owi2IX8zKsT
G9d+B+kD4n418uFq4STSk3+7qacrUWm3ZXu2r35W1o3ePNM8qwUfiUvvR+gv/DVPiv8A6Jff/wDg
9tP8aP8AhqnxX/0S+/8A/B7af418VH9rr4t+A/237L4b+Jtc+GyaVZiGMx3Wm39jqPi+OeBp5LzT
kjE67bZ8QNGXb/VO0jJ5iY85+GP/AAUl+IPiTW/CtrdfEj4Z6tDceLV0u4fTtDcyeKkf+zgbXSM3
OydYTcz+dI5SaPYv7kkEHej47+KtWKqU5YVxcI1E1TqNOMlJxat5R1Tta9nZqainlmBWj5t7bo/R
v/hqnxX/ANEvv/8Awe2n+NH/AA1T4r/6Jff/APg9tP8AGvh5P24/iBpX7RPhrwkjaTbwXd5aw2Wh
3Om3Vxf+M4bjUrm3vLi3vGl2wrp8MYmdSsmQOSisuPcf2TPHnj7xXc3B8b6zoesLq2g6X4h09dO0
d9O/s5br7Qr27lppfOI8lW3/ACcsw2gYx5Ga/SS8TMvw7xOInhkkk0vZyu03bTWztu3fl3jdzjKM
bhlGCm7Lm+/+v68j3D/hqnxX/wBEvv8A/wAHtp/jWVq37bXiDRvFGkaRN8LtV+162Jjb7dbsyn7p
Qz7jnjgjFaFcB8Qv+S8fDv8A3dT/APRCV87gfpfcfVajhP2FlGb/AIb3jCUl9vujaeQYVLr06/8A
APRP+GqfFf8A0S+//wDB7af40f8ADVPiv/ol9/8A+D20/wAaiorj/wCJxfED/px/4Kf/AMmV/q/h
fP7/APgEv/DVPiv/AKJff/8Ag9tP8aP+GqfFf/RL7/8A8Htp/jXyrf8Axy8MaN8fPGvh/wATeMNd
tPibBqM8nh7w9Fq19FDcacLBJIZY7SNxDJAQJS8zISsokXeCiAeD+Av2/PiT47sv+Eei17w7fXUv
hyNLrQLWwuf7Z0u2l8JW2otrEl41wzeWl7KIQGTcxnAMhcCv0DA/SB8UMZCVSk6CUYRm3KjJJxkr
3i+Z80eik+WLd1daX5Z5Vgouzvvbc/SL/hqnxX/0S+//APB7af40f8NU+K/+iX3/AP4PbT/GviL9
on9qn4x/s8fCuWyufEfgD+0x4sj0q78baro9xYaH4espNLS9jNxCssxG6Yi2WV5ApMqZwxFeq/sU
/Gf4gfHu88T6/wCJdW8KHQNLktbC00/R9MuAJJpdK0y9e4W6mZXeHfczqiNbo+1lLcriuDGfSP8A
EzD4B5nKphXS3TVOfvaxSsr6OXNopWaSvJJOLdRyjBufJaV/VH0R/wANU+K/+iX3/wD4PbT/ABo/
4ap8V/8ARL7/AP8AB7af418JfBP/AIKK+JGmm1fxh448A+IPC9j4ls7TXNT8OabONN8PW91b6kI7
R5XczG5FzBZIyywxspuEXDGT5eO0b9uDx14y8Q+A9f1H4j6N8M9E1qbR/t99qOjz3NhdSXmjSXK2
5ilnRbdnkRguNp3EZDMMH2I+OnisqtWnUeGSpq7l7Ko021flSXvOVrXSi3rF2s0zN5ZgbJrm180f
o9/w1T4r/wCiX3//AIPbT/Gj/hqnxX/0S+//APB7af418xf8E9/2mvGH7Qur+OY/FniHwDqs2lXE
LJpWhLcJf+Fnd5lewv1kUDzU8tRuzklXO0LtJ3fhd+0b8WPF37SF94V134KeIPDngy3uryGHxVPf
WMltcRxF/JkCR3LSgS7VwDGCN4yF5x87jfpMeJuFxOIwtWWFUqEVKV4qN00pe6pzi5uz2im30umm
9o5NgpJSXNr/AF0R9Af8NU+K/wDol9//AOD20/xo/wCGqfFf/RL7/wD8Htp/jUVFfMf8Ti+IH/Tj
/wAFP/5M2/1fwvn9/wDwCGH9sLxLPrlzpw+F+pfaLWCK4fOuWe3bI0irg565ibP4Vb/4ap8V/wDR
L7//AMHtp/jXNab/AMlV1r/sE2H/AKOvam+JF3Np/wAO9fuLeSSK4g064kidCQyMImIII6EGuqX0
vuP3WjSj7DXl/wCXb6pf3/MX9gYW19fv/wCAb/8Aw1T4r/6Jff8A/g9tP8aP+GqfFf8A0S+//wDB
7af418PaX8Q/jD8IPCFj4i8ZeIT9i0H4d6mulSQyNejU5IUtZU1e+jYoGkCSRKyM3ymG5YNiXjmP
An/BQv4k6jqnw006+8a/DfV7jVtcfS7xdE0S6nvPFcb3aRx3FhFLJEn2eKGQySyI7soj8wI0bAn7
qHj54n1oyqYWrhakU2m1Tm1opPdNraOuzTdmrKTXK8rwS0kpL5o/Qj/hqnxX/wBEvv8A/wAHtp/j
R/w1T4r/AOiX3/8A4PbT/Gvzu0f9tL4peAfCvw90u8+LXww1DUJte1Kw17UfEGmTaebq6tbq2iOh
IkTSlLzbK75PzsHTahCMT9U/sUfEDxr8W/htqnifxhqmk3a3+uapZ6ZZWWltaHT7e01G6tFEjtK/
nO6wo24KgGcYPWvPz36RviZlWFeMr1MK4czirUql5PmktFK38knrbTfVpF0sowc5cqUr+qPXde/b
C8S+HNDvdRufhfqRt7CB7iXZrlmW2opY4GeTgVb/AOGqfFf/AES+/wD/AAe2n+Nc18Wv+SVeJv8A
sE3X/ol66CvkZfTB4/VKM/3F22v4b6KP9/zN/wCwMLe2v3/8Al/4ap8V/wDRL7//AMHtp/jXmen2
Nppnx9m+I8Pwcv08QTRY2jX7MW6THcHuQn/PVlO0tnGBnGSSfn7UPi54r+Fnx31XxDeSavc6Vc69
r2laVbt4gu7i3169jtkax0k2si/Z7IyOshimjLF2i2HBk2t4Z4w/4KrfE/wd8A7XW/8AhPvhJrWu
LdX9+t1pml3Mulzpa2cNw2h3BZleDUWaRhGiB2ZQS4j2lj+k5X4+eLGLaWX1MO1NJP8AdyXxc14v
llLRcmt7brS6ko+fXyXLZWdaLfK7rbRrqr+p+oH/AA1T4r/6Jff/APg9tP8AGqmv/th+JfDehXuo
3Pwv1L7PYQSXMuzXLMtsRSxwM8nAr5L+G37UmsfFf9sPRdEufH+gwi21i6im8A2mkSx6lpsC6bdN
Dd3V2ZiHjm+SVEMKqfMj2kmMk/TPxd/5JP4o/wCwTd/+iXr5HM/pS+I2XYqhhsU6F6kYy0pTVlJt
WvJq+3xRvF7xk1qdkMkwk03G+nmbmh/tg+JvEOiWeoW/wv1LyL6BLiPdrlmG2uoYZGeDg1a/4ap8
V/8ARL7/AP8AB7af41znwq/5Jf4b/wCwXa/+iVr4i8b/ABx+Ifw38ZeMIrvXPFM0HgrxHc+BgEkk
kS7OvGafSLrH8TW8k+l2+88oDKc4znoyX6T3iJmletRw88PF0+jpu7TfKre/reTjH1kulyauS4SC
TaevmfY7eIHf47r8Rz8ItS/4SZbH7Dv/AOEgs/Kx083b/wA9Nnybs/d4ruf+GqfFf/RL7/8A8Htp
/jXyB8S/H/xe1nwN48u9I8U2VsV1TXvD/hm0tNEle8sHstP1J455JftH+lSO8MQClFAIB+ZsEcR4
K/by+Ik3x0+FHhpfGfwx1Xwvrmn6UTqd/Z3lpdfEBruV4rmTTRCsyLJaFVDRlm+Y7pWiRwy+xD6R
Piji6TqUq2Fm6cXdezqXSim7K+m94pJ7qUvgjKawjkuX021GLXM79NW+v9fnofdOoftkeJNN1bT7
KX4Xan52pM6Q41yzK5RC5zzxwDV3/hqnxX/0S+//APB7af41yfi//koPhH/rvdf+k715N+338TNO
+Fuh+DdQ1rxtZ+DdGbVpEulvtTv9HtNV/wBGk2wPf2fz27BsOu7KyFNmCxWvmMu+ld4hY7E0cLR9
jzVE3pRlJtpy0SU92o26K+raV2uqeR4SKcnfTz/4B9C/8NU+K/8Aol9//wCD20/xo/4ap8V/9Evv
/wDwe2n+NfBXh79vD4g3fxp8BaRbS+FPBWj6hpNjcW3gvxZPfS+JvFAnRyz211JHucqQAA67wUzM
Iw/GF8Dv+CqfiK78YQX3jPxZ4Vm8JJNoj69LbeHbmxHhObULTW2k02Z3kcvJBd2NpbmQhT5hZCod
sD66Xjl4t+ynWgsM+SKlZU5OT5pOKiuVuLk2tLScW3yxk5Jpc/8AZuAulrr5n6Jf8NU+K/8Aol9/
/wCD20/xo/4ap8V/9Evv/wDwe2n+NfB/hb9vj4keI/GHwYW68Q/DnQLXxf4N03XLzStUguItR8T3
N0s/nCwCggfZ/LjYpyRuG8orBq53R/2/fi7oPw28LSeNPGHgTw5b+MtG8NeIbnxlL4Wn+weEYNTs
dQnaCeD7Vtf99ZRRLM8kahrnlc7QUvHXxW1TlhU1bT2c29ZSjolfma5btRu3dRinO8Uf2Zgf733o
/RL/AIap8V/9Evv/APwe2n+NH/DVPiv/AKJff/8Ag9tP8a+MvgF+2v8AEH4hftur4J1fWfh1H4be
EwWmlfZr6117V7dbBbqPXLdSjxm1ncsm1nCIBs8xpV2Pn/Ejxl8Q/Afxtn1az8T6/d+GPFPxY0jw
rPprXErjSStxZSrJCc4jtpoPtUM0YwrM8Jxy5PH/AMTD+JkMUsHiKmGhKVONSP7uVmpOyV+ZWdk3
2bVk7sr+ycFy8yUnrbc+3f8AhqnxX/0S+/8A/B7af41meNv22Ne+HvgzV9f1L4YaqNO0Oym1C6MW
tWbyCKKNpHKrkZO1TgZGTXzl+xt+17f/ABQvPEr+KPFnh/XILWfToWTTNHlsn8MaleXEsB0S4zJI
ZZ4XWIGQhD+8yyqpU165+1f/AMmtfEr/ALFXVP8A0klryK30o/EbB5tTy3GqhrOEW1Skl73K3bmk
ndKS6eeqab0WSYSVNzjf7zzP/gof/wAp1/8AgnV/3Ur/ANR63r7/AK+AP+Ch/wDynX/4J1f91K/9
R63r7/r/AEyPjQooooAK+AP+CeH/ACnX/wCCiv8A3TX/ANR64r7/AK+AP+CeH/Kdf/gor/3TX/1H
rigD6M17/kqnjX/sJwf+m+zpKXXv+SqeNf8AsJwf+m+zpK/xQ8bf+S+zj/sIqf8ApTP0fLv91p+i
Oc+L/iHUfCPwp8SatpL2SanpWm3F5bG7gaeDfHGzgOiujMDtxw6nnrXzP8M/21PiT4/8Iaz4gKeB
orXwp4E8O+Mb+yOm3Syak2oWk9zNBDN9qIh2iHZGWjlJLc+lfUHxJ+HelfFvwFq3hnXYrq40fXLZ
rS8it7yezlkiYYZRLC6SJkcZRgfevJtJ/wCCa/wY0bxH4f1SLwpeyXHhizsLGwiuPEGp3NoIrEsb
MS28lw0M7QliUeZHZTgg8DHhcPZjkdDBVaeZU5Sqtpxapxkkk4tpuU4v3kpR0T5b8y10Na0arknB
6ev/AAD3SiiivizoPP8AxJ/ydT4M/wCxU17/ANLNFqj45/aQk8NfG+x8D6R4R17xRcx2sGo67e2U
1rDB4dtJ5ZIoZ5RNKjzBmhmJWAOyrExI5UNe8Sf8nU+DP+xU17/0s0WpfiF+zT4L+KXxG0Hxbrek
S3HiDw0ymyuob+5tQwSQSok8cUipcokg3qk6uqNllAJJr6ahUwUFQePi5R9lK1tfe56lm0pQbX/b
ys7NqSTjLGXM78nf9F6ni/g//gpdP488PaNdab8HfiSdQ8UayNL0GxvEtrFtYhexub2O7jlnlSIR
mK1k3KX3rlMj5hnkfiz/AMFKfiD4O+Aaa9D8L59M8WajHfDTtJu7yzuknEOq6fp6z+bHdKiqDfE+
WxBYxn5kXBb3/wCGv7F3w4+EepWF3oWiX0E2laidUsBc63f3senzG2ntQsCTzOsUKw3EyLCgWJQ5
KoCAR4t491T9nLwR8TvHHg/W9F1z+1vDEcniHUIpJ7+W2b7Zd6ddzi1JmKLi4/s+VoY9iruyq4aT
P2uV1+G8TmCWAy6dWnBxm1aUpuKbi4tKtZRblTV9Xe+sdLc01WUPfmk/68vU634N/tua146vLHRX
8E61rWr2mqX1j4kurZrLT7bw3Da3slm1xMJbtvNBkhmOIGclYmbavyg8z4O/4Kfah8VbaOHwl8J/
E+r62NWtLddPOqafHHqWnXVvfSw6haXZnFvLEWsZF4fp0zkVV+Iuvfs4eG9C8O/EPVdF1qJJNb8U
3lncWlxfRPNdWTX1/qonjjmUTQtJp1xIsMoeIsqbUGRjotI/Yy+AXh3V9O8FWHhzXLG58dacus2h
t/EOrRSw2+myKYkhuFuRJapEdRKpFCyLsldMbBtrSpQ4epRnUxWAqqUr8l4PlXJOXtb2rx5lGKta
KhZxs2mnNpOs7KM1/wAPa3T+vwO6/Zk/a+i/aZ8SeJLS28FeNfDmnaOwbTtV1ewMVl4ggLunnW8g
yMZQHaxDFXVsYziHwl/wUG+Evjj9o24+E+meLtOuvHtrc3FpJpayoZlkgRnlXaGzlVRj07V1Xwj/
AGYPBPwK8Ta5q/hbSbnTLvxFIZbtG1O7uLZC0jSMIIJZWitwzuzMsKIGY5IJArsYfDOm2+pG9j0+
yS8YljOsCCUk9TuxnmviMdisheJryw9Gp7NxSprmUXGdldyuqnMr3bSlG/RxWi6oqrZXav1/rQ4z
4y/8lG+Ev/Y1z/8Apj1au51XUF0nS7m7dWdbWJpWA6kKCcD8q4b4y/8AJRvhL/2Nc/8A6Y9WrvLy
0j1Czlt5l3xToY3XJG5SMEce1eXjGvZYbm25H/6cmXHeX9dEfI3w6/4K6aV4xGi3Gq/DHx54Z0vU
7fQ7+41C8uNOmh06y1reulXDrDcPIwnljlj2IhePZlwoIq9o3/BSnXviB4T8O6p4a+CvxB3654nt
NIS11pINMa4sbm3mmivoJZZFifIiIMYcunG4DcpPrum/sVfDDSbK2toPCsKwWdnoOnxI15cuqwaH
K82lxndIciCSRzzkvuxJvGBWd4c/YD+FHhLwVfeHdN8OXtppN9eW195Sa7qPmWclsxa3W1kM/mWs
UZLbYoGjjAdxtw7A/dVM24LbnOlg5p3jyptuPLZczf75O93KyUrNKCvF8zfLyYnS8l/XyOGtP+Ch
d94V0jVB4q+HniO3v5NTk0zwv9luLJk8YTHVTp0UcA+0H7OfMktwWuTGCJCw4BAi8PftpQalb6af
AHwz1aOfW9ctv+Exmkaytk8NXM2qf2bMblfODXMxktrhA9v5o/dKxJUjPsPjj9lnwF8SPCb6HrXh
+O901454lT7VPG8PnXSXbvHIjh45BcRRyLIjB42QFGXFYEH7Bvwqs7nwhJbeGJbMeBhGNJitdXvr
eH93cfaUa4jSYJdstwWlDXIlIkd3zuZieWlm/CzpuU8NOM3JtpXcOVJ8qt7VO97Nq9lJtrmglTKc
K9/iVvx/L+vxJv2of24Phn+xsNFPxF8T2Phz/hIPO+wfaZUTz/K2eZjcRnHmJ+dP+OPx+1PQf2a7
Px38PdOsvFt1q50yfSLOSTYmqw3c8ACI4YBXkilIRidoZlJBUEH0vVfD9hrvl/brG0vfKzs8+FZN
meuMg46Coda8J6d4h022s7u1SS2s7iC6hjUlFjkgkWWIjaR910U46cYII4r5jDYvK6UcPKVCUpwl
epzSThON7qKioxlHTR++79LG8lN319PL+vQ8P+DP7Z9x8Z/iP4Ps7CzsxoHiqLxBKJpIpYrqH+z5
rSOONlY/JJ+/kEiMMq0eMLgiq0n7YuvJ+zZ4/wDGv9m6QdQ8JeCLLxPbQ4k8maebTWu2jf5s+WHG
Bgg7e+ea7fx3+xZ8NfiP4Ifw7qfh+4j0x9Yu9fxp+rXunXC3t28r3Miz280cqiVppd6K4Rg5BXGA
M74h/sBfCv4o67Pf6voesBrrSBoM9rYeJdU06wnshC8Cwva29xHAwEUjKGKFgMYIKqR9HTzDhZ1F
KdKpGN9uWMnaNRyWvtI3c4PklouXlTXNfTBxr23X9L076nrul3TX2mW07gBpolcgdASAa4f4hf8A
JePh3/u6n/6ISrvwR+Anhz9njwvPo3hhddWwuLg3LjVNfv8AWZQ5VV+WW8mlkVcKPkVgoOTjJJNL
4hf8l4+Hf+7qf/ohK+ZwqoLGVFhpOUOWpZySi7ezlulKSX/gT9TeTfKubfT8yn8X9f8AHWifELwn
ZeH9Z8J2em+Jb97Bk1HQLi8ngKWdzclxIl5ErA+QFC7BjcTk9K5jX/2gPHN7+z74N8T+HdAtNR1P
X9Sjt9VMNnLerpNofOD3SWiSpLcbWjjXy0kDYkLchSD7Jq3hmx1zUtLvLqDzbnRrhrqzfcw8mRoZ
IS2AcHMcsi4OR82eoBHilx/wTS+D13HepLovieRL25+2BG8aa2UsZ97P5toPteLRwXcBrfyyFZlH
ykivUyrMMo5Kccwi04cvw04y5tZ83N79NvRwau5XcbNWbvFSNS75Ovn6eT8z0r4GfEWP4o/Dm31V
NWs9alFxc2lxcW2lXGlqJoZ3ikjNtcM00LoyFGV2J3KexArwNvj78QtI1LxdeeDfBmk6ubvxBdQ3
8sPhi9sWtjb6rBpv2hpJJguqzCwill2W5Rj9jWPILKK928D/AAM0z4VeE7HQPCV5qHhnQtOVhBY2
awSoGZ2eSRnmikkeR3Znd3cszMWJJJNed+JdQ+FPxwu/H3wau9F1/WrjwZHF4i1axS1vrKQz3U89
zHNZ3WYi8xnSR1e3kxG5ADKRherKquCjiq9WnRlVo8yk/dTcaXPa80uSN25QSUZxjzWXNbRzU5uV
Juz/AF8vxOH8Xft+ax4P+I+geFopdE1i41rS75pdQn8P6ho0Wl30eo6bax/aoJ3Z7eBI78yOZGHm
bYwjL5i5+kPHWs6x4U+FWs6hapa6lr2maVPcQosLJBdXMcLMqhN5YKzgDbvJAONx618uahrf7Pnw
l8KwaZfeAfFEd5/ZWv6BeaNdw3N/qK6eEt73VnumedxOGQ20plMkkr7lCFiWWvoHQhovgH4Q2niC
38U66ngjR9GXUI1uSlyq6fHAJBveWJrl/wB0OS7mQ9yWrs4gwWEjDDTwuGnD3pazgkqvvO1uS6Wm
lorlbvZuxNKUrvmkn+n3nlfgn9vR/ij8Szougx6PPp/iTWbTT/CN+BJMNUthaT3F/dMAyhkha2mj
G0qNwUEnIFO8DfHj4qeOrD4XSpq/w/s28fG/juN3hm8lFq1skz7k/wCJguQwjUYPTk5PQZPgzwh8
GPg/4b8ISWfwr8XeEp/DFlN4c8G2UsM0V9cRavIZJoLUi4P7xzC0jmZklhVWZjGpJrW+HHj34NfA
u00vwomk+JfCj/Czw3feLre11uS8ubjSrJp7i3uWMsksrTOXEuAXkBVlKEgrXqYzDZfFTWWYOo+i
5oQm3aNSKlfmlu3RlJJOPP7RJ2SUojKenPJfe/L/AIPysZ3w6/b+1nxp8RPhR4cl8Oy28/jfxh4i
8O6neSaVdQWSw6bBq0kT2szHY8jmwi3DLDDSYAwCPQP26P2lrv8AZg+DcOr6Xc+GrbXdUvvsGm/2
/I6WMsqwTXBjcoykF0t3RTuADOpOQMG14Z+Gvw78Q/CjwX4y06xu9J0zQFuvGWg3ReUXGlSahb3D
3E5jcuGd4r25BSRXVfMO0AquMr9nH4w+DP2lfGMWs2F14s1HWNA0m31LTjrdmtmBp2qIWhu4ViRY
2WdLc4LgyxhGUrHuYN5WJjl08Usxw+DkqGH5vawfWTqVHBN6pKzpwd9rNWlo5WnPl5HLV7fcr/qZ
lj+1hr/jn4oQW/hm3huvDtz4b0zX7Qf8I9d3RvPtkdxIqSXyzrDaDEUYBkibG4k5HA1/2X/2gfEH
xG1e30bxvLYaJ4wudFTVpvDJ8O3mnXNgA6RzbbmWeWG8ijkdYzJDgZKtwHUVo3n7DHw0vfGmna+2
k63HfaXYx6bFFB4m1SGyltozKUimtUuBbzqPOkGJY3+VtvQADS+BH7IXw8/Zpvr268G6DJp11fwr
bPPc6ld6hLDbqdyW0LXMshht1JJWGIrGp5CiubH5jw7LB1KWGhNTcYqN6cF7yunefO3Z/E2o8zel
4xWtRjW5k5NfezqtN/5KrrX/AGCbD/0de1w3x+/aut/gB8Q/B2h3vhfX9QsfFV0ltPrkbW9tpWjl
5o4Y1mnnkRTK8kqhIUzI4B2gkYPc6b/yVXWv+wTYf+jr2sL4n/sx+CPjL430LxF4l0eXU9T8OSJJ
ZZ1C5itiySCWMzW6SLDceXIA6CZHCOAy4bmvEwNXAU8bGWZxcqXItI735Fy/ajs7Pf5NaPSfO4+5
v/wTxTw1/wAFQovFGmSvD8I/ihDe6tqFrYeEre6s4LWPxebhZpI3gnlkWGICGB5WEzqQhGNxOK3P
ih+3trHw1GoH/hTXxC1X7HLa6dClnPYTTXepTW0N01ksSTs4aK3kkd5SPK/cOAzErnmvFfwI/Z08
GeNvFvw91LQ9eN7BoEfjW4t31zVZYdNtoJpvLfTWa5P2GVHSQqln5JCquPlUAddq3h74N+P/AIQX
HhqfStTHh0eJbjR9ltd3lpdQajpVtIjSRXEUqzxFIdPZRIkilgMHO9s/c16HDsasK1HAVXSlZtSU
r8rUXeLVbXRSdnvdvnSajDmTrWac1f8Ary/r83/sxftk+I/2hvjr4l8NXnw08QeEdE0TQNL1dL7V
ZYYrqOe684PazW+8yKQ0MgVgu0iJmzh4y1+P/go58Hpf2jD8Jx4y00+PBqB0v+y/OTzvtAGTHt3Z
zj2qP9nXwn8JtO1LwB4w8F6dq1tqHjvwXGdKvLm/vZpr3Sl8q6QXfmyv5sym8DCSbfKDLKN+GYH2
YeFtMGpfbf7OsPtm7f5/2dPN3eu7Gc+9fOZxUySGNqf7JUhDkUYRUuRqpH3XKXN7XmTlF3ScdbpW
trrT9pyr3k3f10/Azvi1/wAkq8Tf9gm6/wDRL10Fc/8AFr/klXib/sE3X/ol66CvlJ/7vD/FL8on
R1Plb9oX/gor4j+FHiXW9F0T4R+I9X1HSta07TbQ3uo2Ngutw3F9BaS3FvHLMshjWSeNFkZQhaRS
SBmq/iL/AIKez23inxH4a0z4Z+IbzxJpAT+zoxqVhLZa3LHfWdpe2sdykxijuLd7tQySMMMpBI7+
q+Kv2F/hj441DxZdaxoWo6jN40ULqXn6/qLJHiZJ91qvn7bJvOijkLWoiYvGjE5UEZNp/wAE3vg3
Y6nq96nhW8N1rlnc2N07+INScrHcPE85i3XBEEkkkEUjSxbJDIvmbt5LH9FwmbcFxoQjiMJNzja7
SfvO0N/9oWl1O6SV1J25W1yccoYm7tJf1fy/r863wi/biu/in8eT4Hl+F3xA0WOBGgvNcuLeKbSr
PUI4BLNZtNE7KSh3R+aD5bSJtUncpPrXxd/5JP4o/wCwTd/+iXrjfh/+xd8O/hd8SLbxboml6xa6
7bW62/myeItSuIZ9sAtxNNBJcNDNcGJQhuJEaZgOXJ5rsvi7/wAkn8Uf9gm7/wDRL18vmdfKquPo
SyinKEEoKSlu5395r356PS2q9EbwVRQftHd/15If8Kv+SX+G/wDsF2v/AKJWvnr41/8ABRnVfh9r
XjXRdG+Fnie/1nwrd2cNjHqV3ZaaviKOTULaymmtUmmWVoVa5XbMVEbEj5h0P0L8Kv8Akl/hv/sF
2v8A6JWuEvf2G/hfqWreL7668OT3V144ilg1RptWvZAqyyiaT7MGmIsy0qpKTaiImREfO5VYbZNi
8ow+Oq1M3pOpHmVkr20mnK9pwesU1u9+jtJKoqjilTdv+G9GePftBf8ABULU/hHdeMdL0z4V+I9V
1bw3YR3Fpcm+s20u/uQ1oLqyM6y4SeAXLblYjJhfHBXPe/DX9va1+I/7Qr/D2P4f+P7WawxY6trP
9ni40nSNUFql1Jp8s8RZdyRuoMo/dFyqhjuUnV1P/gnr8Idc1DW7m/8ACcl/J4isJdNv1utXvp45
YZokim2o8xWN5FjQvIgWR3UOzF/mrX8L/sZfDjwZ8TrHxlpuhXVv4jsLaK2W6OsX0i3PlwC3Sa4j
aYx3FwIRs+0TK823jfXtYjMuDpYL2VPDVFVUJWlrrUagot3rNcqak9t5Xs1aKzUMRzXcla/4fcdV
4v8A+Sg+Ef8Arvdf+k7109cx4v8A+Sg+Ef8Arvdf+k7109fB4n+HS/wv/wBKkdK3Zy3xh8V33hDw
dHNpj28eoX2pWGmwyTxGWOI3N3DA0hUMu7asjMBkZKgV5D8Sf2p4fhBrN3r2n/DTWPF+pXQ1KLW7
/R/sNpPaabpF35W+U3FwjTBGunZEQknfIQq5xXpnxj8SeEdTm07wdrXjDR/D3iDWrm3u9HtZdQt4
r+5nt7iOaJoYZTmXEsaZAUg8jvWDrN/8HPsHiFNQ8ReEFhtHv9I1sya/HGLSS8b7TdwTHzR5UjmE
yFTtZRG2NoBr6PJlQpUoPFYeVRSbbSUlzQaSWsXFtc60SduZa9nlUbbfK7f1/keXeIP+CnzeEodQ
ttU+Enju31/w/wD2nNrulJe6XJJo9tYW+n3U9y0oufKlQ22owyKsTM5ZWTaDXT337dVj4U8CnxFf
2d1q1rf3F/FpFrptsFuNTddTt7KyhUySKqPK11ECX2oCSxZApBrfGT9lf4FfGD40+HtU8T6ppz6v
4kW8vrbR18RtbR+KjLBYpJKYUlVrmJbfT7dTEuYGTcXRs5rb16x/Z++KOmr4Wvda8AavD4qa8sYN
OXxBE738k8sN1OkCrLu8wSC3lHl/NGdhXbkV9DP/AFdnSw0qeCq3fvVuVSsl7yag5Tk2lZ2fu2St
KTkm1j++vK8l5f1Yw/Hn7aPjLwp4y+H+jwfCvWX1PxbqVnY6npVxqFhHc6Gs0WpuzmZbgwzYGnlw
EJ+TPJZggvfCj9tweJ9Q0jw7q+h3i+LdZe2fT4YNkcOrWskkizXUO5j8lqIpDKpO4bUwD5qA5ngL
R/2bfiF8NtCttH8QeHrvS7LWLbT9NmbxbOL9dTtbi4lii+0NcfaGuTJcXBIZzJMs7B96Pg3tWvfh
d4R/aP8AC1jo9wNd8Y+BNC1eHT/DekXVpc3WnLL9mmnaUSSCWOV1CLGruqMHfIztIVbDZVNTwqwM
4zipu7jKL91Sacr1JWjdxhJO3LG7c5Ss0KU1aXMmv68v67H0JXAftX/8mtfEr/sVdU/9JJa7Hwx4
jtPGPhrTtX0+UzWGq20d5bSFSpeKRA6Ng8jKkHBrjv2r/wDk1r4lf9irqn/pJLXxOSRlDNMPGSs1
Ugn/AOBI6ar9x+h5n/wUP/5Tr/8ABOr/ALqV/wCo9b19/wBfAH/BQ/8A5Tr/APBOr/upX/qPW9ff
9f70H5eFFFFABXwB/wAE8P8AlOv/AMFFf+6a/wDqPXFff9fAH/BPD/lOv/wUV/7pr/6j1xQB9D/E
Dwd8QIvij4mutC8NaJrOmajdwzxTy699klUi0t4mVo/JfBBjJHzHIINZn/CN/Fj/AKETw9/4VP8A
9zV73ozf8TPV1zyLpTj28iL/AANaFfgnEX0ZuA84zOvmuPw85Vq0nObVWaTlLV2Sdlr0R6dDOsVC
ChFqy02XQ+dP+Eb+LH/QieHv/Cp/+5qP+Eb+LH/QieHv/Cp/+5q+i6K8b/iUvw3/AOgWf/g6p/8A
JG39vYz+Zfcj50/4Rv4sf9CJ4e/8Kn/7mo/4Rv4sf9CJ4e/8Kn/7mr6Loo/4lL8N/wDoFn/4Oqf/
ACQf29jP5l9yPk/VPhH8Xr/4w6F4lXwV4ZW30nRtR0x4T4oO93uZ7CRWH+jYwotHB7/OvvXS/wDC
N/Fj/oRPD3/hU/8A3NX0XRWtT6KXh1OMYyws7RVl+9qbXb/m7ti/t3Fr7S+5Hzp/wjfxY/6ETw9/
4VP/ANzV89fH3/gm/wDE344v41n/ALL0jR7zxfrOmass0etpMbIWlqlrJDgwjes0SuCcrtLA4O0Z
/RCiu7KvoycB5bW+sYKhUhLTX2s3tJSWjbW8U/O1no2iKmdYqatJr7j8zfHv/BKj4q/ELwhP4avI
tETw7ZN4puNEgj1NRcWFxr0F9DO80vl4nSFdQufLQJEfmXczFQa75v2U/wBpA+M/CPiTyfhn/bXh
HTL3RoDtuPss9tc/ZCd0fn7hIrWikMH2kORt4zX3pRXqVvo+cHVlFVaMpKPNa8r/AB35+n2uZuXd
u+5CzbELZ/0tj5zj8NfFoRqH8C+HWcDkjxRgE/T7McUv/CN/Fj/oRPD3/hU//c1fRdFfMP6Jnhv/
ANAs/wDwbU/+SNv7exn8y+5Hyf46+Efxe8WeKPBd/F4K8MxJ4Y1mTU5lfxQSZkbT7y1Cri267rlW
54wp74rpf+Eb+LH/AEInh7/wqf8A7mr6LorWp9FLw6nGMZYWdoqy/e1Nrt/zd2w/t3Fr7S+5Hzp/
wjfxY/6ETw9/4VP/ANzUf8I38WP+hE8Pf+FT/wDc1fRdFZf8Sl+G/wD0Cz/8HVP/AJIf9vYz+Zfc
j50/4Rv4sf8AQieHv/Cp/wDuaj/hG/ix/wBCJ4e/8Kn/AO5q+i6KP+JS/Df/AKBZ/wDg6p/8kH9v
Yz+Zfcj50/4Rv4sf9CJ4e/8ACp/+5qP+Eb+LH/QieHv/AAqf/uavouij/iUvw3/6BZ/+Dqn/AMkH
9vYz+Zfcj50/4Rv4sf8AQieHv/Cp/wDuaj/hG/ix/wBCJ4e/8Kn/AO5q+i6KP+JS/Df/AKBZ/wDg
6p/8kH9vYz+Zfcj50/4Rv4sf9CJ4e/8ACp/+5q5vxN8JPi9rnxF8Ma0ngrwykOgi7EsbeKDuk86N
UG3/AEbHBHOa+r6K1o/RS8OqUnKGFnezX8Wps00/tdmxPPcW95L7kfOn/CN/Fj/oRPD3/hU//c1H
/CN/Fj/oRPD3/hU//c1fRdFZf8Sl+G//AECz/wDB1T/5If8Ab2M/mX3I+dP+Eb+LH/QieHv/AAqf
/uavJtV/Zc+Ps/xs8a+M9PtPBum3HibwvD4d0+Nb1pJdJeF7iSG5Zz8sxElzISmxAQEGRglvuSiu
3B/Rb8PsK5ujhprmVnepKV1dStaTa3S/LZsiWd4uVry/A/Nfxd/wTF+LPjTwZ4d0q90b4f3B0G11
KyZLqeS+tL37bHGkl7Ilw8kjaipRiLppWOJZAUIY17be/s9/FHUvgHJ4BufDNndQTaB/YMmpz+LV
kvpVNv5BuGY2uGlP3ySMFu1fXdFehjfo48FYuNOOIpVGqcnKP7yStJtyb0te7bepMc3xMb2a18j4
W8U/suftDePl8P32tweBJfEHg7U4tW0O8s5nt4IphBPbzfaIWZzMssNxIhCSRbcgjBFVL/8AYO+I
nxB+Ldn428eeD/CvifWrCCwW3S3117C1hmtJ76WN/LCOXTF7gxSM6kwo5ywG370opR+jfwRCPLSo
zho17tSUWk3dpONmk3q0mk227au484xPVr7j5H8PfAb4q6B8CrHwPH4X0uNLLQY9DXUbbxSILlQt
uIBOn+jHY4xuHXBx1rgP2Tv2FPil+y9qmpXcfh3wneHUNK0/STbadqSaXaOLNZFW6ljWJ/Mu5BJi
SbKhgiAKMV970VjH6M/AsaFbDRoT5KzTmvaz95p3Wt7rXXSw3nOKundabaHzp/wjfxY/6ETw9/4V
P/3NR/wjfxY/6ETw9/4VP/3NX0XRXk/8Sl+G/wD0Cz/8HVP/AJI0/t7GfzL7kfMVr8P/AIt2/jG/
1M+B/Dhju7O2tlT/AISn5lMTzsSf9G6ETD8jWl/wjfxY/wChE8Pf+FT/APc1fRdFXP6J/hzN3lhZ
9F/FqdFb+YX9u4z+Zfcj8/v2i/8Agnr8SP2hPFPiDW5dF03RNU1XTdMsbK5tfEStJprWct8zsCYP
nSeK/mhkjOAUJ5ycjRg/Yr+MFr4mvPK0bwvH4an1vUvEcOnrquLuO9vrW4gmLXGza8QN1PIE8pW3
FQXIHP3hRXur6OnBaoxw/sqjhFWSdSTsuVR0vtpFJdVq1rKTeX9r4i97r7j89/hX+xd+0f8ACfwf
8O9Ks/8AhWly3w00BPDemyzR3GLi2EEEJaZROMykW0RBUqoy/wApyNvvkfhr4tCNQ/gXw6zgckeK
MAn6fZuK+jKK4cy+jFwDj5+0xWGk3q7qpKPxNyfw23bb9W7FQzrFQ0jL8D5i8afD/wCLfifwdq2m
R+B/Dkcuo2c1sjt4p+VC6FQTi26AmtL/AIRv4sf9CJ4e/wDCp/8AuavouiuB/RP8OXFQ+qzsm3/F
qdbf3vIv+3cZ/MvuR86f8I38WP8AoRPD3/hU/wD3NR/wjfxY/wChE8Pf+FT/APc1fRdFR/xKX4b/
APQLP/wdU/8Akh/29jP5l9yPnT/hG/ix/wBCJ4e/8Kn/AO5qzPG3w++LfijwZq+mReB/Dkcuo2U1
qjt4p+VC8bKCcW3QE19PUVdP6J/hzCSnHCzunf8Ai1P/AJITz3GfzL7kfMfg7wD8W/DXhHStOk8D
+HJJNPs4bZnXxT8rFECkjNt0OK0f+Eb+LH/QieHv/Cp/+5q+i6KKn0TvDmcnOWFnd6/xan/yQf27
jP5l9yPnT/hG/ix/0Inh7/wqf/uaj/hG/ix/0Inh7/wqf/uavouio/4lL8N/+gWf/g6p/wDJD/t7
GfzL7kfL2t/Dn4uap4l0S+XwR4bVNLkmd1Pijl98TIMf6N2JzWt/wjfxY/6ETw9/4VP/ANzV9F0V
c/on+HMlFPCz0Vl+9qd2/wCbuxf27i/5l9yPzz+Kf7Nnx61v9ok3Wk/DLw9No/iC+0bUtS1O51e0
kWx+wXCSmKK43pcx71hACC1lUPKTvUM5Xjfhf/wR48YfDTW9AuV8LeFdQj8P67bawJLnXbm4u9TW
BLxUiuXnaSIsGuy++GGIblJ2fN8v6fUV9Lhvo/8ACGGw7wuHhUjCSSaVWSuorlSeutlonv53MZZr
iG+Ztfcfmp4U/wCCUfjzwr4s8F6r/wAI34Y1F/B+m2mmxLdeILtAFtry6uonhSF44UYNdEfvYphi
NMAcg5vxG/4JFfEjx98PfAXhoWejWmn+BNG0/TbdF1yVEa4tZopDfLHD5SedL5Sq3nLMAANu07i3
6e0V0x8CuF41o4hKrzRd0/ay0fvbdF8UvvaJ/tOta2n3H5geO/8AgkX8RviNf6HJq+geB7628Orq
draWkmpXUEMlte3MdwfOFvLEZJ0MYQSE+Wyn5oSQDXoNj+yP8bPhj44j8W2Hgzwl4gOgf2zcabpF
pqkdpfXsuoziZlnu5RscI2QDtT5eu5hz9/UVzYn6P/CGIpKhXp1JQSkknUlZKd+a3bm5ndqz13KW
a4hO6a+7sfLHwx+F/wAXPAPw18PaFN4K8N3Mui6ZbWDyp4n2rK0USoWANtwCVzioPjD8JPi78Tfh
H4p8NQeC/DVrP4h0i70yOeTxOWSFpoXjDkC2yQC2Tj0r6uorwYfRY8PY4lYtYafOpc1/a1N732v3
NXnmL5eXmX3I/P3/AIKDXUd5/wAF0/8AgnW8UiSqr/ExCUYMAy6BArDjuGBBHYgiv0Cr85f2zLdr
f/gtj/wTpJ/5eLv4qXK+6yaOkgP5MK/Rqv6NqR5ZOK6HjQk5RUn1CiiioKCvgD/gnh/ynX/4KK/9
01/9R64r7/r4A/4J4f8AKdf/AIKK/wDdNf8A1HrigD7xuvDltd3slyTcxzSqquYriSIMBnGQrAE8
9etN/wCEZt/+e2o/+B03/wAVWhRV+0l3JcI9jP8A+EZt/wDntqP/AIHTf/FUf8Izb/8APbUf/A6b
/wCKrQoo9pPuHJHsZ/8AwjNv/wA9tR/8Dpv/AIqj/hGbf/ntqP8A4HTf/FVoUUe0n3Dkj2M//hGb
f/ntqP8A4HTf/FUf8Izb/wDPbUf/AAOm/wDiq0KKPaT7hyR7Gf8A8Izb/wDPbUf/AAOm/wDiqP8A
hGbf/ntqP/gdN/8AFVoUUe0n3Dkj2M//AIRm3/57aj/4HTf/ABVH/CM2/wDz21H/AMDpv/iq0KKP
aT7hyR7Gf/wjNv8A89tR/wDA6b/4qj/hGbf/AJ7aj/4HTf8AxVaFFHtJ9w5I9jP/AOEZt/8AntqP
/gdN/wDFUf8ACM2//PbUf/A6b/4qtCij2k+4ckexn/8ACM2//PbUf/A6b/4qj/hGbf8A57aj/wCB
03/xVaFFHtJ9w5I9jP8A+EZt/wDntqP/AIHTf/FUf8Izb/8APbUf/A6b/wCKrQoo9pPuHJHsZ/8A
wjNv/wA9tR/8Dpv/AIqj/hGbf/ntqP8A4HTf/FVoUUe0n3Dkj2M//hGbf/ntqP8A4HTf/FUf8Izb
/wDPbUf/AAOm/wDiq0KKPaT7hyR7Gf8A8Izb/wDPbUf/AAOm/wDiqP8AhGbf/ntqP/gdN/8AFVoU
Ue0n3Dkj2M//AIRm3/57aj/4HTf/ABVH/CM2/wDz21H/AMDpv/iq0KKPaT7hyR7Gf/wjNv8A89tR
/wDA6b/4qj/hGbf/AJ7aj/4HTf8AxVaFIzhFLMQAoySeAKPaT7hyR7FD/hGbf/ntqP8A4HTf/FUf
8Izb/wDPbUf/AAOm/wDiqf4e8S6d4u0qO/0rULLVLGYsEuLSdZ4nKkggMpIOCCDzwRV2j2k+4cke
xxHw01GfxomrR39xeNLoN6+ksyTvF5rx/MZDsIzuWRPyrp/+EZt/+e2o/wDgdN/8VVPwZoMuh3mv
PJGEXUNTe6jwQdymKJc8e6nrW5W2Iq++3B2Wn5GNCn7iU1dmf/wjNv8A89tR/wDA6b/4qj/hGbf/
AJ7aj/4HTf8AxVaFFY+0n3NuSPYz/wDhGbf/AJ7aj/4HTf8AxVH/AAjNv/z21H/wOm/+KrQoo9pP
uHJHsZ//AAjNv/z21H/wOm/+Ko/4Rm3/AOe2o/8AgdN/8VWhRR7SfcOSPYz/APhGbf8A57aj/wCB
03/xVH/CM2//AD21H/wOm/8Aiq0KKPaT7hyR7Gf/AMIzb/8APbUf/A6b/wCKo/4Rm3/57aj/AOB0
3/xVWbXU7a+ubmGG4gmms3Ec6JIGaBioYKwHKkqQcHsQe9T0e0n3Dkj2M/8A4Rm3/wCe2o/+B03/
AMVR/wAIzb/89tR/8Dpv/iq0KKPaT7hyR7Gf/wAIzb/89tR/8Dpv/iqP+EZt/wDntqP/AIHTf/FV
oUUe0n3Dkj2M/wD4Rm3/AOe2o/8AgdN/8VR/wjNv/wA9tR/8Dpv/AIqtCij2k+4ckexn/wDCM2//
AD21H/wOm/8AiqP+EZt/+e2o/wDgdN/8VWhRR7SfcOSPYz/+EZt/+e2o/wDgdN/8VR/wjNv/AM9t
R/8AA6b/AOKrQoo9pPuHJHsZ/wDwjNv/AM9tR/8AA6b/AOKo/wCEZt/+e2o/+B03/wAVWhRR7Sfc
OSPYz/8AhGbf/ntqP/gdN/8AFUf8Izb/APPbUf8AwOm/+KrQoo9pPuHJHsZ//CM2/wDz21H/AMDp
v/iqP+EZt/8AntqP/gdN/wDFVoUUe0n3Dkj2M/8A4Rm3/wCe2o/+B03/AMVR/wAIzb/89tR/8Dpv
/iq0KKPaT7hyR7Gf/wAIzb/89tR/8Dpv/iqP+EZt/wDntqP/AIHTf/FVoUUe0n3Dkj2Pz8/4KBWk
en/8FzP+CcsES7YoU+JKIuScAeHrcAc1+gdfAH/BQ/8A5Tr/APBOr/upX/qPW9ff9S2UFFFFIAr4
A/4J4f8AKdf/AIKK/wDdNf8A1Hrivv8Ar84PH37FX7aPwO/4KTftC/GP9n7UP2YLnwz8dP8AhHPN
tfiFPrr39p/ZOlrZjallEsabpHnJzJJlfLPyHcKAP0for4A/42nf9WAf+XdR/wAbTv8AqwD/AMu6
gD7/AKK+AP8Ajad/1YB/5d1H/G07/qwD/wAu6gD7/or4A/42nf8AVgH/AJd1H/G07/qwD/y7qAPv
+ivgD/jad/1YB/5d1H/G07/qwD/y7qAPv+ivgD/jad/1YB/5d1H/ABtO/wCrAP8Ay7qAPv8Aor4A
/wCNp3/VgH/l3Uf8bTv+rAP/AC7qAPv+ivgD/jad/wBWAf8Al3Uf8bTv+rAP/LuoA+/6K+AP+Np3
/VgH/l3Uf8bTv+rAP/LuoA+/6/OL9pA+FdL/AOCpFresPh5478Xy+IdES30TUrLWLHxnoS7bVC+l
3cbG2lskXdcumxIzm6WSU/Mo3v8Ajad/1YB/5d1H/G07/qwD/wAu6gDKh/b9+LF14g+L9jfeI/Cv
hfU/BdtqUkthe3L3kmieXqsENtI0MWkhraN7RpCJ5pruMmSOba0SuKs+Gf8AgpLrGs+KPhrcJ4h8
at4e8TX8umw2N1babFrfiO4W8iiE9oF0/wCz3tgVcjdC9tKqq7ncCpFz/jad/wBWAf8Al3Uf8bTv
+rAP/LuoAm+Pv7Xvi74HaVrVsfEF/wCCY5rDX7nwTHpXh2PUX8YeIE1vUYxpzxeRKx+RbNtsflSS
/aZX8w7GK9Z8JP2gPizrHxN0W+13X7xbTUPi3qPgm78P/wBmWgsrbT49KuLhGWVYvPMiTxKBIZSr
A4KnOa43/jad/wBWAf8Al3Uf8bTv+rAP/LuoA1/2+v21/FnwY/aL8ZeD9A8b6poutw+AbHVfBGgW
Ph6HU28Sa9Nd38S2r5t5HKOIIQVWSIqgd96hWYeQfFX/AIKffGW0+OHj3SfD9xJplppGl+L7dtJ1
GyW71DRb/TbCee0uNi6dFFHDK8IeFZLu5aaJg23qV661+HX/AAUzsviFe+K4tP8A+CfSeItRsIdL
ub4f8Jf5kttDJJJFEecYV5pSOM/Oa2v+Np3/AFYB/wCXdQBk/wDBQ39uX4p/sl+KdK8P+F/EWsah
rUWiWniF59dsrcWeurJdGOa0tIbTS5GleFELSbri3ESSxsXYEsvc+DPi38XvHPxX8E2U3xE17TtN
8Z+MvG2i3UNvoemY02z0u4uxYmFpLViGKwIrNKZA4Y4APzVzn/G07/qwD/y7qP8Ajad/1YB/5d1A
HA6D/wAFJ/jrr2rfCy1u7jQdAv8Axfo3hy9tRqUc1vaeIGnmC6iEgj0y4eWYKsgEcV3AYjsd08s5
a1cfts678Bf2bvA2meGPiHe6m+iTS+H/ABlcaxJa6aPB2pQQgQ2Mkq6PciNJGWfmaI7zEgWdS6iT
tP8Ajad/1YB/5d1H/G07/qwD/wAu6gDo/F37QHxcs/2RPFXxBu/H+keHvEPh9dCiaJ9N8nQcT2Wl
z3sm+Swmu4yxuLkRvJGUiZkMkZVWA9A0v4u3H7R3/BMHxv4is9S8RyT6j4Y12GDUrkWklxdGOK4j
E0DQwRwyxMV/dyCFd6bSVya8c/42nf8AVgH/AJd1H/G07/qwD/y7qAOms/iPD+yl8VrL4R6H4uvd
F1S01nR4PCng+28L6faWfifTbqW3e/umNtYxpujMl+GaB4RELZHkU7i0n0L+zZe+IvE/wzv9f8Re
ItU1e51S6v44rOe1tYLfT44by5ijWIRQpIcxqgJkd87QRjJz8qf8bTv+rAP/AC7qP+Np3/VgH/l3
UAeDf8E0/ht8FPij+zt8B/DfgTRZtU+I+r6ZbWnxVs9Ptrr+y7vT3t3F/HroYC2eRjgRCTM/m42f
L5ldb8Zv2bfhP+xr8DPDfj3Q/CHh/wACnTP2hNPg1bV7SzMDQaPbeKHbbIyjP2eOKJDjoFQdq9M/
42nf9WAf+XdR/wAbTv8AqwD/AMu6gDz7/gox8ePhX8fPHvh3xx4a17wB8Wkg0UwaR4Sv7fWY73Vb
mO5mJ/sDULIhINSkYrG2Y5HXy7YloUJY+pf8FZtY+JPjX/gn/wDEfRdQ+Guj2nhmeLQVsZD4pkut
Qv5G1nTAbW5tltMRKVaVXkWaXGzowbjO/wCNp3/VgH/l3Uf8bTv+rAP/AC7qAPEv2h/2U4f2cvDG
jW3xB1v4c+EdG1DxBqmseHvhdrC6/rfgS3tntrCFbUXtukZivElhkmiUxNGrXcvk27MpYP8AAes+
K9Z8Z3d1qHw98ZeEfhBN8KvDjeO9CtNV1C78SWWmrfeIFEdq0qi6lhf93LKCyXYtiECbyUHtX/G0
7/qwD/y7qP8Ajad/1YB/5d1AH0F+1N8Rdd8Naf8ABHTvh7rTaHpXjbxhZ6Nc3lhYwXJXS3069nHl
CaN0TmGHaxU44GCCQfnLxJ+238eNG/aH+IngjS4tFvvFXhi31p9E8NXt8j3WtWtvp0smn3a2sWnR
ktPKLd3kF+IsvLEI0kwiW/8Ajad/1YB/5d1H/G07/qwD/wAu6gDU1v8Ab50G38I6Lqlj8evF1z4V
nju4dU8SDwpbO9nrCwxNa6Zgad5aebm5LIyNIHhji3qzhW0fFv7Qfxz0j9lDxP4/1G51DQ/FvhyL
w7Hqeg2WiQXtvpEdza6ZJq10IRG9xM9slzeTJGshAMIUrIAVPNf8bTv+rAP/AC7qP+Np3/VgH/l3
UAd7/wAE3PHtv4+8UftJeJfC/iHUfH1nqHiy0m0vWL+2jtW1gp4f05QR5cMEZTepQMkYUhc5PU+O
fsift2/HH48STWOu65pej3y2uiWut2UcDT6x4c1S41zTrS4j8iXSraK3j+z3FyBHO9zJlY3R3QM5
6b/jad/1YB/5d1H/ABtO/wCrAP8Ay7qAO58X/tT6t8Kddg034gfEzXPCXhWx1/WtHHihNFtJLvUb
iH7A9jaSkWkkCmSO4vMbIUMht0AIbIdbb9pPx34Q+Dvxn+KmveJ9butF+FnjrUYX0eHSLMQnw9Y3
ULXLKBALiWZbP7QykSDcyqME5zwv/G07/qwD/wAu6svxn4L/AOCnHxE8M3Wja5Y/8E+dT0q+CrcW
s48XNFOoYMFcfxKSoyp4IyCCCRQBrfGj9u7xT4K0PTJPEXj3XPh74h8WeBJ/FHhfQbLw/baje3+o
XF5cNY6c8X2aZ5JEgNtE8cZVmZZG38FhW+AXi7xN4U8SfE3R9SvdQ1Lx+Pi5Z6tN4a1Oytxb2MN3
ZxSQz27iFWMckiPEJRI4X7OQCGDlqaeDP+CnUXjB/EC2f/BPsazJZLpzXQ/4S/ebdXaRY/TAdmPT
vWn/AMbTv+rAP/LuoA5Hw5+3v8Y/Gek+HbbRvFGrXeqz6Ro0XxBM/haGFPAHiK517SLOXS7dmgVX
H2e41QFJPPdBbRSGQB1L/X/7GPxJ8V+NNY+MeheKtTuNb/4V94+l8PaVqNzaQ21zeWX9laZeq0oh
SOJmWW8mTciKCqKCCwJPzd/xtO/6sA/8u6j/AI2nf9WAf+XdQB9/0V8Af8bTv+rAP/Luo/42nf8A
VgH/AJd1AH3/AEV8Af8AG07/AKsA/wDLuo/42nf9WAf+XdQB9/0V8Af8bTv+rAP/AC7qP+Np3/Vg
H/l3UAff9FfAH/G07/qwD/y7qP8Ajad/1YB/5d1AH3/RXwB/xtO/6sA/8u6j/jad/wBWAf8Al3UA
ff8ARXwB/wAbTv8AqwD/AMu6j/jad/1YB/5d1AH3/RXwB/xtO/6sA/8ALuo/42nf9WAf+XdQAf8A
BQ//AJTr/wDBOr/upX/qPW9ff9fnB4B/Yq/bR+OP/BSb9nr4x/tA6h+zBb+GfgX/AMJH5Vr8PZ9d
S/u/7W0trM7kvYmjfbIkBGJI8L5h+c7RX6P0AFFFFABRXyr/AMFoPiZ45+A3/BPjx18RPh78Qta+
HviPwLbpqUVzZWGmXkN6plSJobhL61uF8vEhbMfluGVfmK5U+ceF/wBrbwN4F+G3j/4jp+1t4/8A
2ifAPw+8PGTxfpOgafoWrvZC6B8qeC78P6faSwSxrFOzHziI0PmP5QVZKlzXLKe3Lvf0v0u7Pa9t
y1BuUIrXmdlbvp6a63PvGivnnxV+3v4W+GOgfDvS9C8K/ETx1rXjLwt/wlGn6HpP2a61a10aGODz
by6lvLuNW2efCpAmkmldjsWU5NekfszftM+Ef2vPg9pfj3wLc6xfeF9aUvZXWoaJe6Q9yuB+8SK7
iikaM54kVSjc7WOK2nTknJW2bT+Ta/NNX2umr3TMYVFKEZ/zJNfNX/LXvZp2s0d9RXzf/wAFHv22
tR/ZI8IeEtG8KaYus/EX4masdF8PwSWF1qENiqRNNdX8ttaq1xcR28KFvJhG+V2jjUqX3Dof2Bvi
hYfGD4OX2t2Pxd1v4vySatcQXt3qmhW+hT6FcptWTTvsKWtvPaiI8+Xdh7gb/mkYFaiHvqTX2f8A
gf5rV2V9E200XN8vKn9r/g/5PTfS7STTft9FFeD/APBTnxR4s+Hn7BfxU8XeCPGWs+BvFHgrw3f+
IbDUdOs7C7aSW1tpJlhkjvbeeJonZQGwivj7rqeayr1VSpupLZK79DahRlWqxpQ3k0l6vY94or4A
/ZF/as0jxh4H0rxza/th+L/jbP4V8Jx+KPHPg3R9I8N68EiktGDwoui6ZDdwTpcMGSPzWciJlKEE
uvsPgr/goP4F0X9mr4Max4N8O/ErxrN8W9KW68GeGkuob3xJqVrHbieWWe41G9WPMURDSST3ZJLK
AzuyqemrSdNyT6NLTbVyW/8A267NXWjvaxy0asakVKOl1fXTon96TV/Vdz6eorzP9lb9rbwd+2R8
PJ/E/go+Im02zvZtMuf7W0G90p4rqFik8K/aIkWbypFeNngaSMOjqHJU15d/wUf/AG5NU/Zbi8E+
DvBtl/aHxF+Jt3cwaa7aPeazFollaw+bealJY2atc3YhUoqW8QDSyyxpuUEkZzTi1F7u1vn57Wtr
fZLVu2prD3rtdL38rb6b3Xa176WvofTtFeO/sL/EnTPi58BYPEGk/FbWPjBbX19cCTWNT0u10q4s
pkfZJYtaQ21s1uYXUr5VwhnUkh3Y4r169ge6s5oknltnkQqs0YUvESMBl3ArkdRkEeoPSnUi4aP+
vvsTCXN5f8PboSUV+RPxn+Knx4tv2Fv2yvEt9+0l8U72++D3jW48LeHWt9O8P6XKLWD7A++Waz02
GYzOLqRWeJ4sALtCt81fQPxA/ap8Sfsxf8FJPi/q2tav8Q/HXgHwn8EbDxv/AMIlYS2RGnuL+WG6
ktI5Wt43bybbzSZ5Wk5lCNhljpNxUIVJOykua/Zey9qm/WP3dS3GTclFXcZctu79pGlp/wBvSXyR
960V86aL/wAFL/B+p/FDwB4bufDPjfSrb4k+A5/iFo+uXUFkdONjBDDNcQyCO6e4S4iS4hJXySh3
/LI2Djjf2k/+CnOsfD//AIJ/ePfjL4X+Enj9v7F8Ly+IdEOqPpUdtfWxX9zel4r2QLEFKzGFttxs
GPJD/LRVUqfNzLVXv8nJW++Ml/26+iZNGUarjyNe9a3zUWn6WlH711aPr2ivjzQ/+CuulaX4r0Lw
HrPwj+PM3xKufCcXim80a18M211J9k8+3geaOaC5a1uB/pAlItpZdqq6ELMBCer8Cf8ABUjwf8RP
jTpHg+w8HfEVbTxTqOs6L4a8ST2Vmmj+JNQ0oS/bbSD/AEo3MTqYJwr3MEMTmFyrsME3OlJO2/xb
a35W07fNNebVlqRCopRU9tt+nMuZfhr6a7an0xRX57/Bz/grjb/Ez9nCfxT8YPhx8WvCOn6v8Vj4
K0WXRZYmi89NaaztoJLrTbzfCkUsKJcNcmKKZpGjj+0o+0+pfED/AILH/DzwDqnxUhPgz4tajZfB
LVLTTvGuop4eSytdEjuORe/6ZNA89ui7XYwJI7RusiI8Z30lBtK3W34qD1flzxv0V1rqaPRtdm19
zktPVxdurta19D62or55/aE/4KVeCf2ePGWu6Vd6H408TWvgvQ4PE3jDVNBsoLm08H6XOZfJu7pX
mSaVWEEzeXaRXEoWMsUCkEwftpft1S/BD/gm/wCMvjr4F8Na94pGl+HZtZ020vLF9GnjTYdtzcW9
+IJkiTiRkKeayj5UYsKznJxg52en9fjZ2e2j10dqpw56kaaestvw/Rp97Nd1f6Nor85tN/bB+Inh
T/gon4Y1rWNJ+Nmq6Zr3wNvPEknw0jl0iV7S8g1G0ia5jW3uFst8kSvIrT3bsBLsTYzmGvpSb/gp
F4S134P+CvFvgvwx46+I8vj3w0fF+maJ4fs7VdTXS1EXmXEou7iCGPYZkXyzL5jtlY1kIIGs6fLB
Tb7p+VpVI/d+7lK+ySbezMoT53ZLomvO8YS+/wB+K829L3R9C0V4lrX/AAUE+HGm/sNP+0RaXOu6
98Nl0Qa+JtI0ie9vmtv4ibdF3qUORJvCrFscuVVWI4zQP+CpmgeKvF2k+H9O+F/xgudd8VeEV8a+
FrFtNsLeTxTYYi87yDLeIlvJCZog63rWwJddhcMpMSTjKUGtY7+Wjf32jJ27JvZFJ3jGfSWz76xX
5yivmj6gor5Svf8Agr14C1H4SeCvFfhPwh8SfH0njfw7qHiuHRtEsLJNS07TdPdIr2e4F3dQQgwz
OsZjjlkkdj+7WQAtV+T/AIKt+B9d+IPhfwp4P8IfFDx94h8aeBx8QNEtdI0JLWLUdMPkEbLm/ltr
cy4uEJXzcKflYq7IjNxavptf8OZv5e5PXb3Zfyuwtbeevbt93xR0evvLuj6eor5N8K/8FjPhx8S/
Eng/w/4O8KfFPxf4p8caLqOsabpFn4fW0kDWExgvLKW4u5YLSO7hmUxyRmfCMV3ModCz5v8Agp58
KPiRpXwdnmsvifa3XxF8aSeGdOs4LK7spNE1y0eSOex1WSCVYEMbJLugkkkSYRsyJKq7gcr5lHu0
vvly6d9dO19G1cmUkoyl2Tb8rR5te2mveybSdmfV9FfJGn/8FlPh1qn9rXkXg74sQ+HfDnj2D4da
3rl94fTTbTRtSna3jheaO5mjuTA8tzHHujhd0J3OiIyO3TfHL/gqJ4C+AXjTxVY6pofjvVPD/wAP
rm0svGPifRtLjv8ATfCtzdJG9vBPCkv26Z3WaE4tLWcJ5qbymaSV4qXR7fNRa+9Sj/4FHq0W01Jx
6rf72vvumreTPpGivO/ir+1F4V+DnwWsfHetNrMOlavJY22nWjaXPBqd9c3sscVraraTKkqTySSo
nlyqhQk79m1iPBfjB/wVHOn/AAD+NraH8O/iDonxe+FHhqTWrrwZrSaVHqVpbyQytb6kJFvnsriz
UxszmC5kceWybDJiM516nsoTnJP3b3+Su16pNN9k03Zal0abqyjGP2mkvm7L5N6Lu9Fd6H19RXx5
+xEfEXw3/ZDv/jNe2Px61vxBrnhS31W68HeLPF9hqo1C7jtvOkvbAteTQ2a3RfIhFxDEiooFvCch
vnb4fft8fFH43+Mv2G/iZqdt8U9Dt/iYmtDU/BVhNph0/wAVsNEmure6iW3lJMZeQIn22aFU8kPJ
FER5h6p0XGrKk942T8m+ayXV3cWkkr90tbc1OtGpSVaO0k2u7SSb8lZNXd7dm9G/1Mor5y8F/wDB
S7wr8TPg5oXiXw14P+IOu+IvEOo6npFt4JgtbKLxAl3pszw38Unm3SWcYgdCGka6EZ3IFdi6Buz+
En7a/gL4y/su3vxe029vbTwlpFtfz6qL21aK80h7FpFvIJ4RuKywvFIrKpbJXgsCCcJ+6pSltHV+
nfzXmtDaKcpKCWrdkut1pa3fy30fZnrVFeKaN+2/pZ+FFx4x8R+C/HngvS/IsprBNVgsriTWTe3D
W9nFbGyubhHmmfysRM6uouIt4QkgcXYf8FVPCM41vR7vwT8Q9K+JWha5ZeHZfh/ex6ZHr093ewSX
FoI5RenT2jmhhmdZftYT906lg42VTjJNxtqunndK3rdpNbq6vuJarmW29+lrXvftbW+3mfT9FeK+
Jv21LXw74t8I+GU+H/xD1Dxf4vN/NFoMUWnwXlhZ2M8cFzfTNPdxwtArzQlRBJLJIsqskbjcRj6N
+2X4E8Q/tjWfga70/wCI+g+NLPwBL4tl/tWC80/RLbTWltfMWRGkFtNdI7opdI5Wh2TIZE3MriW1
9tf/ACVSba7pcru9lZ9VYHdX010/FqOvZ3ast3ddHc+gqK+YfC//AAVc8B674h8JxX/hb4keH/Dv
xHtpbrwP4lvtIil03xpstzc+VZx200t2kzwqzRQ3NvBJMB+6VziqPwM/4K8/D/4+3Pwzn03wn8TN
I8PfFrWNR8O6BrutaRBY2T6nZG532ksbT/aUeRLSZ0byTGcbGdJA0Yapyb5ba/k9dH2d1az1vpu0
KUkld7fpa913Vru60sm+jPqyivD/ANoP9vTw3+z58e/Bvwwm8L/EDxT438f2d5eaHZaJowa2vBaw
vLJH9tuHhtEkwgG1pht8yMvsRg9crY/8FTvBevfDPQtX0fwj8Q9Z8Wa/4nu/BcPgaGys4PENtrFp
FJNdWk/n3UdnEYoYnlMjXXlOm0o770DQtVda/wDD8r+56Ps2r7opqzs9P+GcvyTa7pN9GfTVFfJd
x/wWR+Gv/CJfCbUrPwr8V9Uu/jLe32laHptp4Yd7iC/s/tC3FlcylxbRTrJbTR7RM2dpcHyg0ok0
T/grz4L1fxhomny/D74u6Xpmpa9pfhLUNa1HRba1tfDeuajbxT2+l3sD3IvEnxPAjvHbyQI8qqZQ
Q2NI05SlyRV3e3zulb72l6tLdq8ykoq8tLK/olffts3beyb2Tt9YUV8keJv+CyXw78N23xHvv+EL
+Ll1onwi8UQ+FvGGqjw2LWDRZJREVuzHcSxTzWwM0eTBFJJtZZBGYmWRu30X/go74K/4TD4kaF4n
0bxh4Dv/AIZaJB4nvk1yzgY6jpM7TJDe2wtZp2ZXeCRBDKI7gNgGIEgVEfeSkuqv8rKX5O67q76O
1PRtPo7fO/L+ej7NpPdX+gKK+E/20f8AgsbN8Fv2ePjG+g/DXx5onxX+HmhW+sRaD4hXTIZFsLyV
re21lWjvJYZrZZgQ0Qfz1YBXiTOR6r8Uv+Cl+j/BDwLPq/iL4c/FAyeGtFt9f8a2tnbaZdzeBbCU
yhbm+MV6Y5RthlkMdi91KEXcUwRT5fd5nte39eS6vZO6dmmH2lFat30X/btvv5lyrdpprRq/0vRX
ynrH/BYD4cW3xh1/wbpHhT4s+Kbjwvp+lazqepaR4Ull0630zUHZYtRR5GRp7VAu95YUcbQxXeI5
dnr/AOzj+0wP2kPD1nq9t4I8beGNJ1ayXU9LvNZjsTBqdo5HlTRta3M4TzEIcRy+XKFPzohyKFFt
Xt/Wv+Tt3s7bO0OpFWV9/wBbf5q/a6vur+m0V8caf/wU41Hwv+2z+0B4W8ceDdf8MfDD4K+GtM1W
58RyTadNbW4kjvJ5LmVI7lrphOiRJDHFDIwMLeYIi6g+pfB39vjQfid8dIvhtrfhDx38N/GOp6XJ
ruh2Xim2s418SafG6rJc2slrc3CZQuheGVo7hA6lolFEYuVrdVdelm/vsm7b2TeyZU3ytp9Gl5a8
v6ySvtdpdVf3WivkH4j/ALZPjjxZ/wAFGfEv7Pum+E/G+haDbfDptaPi7SbjRmksprmZ4otQVbiZ
nWOIwSRIvkSu0rkvB5arIfPv+CRf/BRafxT+zB+zl4V+Idr8R9V8U/FLR9Qay8a6zHDJYa3f2slx
LPbNI032kSiFGdWa3WB0QiOQ7doVJe0hzx2/4M0/TWD+9LfRFS8JOMulr+V4xkvvUr+STb01Pv8A
or578K/8FJPBfib4y+E/CkuheMtK0v4h3NzZeDvFd9a2y6H4rubdHklhtmSdrhG2RyMhuIIklVCY
2kGCeC/bbl+J/wDw3b8CvC/hT43+O/h/4T+JS6zZ6tpmjaP4fufKksrE3UU8E1/p1zIjO3yyKxdS
oXaIyCWWr5bLe/4X3+78umopSUb3e39f16Nbo+waK+D/AIh/Gb45fsy/tW+HfgPrHxOt/Ftj8dvD
+sRfD7xzqeh2VtrvhvWrKLzmjvIraFLK6TyZN8bLaxjMIV1fJY5mleFPjp4i/wCChPj/AODVr+1X
8W4NM8OfDvS/FOm303hzwc85v7u8vbdlmxogVoALaMhFCvy3znIxSTfK1qpXt/27zXXe65X66NXT
LkuW/Npa33ScYp+avK3k007NH6B0V8RfDrXPjBcf8FdL74d638bfGE/g/Rvhzpvjefw/b6ToAs5r
6a+ntJrXz/7NF19jxDuUCVZsk5lx8o0/+Cpf7Yutfss/ED4Y2eseK/FHwl+EHid7uDxJ8SND0W11
SXQL4NALG1mN1bXUFrBOXmDXEsDqNgUFMlwukHf420vk3H01cWl1eiWrScq/PKnbWKTf/b0YzXnt
JX7a30Ta+yqK8o/ZA8WeIvHPw71LV9a8ZeHfiDpOoao03hjxDoa24tNV0kwQGGX9w7oX3+aHYEBn
DMqohRF9Xpzi42T7J+l1ez7NbNdHdExmpK67v8Ha/o915BRRRUlHzb/wVg/Z1+I/7Xf7FXir4YfD
W18Eyar40jSyurzxNrd1ptvp0KyLL5qC3s7lpnLRhdh8sAMW3nbtaf8Aas+AvxB/aB/YG8f+FNN8
NfDjSfi18RfCMvhe9Mmu3LaVbiWOWEMb9dP+0TpCk8siI1qmWZl+QMXr0P8Aaj/ay8EfsZ/DQ+Mf
iFea5pvhxLhLaW807w5qWtC2Z+FMq2MEzxIThfMdVTcyru3MoOB8K/8AgoN8JPi/qfiXTrDxPd6N
q/g/T/7W1nSvFOhaj4X1Owsdu77Y9pqUFvP9mxn98EMeQRuyCKicYzpTpPWLvfyVtfRW37b6GtOp
OnVp1Y6OL09W1Z+eqSXS/Q+Ovit8GPi54r+LPwV8BeE9S8CeHPjF8MPhfLaeI5NE8fHS7gWNxLBa
xxxXF3oF+Lm1m+xSSFTYRyQyRKROvHm/Uf7BVhqfw++A/gTwV4Z8BeEvDng3wcL3w9qP2Xxlc6st
k9q22N7GVrFDqCSS+YJZJjavG6uNjkEDH8W/F79l/wDbcvdI07xj4T0Lx7exfabvQLDxj8NryW51
BIIWmlutMhv7IPdwiMcT2iyRsXRVZmdA13wh/wAFUPgVefATxn470zUPGdl4D+FrGz168k+G3iOy
i0lopDDLEsUlgruYGQiZYkb7OBmQRjmumVaT5vabu8n85Np+STk0ltd3vdtHNCikoRo/CrRXXaKV
vNuyfeytZ7m1+2D+zT4p+JPxM+F/xN+H9zoR8efCe+vZLTTdduZbXS9csr638i6tZZ4oppLdiFik
SZYZSrRYKMrHGd+zH+zh43/Z0tPHHif+zfB2qeOvi/42j8T+KNPj126ttJ0SFre3tHSznNm8l1JF
BbIw8yGATyMxJgUgL7D8E/jRoP7Qnwy0vxh4ZOsvoWsoZbN9U0W90e5lQMV3m2vIop1VsZVmQBlI
ZcqQT1VRFSpScWrPZ37XjJx9G4pvqraNXd7lJVEuy/O0kn8uZ/reysV4t/wUO+Efjf8AaC/Yy+If
w/8Ah/aeFbrxD470O88PrJ4h1a402ysorqCSF7gvBa3Luybwwj2KH6F0617TRWFamqkHTls9H6df
vNqNaVKpGrDeLuvVbP5Hgfw1+D/xB8O/sR2Wgan4Y+HC/FnSfCH/AAi1v9m1+5m0u4VIRDGWv209
LiOJ9qyMgtm2twN+N5+NpP2aPi18KvhH+yV8C7HVPh1o3x0+GGh6hPa3+jeN306ZrC1t4bJ57a5v
NEvEdZhOoltZdOlH3WWRTEHr9MvEGv3ejX2kw2+iapq8eo3f2a4ntJLdY9Lj8t3+0TCWVGaPcqpi
FZJN0i/JtDMuB8af2dPh9+0loFvpPxF8CeDfH2l2kv2iCz8R6LbarbwyYxvWOdHVWxxkDNb1ak5z
lN/babtpquZpre2s22tmm1o9Vz0qMKcI00tIppddGkrPvpFJa3Vk9Vo/EP8Agn94b8Q/Bn4Q2/gP
RvAvhXTv+Ea8U3lv4quh47udYSeW5Bvri+t7o6ZCby6e4uMSwyQ2iRsZArYRVbf/AGsf2a/GXir4
8fDX4v8Aw1k8N3Xjf4cwajpT6L4ivZrDTNd03UFh8+JrqGC4ktpkkt4JEkWCUHYyMuH3L7p4Y8La
Z4J8PWekaNp1jpGladEsFrZWVulvb20YGAiRoAqqB0AAAq9TqTbmpx0a6/Kz01smr6dm1tYqGiaf
Xdb9b76Nu/Xe6T3Pnv8AZW/Zx8ZfsveFdZuIbHwlrPiX4neO7vxd4wRdYubOw0ZbsKrrYE2srXLR
JFCoWRbcTMZJC0WQlfQF68yWczW6Ry3CoTEkkhjR2xwGYBioJ6kKceh6VJRUSd4qK0skl5JJJJeS
S0vd92xrSTk9btt+bbbb9W30suyR+YnjX/gnV+1P46/Ze/aa+Hs2hfs/2k/7QHi6bxTa3iePtXlT
QxMLRXgdToimcqLQYceXkyHKjbz6pr/7Dnxo+M37XXjzxZ4v0v4W6H4N+InwcX4Y3q6V4sv9R1Kw
nIuJnuUjk0yCOWPzrl4wDIjbEEnDMYl+56KmUYypqlJXSjyryXs/ZW/8A019d9S1UkpOUXZuXN8+
eNS//gcU/wANj4H+Ff7Av7QWk/Ev9nvxPrOp/BbTH+CXgDVPBF3YQNqWrxa758FpFFMsjx2vkiT7
IhdCknlDcoM+8MmZrX/BIXxZqPw0/aE8H+FT4N+Evgv4qeCrjw3pPhDRNd1DVdATU5SzHVjbzW8M
emltxRrezR1YEyM7NgV+hdFa1as5tyk9Xzf+TOTb++TaWydmkmk1nSiqcYxhoouNl/gtyr5KKV92
rptptP43+EX7LPxz0z/goN4J+KPirTfhRD4W0H4aSeBb1dK8TahPqCSvPDdedHDJpyRyIskCxfNN
GWVjLhD+5rifAX/BOf41Wv7T3wp+JPi65+G3ibxD8PPGmuahqHiGfxBqU2qa1o9/a3VvFHFHJaGO
yMCywD7HExgfyA/mhuv3P4I8faP8SNHm1DQtQg1Oyt726055oSSguLad7eePJ6lJY5EOOMqeta9P
2slKMu3Nb/t6Tm/vcn8n5JqHSjyyh3sn/wBux5PvSS+a6an5veNf+CZXx9079ki8+F3htvhBqyQ/
GM/EWxvNS8Qajp5lsxrza0I5RHp8+2ZmK25RQyqFMnmOT5Sw/HD/AIJ0/tIfGLwX+2Fpy6R8EdPu
P2lv7Ni0xj441SVNGjtrOOzdpv8AiTKXYpEJAF43NtJwN5/Sesjxv4+0f4b6PDqGu6hBptncXtrp
0UspOJLi5nS3giGOSzyyIgHq3pzWcXJJQT3/ABbUI/e/Zw+a03NlJqp7Rb3v+MpfnJ/qfmx8cP2f
/iP+1X+0j8RNK8PP4Ct4tN8EaL4M+KWjab8Tn0KLVCYJrmWxupJfD1/PLbrDdAR3UA0+UJcSLuYg
iL6p+MfwYn/bl/4JWeIvh94bttO8FT+PvA82haXFLO13YadugMMRWVFDS2+FUpIEBeMq20E7a9V+
JP7Jvwr+MvjnSvFHjD4Z/D/xX4l0JlbTdW1jw7Z319p5VgymGaWNnjIYAjaRggGvQFG0ADgDgAdq
c5c9OUZaOT6fPbyu3ZO/Lrq7tuYe5UhOG0UrX9Ir/wBtV2t7LTRW+F4f2UP2jof2utI+JUug/BO6
ttI+Et14AS0XxpqkEj3kskVyshJ0lx5KywrEWzuZWMuxTiGvM/hd/wAEbfGnhL4L/A3/AITP4efs
3/F3xX8K/CU3gfU/Dfi6aW+0C/tPtKzwX9peTaVLLa3SkOGQ2jqyybd42hj+mU0yW0LySOqJGCzM
xwFA6knsKzPAvjjSfiZ4L0nxHoN9Fqeia7aRX9hdxZ8u6glQPHIuQDhlII46Gq529bbO/o26j/H2
lRej01SankSVulkvWygl93JB+q7Np+DftIfsn69r3/BNfxt8G/hl4d+Gnh7VvE3hy+8P6fpkLPoX
h3R0vRIjmMW1rKwWJZWYBYF81l58veSvkXgT9kH9oTw5+0n8EPHN54e+DT2nws+Ft/4GvbaHxxqR
kvbycWpSaMnR8CHdYwg7vmAnc4JiCy/ddFRd80pdZb/+Azj+VSXnd+SG0nGMHtG9vm4Se3nTj5ae
bPzI+CH/AASy/aG8Pfs6+Cfhf41k+EOteDNC0DXtDv8ARIvFWqy6bLcX1w89vqjw/wBnxLevGs0k
BtLjEageashZti53gT4cfFz9mj9uf9mHwNpWk/DXXviN4H/Z51LQby0u/El7Z6Ndrb32kwGWO7Wx
kmUnyxIFa1OcMmR98fqRXx7+0N+1H+yV8DP2jtS8a+OfBcb/ABI8G31po9z41tvg3rGs3Gm3c8US
29ous2umyoJWS6iRY0n3fvgmMttrSjWcay87trq7xqQX41n8rRTSUbOUOaEm1r+HxQk/S6prbrd2
bcr/ADwv7Ovjf9jP9v79mjw54SbwZ4z8f3vhv4ieItWXVr640PS9QvNR1CwvLkRSxQXUkEaPMRHm
GQlIgDgksvoXjf8A4Jo/GLw/4e+EbeFG+F/iDXtB+MF58YvGVxqut32i29xeXDXANjZJFY3RMax3
O0SyFD/o6koTIdnX6r+2D+yt8U/2z/hybv4V6lrHxi17V/8AhH9H8ReIPg/faRqegzw2kt7Gr3uq
2dvLCPJEjRrGzMdzFVwHYfbFEZSUKc7WcW7PpZVPaJLyT5dNvdWttBVHzOcG9Jq773lB05N+bTmk
/wC89NEz8zPHX/BN79pfxh8C/jB4ZTR/gZBqXxM+Mdh8TbeRvHWqtBZW1vcWVw1q5/sUM0hbT4kD
AbSJ3bA8sLJm/GT4E+L/ANp/46/HvW9IX4fan8LP7ZsbLx54dHxRPhzT9YutNsrZpV1Bf7AvrjdH
IvlmaK7sRNFBGrxFVLv+otfIPxS+JPwb1v8Aavu9WsP2adT+Lfj7wdqa+HrrxvofgzR7640PVBaL
dRWLXlzNFcxExTx/vwBaxNMFknjO7EUpSTjTjtFJLraypwTfdWhBWdrycWnfR3J356j6tt9N3KTs
+ju2762jzXVtY91+1P8As+3n7c37NXgO80l38JeJNA1rQvH+i2uqxt5MN5ZyJcpZ3ip8wRgWiYrk
oTuAbbtPlHxh/Yh+Lvxl0340ePrvSvhlYfFn4ofD1PhnYaJF4qvpNB0iw33TSXcmoHTVnnmLXW8R
izRQIlTf8xkH2vaTvc2kUjwyW7yIGaKQqXjJH3TtJXI6cEj0Jry7wx+2F4U8Xftd+JPgna2viSPx
j4V0KDxFey3WlS22nvazSCOMwTybRPltwLRBkUxupYMpWpqwjU5qCWk3J29Y2nZ76wjyt9lpZu7K
VWVOMat/h5dbdppwuvKo00u7100If2efhl4y0r9jfQ/A/jm08M6P4o0/w6vh6f8AsLVJ9VsCI7f7
Ok6yzW1tIdygOUMQ2klQz43H5F+DH/BPL9of4Sv+yDYS2nwY1XSv2a7W7sb+ZPFWp21xqkc1g+nq
8SHTHXcIyJyGZRubys4Xzm+wPEn7YXhbwv8AtfeGfglc2fiU+L/Feh3fiCyuRpUi6V9mtmRZV+1N
hHlBdMxx72UMpcIGUt6rW0q05TlX/nd32bi5r8HKS06+hjClCnTVBLSKcV5KSjp80o76216n5f8A
g7/gjl8Sr7w1pWtePvA/7OXj3xN4b8d+KPEVt4U8QX9zrXhrV9O1+5W6niknuNK32l5bSxxiKdLa
YOquCqeZ8v3P8J/gKvwf/Zo1Dwr4Y8D/AAr8GXN3a3Ult4a0TT1g8MWlxMh/cuIoYTNEz/6yTyY2
kDMdi8CvWaKyv7ns7aWSt5JLTzva+t9fVmzk3NTk7tNv5tt/m3tbfyVvzq1L/gjDrXivwL8U/C0E
PgbwF4A1y80bUvCnw8g1K78U+FIb7Tb43f2q4tru3hS2guwI4ZrG2jMQVSwkdjx6HpH/AAThsJ/g
Nq2h3H7M/wCyb4dk8RvD/bfhbw/5lrpmqm2juHt5/wC0odLgmjlW4eEofsjmBTMVZ2ZcfaVFNyfK
4dH+eiv+C30VlZKyFpzc1v8Ahu363Wrbbbbbv8Dat/wTG8fa9+xx4f8AAniiw8EfErxR4fm1G80D
VNZ8bazY6r4EkubndbRWGux2st9Olrbt5fmOkT3HlIreWhIF7T/+Cffxn1n9qvwzqvjLWfBvi7wV
bfBqb4U+IfEb69d2vibV5rgRS3GprZixaBWM0RURm6OVcyF8jyz910UpNSvzK9738+aMoPz+Gck3
e70cm3GNhNp3Wnbpa0oz0Wy96KaXwrVJJN3+IPBn7AnxTfwN8EvBvimP4d3mgfszzW+p+Fb+w1y9
jvPGV5ZabPZWS3sLWW3TIx5oeQxSXpYrwoHynzL4Q/8ABNz9o74f/Cj9m7w1eaZ8E5ZPgv8AEzUv
HGrXEPjXVCL+2unviIYFOjjEijUZs7yFzbx8/vT5X6WUVr9Ym6jqSd25KT85Jp8ztbV2V+lklYiU
IuHs0rKzivKLUlyryXPK3W8nrtb4Z/4KO6n4o0z/AIKbfsgSeDLLw3qviRI/GTW1hrmpTadZ3f8A
xLIMo1xFDO8XHRxDJjH3T1Af+Cefxd0HRtOvrTW/Bmrah4z+IeoeOPiX4e/tfUNE0jV0ubZbeC1h
uYIZJ5Y7RYoD5ckcaXbRkyCMNtH1R47/AGUvhd8Uviho/jjxP8NvAPiPxp4e8r+ytf1Tw9aXmqaZ
5Uhki8i5kjMsWyRmddjDaxJGCc1jftXftjeFv2O9N8HXXimx8T3qeOPE+n+E9POkaW93HDd3s6QR
NcS/LFBEGcZaRwTghA7YU5Uo6RgtZSfL68001H/t6XL5ppNNF1Pef91K/bVRkm/kpS62a3Wit8b/
AAm/4Jl/HL4PaN+zb4dsNL+C76B8DPiLrviu5e38S6hZG5sL6TUEhgtrZdLdI3jh1AnYZNm6BUDY
bzF6L9pH/gnP8afjj8ZtQ8R3l18N/E50L4m6F438Hahrev6jHcaXpllPA8ulR2q2kkFk+1Jv9JhM
jz+aVkCDkfftFaRrTVSNW95RfNfzTjJP74L5XWzaec6cZRlFrRpr5Pmuv/J5b+T3Sa/NX4x/8E4/
2kPib8HP2s/C8GlfBG1m/aJ8UWus6ZPJ421Rl0m3jt7S3dZgNH+aQrZRsAvGZmBOIwX6r41/8E2v
i1+1P8f/AIq6l4vs/hh4f8G/FD4W6X4JZ7HxDd6ze6df2U8t6szWs2mww3FsbmcxMjSoWiiDEAyG
NPub4jeO7T4X+AdZ8R6hBqt1Y6HZy308Om6fNqF5KkalisVvCrSyuQOERSxPAFc7+y/+0VoP7W37
PvhP4leF4tSh8PeM7BNS09NQhWG5ELE7d6KzBScZxuPX14rNaw5N1FJei5HBf+Sxdr9Vc0k9b7cz
b9Xzxm//ACZRv5adT458bf8ABJ3UviJ+xZ8UvBOk/CL9mD4KePPGGgnRbfUvAdgUttYZZoJ0kupk
062mtoi8JBgVbkLuDb3KhTs/E3/gmJqXj79pmb4l+JfhJ+zV8YJ/GmladYeINO8b2nmv4YltRJGJ
tMupNOunuIzC6K0MiW4keEOHj3lF+39e1iPw9od7qE0d3NDYwPcPHa28lzO6opYhIowXkcgcKoLM
cAAk4rz/APZG/ap8Nftp/AfSviL4Rg1u20DWbi8t7aPVrM2d5m2upbVy8JJaPLwsQrYYAjcqtlRV
3LW1+Wz9L3Xy5tdrWt7trE8qjFdL3X/pL9XblW+/W9zwr4MfsgfFP4W/t0fEzx2uj/Ca28D+Ivh9
pPg3QLez1O6SWGXTftLQtNp4sUhht5GumUxRXD+UkKgF9/yaP7D/AOwhrf7K37RPjTX9MsPDPw6+
G+tadHaWngXwzr99qmkS3wmMj6olvcQQQ6a7KzIbe1RkfO9nZsY+rqKFUkpKV9bNet2279935J2a
V0mlKKcXDZNp/wDgKil9yil3tdN2bT+Iv2kP+CXniv8AaJ+Mn7SCz+IPD+meBfj94T0XShdo08mr
6RfaalyI/wBxsWJ4WklhkLeduKo8ewbhIvovw8/Zh+IPxJ/an8DfFT4r2vgjRNR+FeianoehWXhb
WLrU49Ua/wDsyzXtw9xa2xgwlttW2UTBTISZmwBX0xRShJxtbpt9zjf15W16We6TKn717/18P/yK
f39G0fLvxO/ZZ+Jmm/8ABQDXPjL4JPgXVdP1z4Zr4Ok03W9Ru7CaO8t72e6hIeG2mXyZfPKPIRui
27hHNnaPnr4E/wDBNT9oT4ZeAv2P/Depaf8ABqe1/Z31TULjXrm28Zak0mqQXdtdWmbVG0kDesV2
8m2RlBaNU3AMZF/SeilT9yKjul0fX3pS9d5yKqScpSn1krP05Iw/9Jil3Phv9hP/AIJTWX7I3ivS
dOuvhB+zdc2/gu6eTQfiVY6NEnjW+g3N5aXURsFEd0I28t7tL1zJtLeUpche4/bE+Cnx08dftlfC
Dx58PfDfwm1jwz8LI9TneHxF4z1DR7/VLi+tDbFAINKu44o4l+bducyFsbY9uW+rKKbnJ8rb2v8A
O6t+Xa3fe5M7SlKUl8X/AA/53+/ta3yt8OP2OviL8Wf2zPDvxy+N2peELTUfh/pl7pvgvwd4UuLi
/wBO0N7zCXV7PfXEMEl3cPCiIu23gSNS4w5O6ovhz+zx8Z9G/wCCqnjP4vatovwxi+HfibwrZ+EI
fsniu+m1qCGyubu4iu2tm01IS8rXIRoRcYjAJEkpG0/V1FOM+VxcdoqSS/xXv5t+89318lYn70ZJ
/a5bv/C00u28V06ebv8AGXif4DftGeG/+Clnir41eGPB3wU1vw5qXgu18FWFhqnxC1PTL144L6a7
F5L5eh3CRs3nFDCpcDaD5hzgdH4f+Fn7TNxq+q+KvEs/wl1yfWYtQt7r4eSa3qMnh7yHNqlnHHqD
2ZZGRIJ2ldrB/Ma7dQqqqmvqqis4Llio72Ukr6/E25abXbbd7aXsrLQc3zTlN7txb/7dSjHz0UUv
O13d6nyT+x5/wTD074MfBHxr4Y157jwpY+O/Fb+LF8NfDrxTqugaX4RLQxRfYrC7sns7loS0bSP8
sKO8jfuVAAr6b+HHw+sPhX4KsPD+mXGuXVjpqFIpdY1q81m9cFi37y7vJZbiU5J5kkYgYAOAANui
tJTb06WS+UUor1skld3fdkcqvd6u7f3u79Lt3stAoooqCj5T/wCC3lzLaf8ABLT4uSQfZ/tC2Fr5
IuJDHEz/AG632hmAJAJwCQCfY15B+0T+x3r3xm8Y+MPjZ+1CPBHhHwB4Z+Fer+DpdE8D67d6rNJY
3vlyXt9Pf3NpZbCiRfu4lhIXli7fdr7Z+Nf7Ovw+/aV8OW2jfEbwJ4N8f6RZXAvLex8SaLbarbQT
hWQSpHOjqrhWZdwGcMRnBNbHhz4beHfB3gSy8LaRoGi6X4Z022SztNIs7GKCwtYEACRRwKojRFAG
FAAGOlSoq0m99bekouD+bTa66O6s0mO7TTj5X76SUl32cU/w1Vz4M+BOufFz9kf9qT4JfDT4j+Jf
C37Qnw28XTXkPw68b2kRtPFegtFp9y5OoRQk293am0/dfao9pLMrOuWU14Z8IfEHjX9n+x8ffGXX
bSH4nfs7+Evix40fxV4SggK3vhWSPXJ5Br8aK2zUVhGGeCZS0QjEsPzg5/UDwx+yZ8K/BPiLxJrG
jfDP4f6Rq3jKJoNfvbLw7Z29zrkbAhkupEjDTqQTkSFgcn1rB8L/APBPr4C+B/BviHw5ovwR+EOk
eH/FqQxa5pll4O063stZSJy8S3MKQhJgjEsokDBSSRg1s60+dVd5KLWvVuSfvWteyVuZWk2+bSST
GlD2bo2tFyi3bSyjGUfd3tfmvbWKS5XeMml6J4A+IOjfFf4f6R4o8Oana6toHiCxi1HTr+3bdDdW
8qB45FPoVIPNfnl4D/aL+In7L8HjPQ/FGn+NPEnxevPAfiXxl4P1yw8az+JvCfxFFskLpNDZu5bT
pVBttltDAkAE8mx5C1fevwV/Z0+H37Nvhq60X4deBPBvgHR724N3cWHhzRbbSraeYqqGV44ERWcq
qruIzhQM4ApPh9+zj8PPhJ4q1TXvCvgPwZ4Z1zW4YrfUdR0nRLayu7+KJdsUc0saK8iovChiQo4G
Kzqxi5T5G0nFpd1dO2qts7O6te2qvZxqhU5FF1FzNOLa6Oz1Wt9Grrq1fR9/z0+DnhD9pPxZ4Lk8
a+HPin4B0Xwx8Ufh/MtlLd/F/V/Fv9q69J5L22oWputMt49KRt0kMkdrmJGmj2Rb1APR6X418d/F
j4M+JPht4T0jx94Q+J/w+8S6Ta+KfA/iT4t3sk3iGzezmnNvpPiVJZbxTPGrTh2aObFsVkWFWJH2
14O/ZL+Ffw8uPEE3h/4Z/D7Q5vFswuNcfT/DtnatrMofzBJclIx5zB/mzJuO7nrTbH9kX4UaX8O7
nwhbfDD4eW/hO8uJrufRIvDlmmnTzTIyTStbiPy2eRHdWYrlg7AkgmrqTUm+VWWll2alzJPTVK7j
Zq3LZKMUjGnHltd3d3d+Tjy330bsndO/NduTZ8M/8NS6h8R/iT+yDrfhDxb8W/C+j618UfEPhDxT
4P8AEGrw3Dvc21nqby211Ohke6W3uIFjiIuHiKBSQzgMvLXPxe+JniH9kDSf2g9M8a+PLf43x/Fk
+F5vCJ125fRp7VvEr6f/AGJJo5f7KHSzIfzliW5ym8y7c1+gGt/sOfBTxNH4UTUvg/8AC3UF8CRr
D4aFz4UsJR4eRXDqlnuiP2dQyqwEW0AqD1Fb0X7N3w7g+ML/ABETwF4LT4gSwfZX8TLolqNYaH/n
mbvZ5xT/AGd2K0jUipRlbaV/leLtrfSVmmm3ZO15JNSKi5lKPdW/9L7Jbc6d0ldxulFtcv5cfHr4
i/EL4ffDT9sfxs/xk+Kuo6z8F/i9oieFDP4je0srGCZNIeW0ktrQQwT2zLdyxGGVHTaA2PN3St9f
f8Fw/G/in4bf8E1vGPivwj478S/D7WNCuNNn/tHRJ4IJZYZb2C3lieSSNykeyZm3RlHDIvz7dyt6
nqX/AATZ/Z11mLVY7z4B/BW7TXbxdR1JZvA+mSDULlTIVnmBh/eSgzS4dssPNfn5jni/+Con7I/j
D9pn9gvVPhB8JdK8AafNqkmnWkcWt38+k6ZpdlaXEU4WJLa0uC3+oSJYgiKFcnd8gRsOa1KnDrF0
/naMIyb66uN3vo3fz1STrOXR8179m20l6JtLz2R8+ftDfFLUv2Uvjx8ZtF8PfGPxzY+CL34QP4r1
fU73UJ/Ft14J1qa9FtZ3NlHdTHy/tSPKVtVkjgBtwyLEuc+A/tAfEr4pfCr4Dftj6JonxP8Aix4B
j+Hug+EfEegwy+P28T6xYSXouYLqKW/uxcSwCYojtBb3DCNkUxyqHZa/VT4T/sw+B/BnwcuvDf8A
wq/4a+GLPxVCZvE+gaHpdu+j391KgFwH/wBHhF0rEsPMlhVnHLKM4GLr/wDwTl/Z68V6ba2WqfAj
4NalZ2VtDZ28F14K02aKCCHf5MSK0JCpH5sm1RwvmPgDcc6qXJ7rV7WV+9puW66R0iujilora505
N2m+6dv+3YRe/WXLJvS6cnq7tv4//bZ8D6j8NdZbwPovxe+N3iDVpfBviHx5/ZEvjy50FdPmIt0i
v5tYglS4W0t5RIsWnrFcxlrliUEcSKMr4M+NPHH7SX7Sn7KGn+J/i18SToXxS/Z7utd8Q6RpOtjR
4L3UETTAbtZLRIrhJmN1IxkSUMhjHlmNTIH+/tY/ZX+GHiIeFxqHw48B348D2/2Tw4Ljw/aS/wBg
Q+WI/KtN0Z+zp5YCbY9o2gDGOK5iP/gnV+z7Dqdjep8Cvg4t7pdkdNs5x4L00S2lqUdDbxt5OUiK
SSLsXC4dhjBNJTSi4tX3t005a0V/6che9/4a1tyqM8srR96zS363vTb/ABhLt8b0vzOXwB+zD8af
HP8Awrb9jDx7d/Ej4hazrvjL4mar8P8AW21HxHc3FjrOk266zFCk1puFtJPmygf7U0ZuC2cykHFd
B+zw37Qv7VPjjw18Sh4o8P8AhzRo/G2qeHvHVpP8WNcaW5003dzaDSU0BNOjtdPvocwmK4huFnJj
DNK4kJH2za/8E2/2drHTtKs4fgH8FobTQrx9Q02BPBGmLHp9y/l754VEOI5G8mHLrhj5SZPyjHa2
P7Nvw60z4w3HxDtvAPgu38f3cBtZ/E0Wh2qaxNEQAY2uwnnMmAPlLY4FE5RlK77t/eo6eabUr7X5
m2nqm5pu6hppbT1n9zSlFRfTkVraNfk3+yJ4m1j4E/8ABN/4LeG/AOo3kh+KXxP1vRPFDa38TNZ0
eC0thea2LWFNQRLybSTczW0aCW1ijeaUEbxJIZB3Wu/D/wDaD+GvxZ/Z+8A/EL42+IdPsvEnxX1X
QDpHhHxvc6tKmhSaJc3sFpf6pc2Nte3N3CybVlY58t43OZQsi/pK37MPw1fwLr/hc/DzwMfDPiu5
lvNb0g6Da/YNYnlbdLLcw7NkzueWZwSx5JNYd1+wn8EL0eFRN8G/hVN/wgmP+Ea3+ErBv+EexIJB
9jzF/o+HVW/dbfmUHqM1SqJz5pq92r9dPdurdbcrSb6SduXW7qXtJQ0upWtpZtzs7rykrrvFXb05
cL9on4W+MPCX7Dd34M8CeN70+L7DTrLSdM17xRrjW97q8iywx+XcX8ab47m6XMP2iNN6yTh1XcAK
/Pn9q7V/D/7QnwT8A+Gdc074w+CfFHw6/aC8I+GvEWiax8R9S1GTSXnW2ObXVIbsyXEbwlJo55JP
tEckjuBC5xX60+JvCumeNNGk07WdNsNW0+ZkeS1vbdLiF2Rg6Eo4IJVlVgccEA9RXGaf+yR8KdJ+
E6+AbX4ZfD228Crci9HhyLw5ZppInEglE32UR+V5gkAfdtzuAbOeaiE/33tZ6+9CXryzjL8UpK2q
1ura81O3snTjppKPopQcfwdnpbbc+Gf2ev2cNV/a0/a0/aX8Ha3+0D+0FdeEvh54i0JvC50Px/ca
W9vb3WjfaDCbiz8t5od1wpBdmd/IiZ3kcu78d8Kfip46sv2YNY8GW/iL4ieIPjL+yDYeKNR8S+d4
x1a4uPEupW6OdGa+U3Je7tr6OQXawSlox9nMaKqZWv0M8Pfsv+BvgLeeK/FXwu+FXwy0Px74gglk
uLq00y30J9dnLGRUvL23tpJtjSnczmOUgktsY8GP9nT4Lah4I1zxj4y8T2WgWXjf4i3dteaxBo8z
XVpZJb2sdvDapcvDDJcqgR2814oyxlb5FAArNpuEoJ29xa/30lGMk9295PbW13e16UoxlGTimlLb
py6uUWtkne35acyXyOfgTZ+OP2Htd+Idl8d/iD4w8MfEv4P31zqWk33iu8uo9b1T7KLkalZzCdWs
NmJo5LWzWKBlcBo12EN5h+xvpMfwq1T/AIJ7W2geN/HsPh3xp4E1Gx8T6dP4/wBWvNNubn/hHre7
gia3muniidN8jxLGqeWu0IFVUA/SD4dfsxfDX4P6pr994S+HvgfwvfeLHaXW7jSNBtbGXWHYks1y
0SKZiSzElyc7j61Tv/2QvhNqvw60XwfdfC/4d3PhLw5dLfaTokvhuzfTtLuFJKzQW5j8uKQFmIdF
BBY881u6keepKMbKXLZdkva3XmrVNNtIpWSSSw5HyQjKV3Hm17tqFpPs7wu99W3du7f5S/CX43+J
/H/w6+D2j+HP2hPiRc2yftPa14B1a3tPGR1S7vNFa4vpbWG6u5jNenEFrGIiZwDHKzYc7HX0bxR4
T/aI8Z/Er4p+Bvhz4/Wx1n4Aanptn4b8Q+Ovi/rGnXkemLY2ly93qelQaZLbaxDcs1zGbm6lLAow
QxvGXf8AQjxd+xB8FvH9xpc2vfCD4X63Lod5NqGnPf8AhWwuW0+5mkWWaeEvEfLkkkVXZ1wzMoJJ
IBrc8bfs3fDv4l/ELRPF3iPwF4L8QeK/DWf7I1rUtEtbvUdKycn7PPIhki5/uMKmjPk5b663fqo0
0n3bvCWl1pUav30qO83KKSTW3rOpJrslacVt9hO2tjrtNlkn063eYoZXjVn2Z2biBnGcHGfXmvjr
/guDZ2OhfsJs8UVpZm9+IfhCaUoqxmeU+INPy7YxubaoyTzhfavrDw/8M/DnhPxZruv6V4f0TTdd
8UPDJrOo2ljFDd6s0MflxNcSqoeYonyqXJ2rwMDiue+OP7LHww/adttOh+JXw48B/EOHR2d7BPE3
h+01ZbJnChzELiNwhYKuSuM7RnoKlScasKkV8Moy/wDAZKTX4W/G3QIr3HCT3TV/Nxav+J8wf8FS
vBVn4i/a2/Y8gSa40q61X4m3MVzeac6297NEmgaodnnAb1GGddykMgkYoyNhh876H+0z8S9A+Db/
AA50jxBqWv6Qn7RHiH4ay6v4n8f6lpF1HpMVvcXFnZza/FBd3tu7zGKFJwDM2EjEis4cfoz4q/Yw
+D3jufwpLrnwn+Gusy+BIY7bw0994YsbhvD0UZUxx2ZeI/Z1QohVYtoGxcYwKreFf2Gfgn4E8D+I
fDGifB34WaN4b8Xbf7d0mx8J2FvY61tzt+0wpEEnxubHmBsZPrRBqPMnqnfTv71NpvfXlhJbNLne
6vcqXkotaNW17e7VTtt9qcX0vyJ3Ttbh/wDgnB4A+LPww+Ffivwx8XfEeheIL/TPEVwNEXT/ABPe
+I7vSNKljikgsrzUbq2tp7m4i3uBK6b2jMRZmYk18EeJ/hO3wC/Y1/4KFeNPh/8AEL4seEfFXgrx
dqyafqMHjvU9QcJDpel3AV0vZp4zM75RrraLsJ8iToAAP1m+H/ww8NfCbwVZ+GvCvh7Q/DPh3T4/
JtdK0qwisrK2T+6kMaqir7AAV5dY/wDBND9nDTNH1XTrb9n/AOCVvYa75f8AaVtF4G0tIdQ8t/Mj
85BBiTa/zDcDhuRzTc37SU11hyX6/FB8z3u7Qad3rzO73vUJWjG/SanbptNW8viurLSytbS3yT+0
54m+Nn7Sn7RUvwq8EataaRPp/wAMdH8SeGtQuvihq3gu4fUp2ukn1FVstPuhqyQNHbCS2uGEI3je
jmUMnE/EX46/Ef4DftLfFTx20/h/xX8WvCv7JWnapLPoyvc6bf6nDf3rPcQKyo8kBkBkAKqWXHAz
X6I+If2N/hD4u8IeGfD2rfCr4b6poPgtlfw9pt34Zsp7PQWX7ptImjKQEdjGFxU9l+yX8KtM+Mk3
xGt/hn8Prf4hXEZil8Tx+HbNNZkQxCEq12I/OI8oCPBfGwBenFOck5NxVtZv/wACjUitmrfGuazu
+Va7KM0m401CWulNf+AypSlfR3u6btfRczdr8zl+dzv4Q+GH/BSH9mXXNL+Nd/q8/wARPhT4qvLP
XPFnjBtUguL+ePTmS6t1uJWSFZSrt9mtgkAEDbIlw+foH/gmz8RvEHhH4sah8JfiXpfjvSvinpfh
qLXrq7u/HVx4u8O+K7eS48t9TsZp3MtqWl4Ns8UCRh9sSMi7q+ifBH7G/wAIfhlqE934b+FXw38P
3d19qM02m+GbK0kl+1BBc7mjjBPnCNPMz9/Yu7OBW78N/gP4H+DeoaxeeEPBnhTwrd+IpxdarNo+
kW9jJqcwGBJO0SKZXA43Pk4q/axutNLSVu15TkkuyXPZ6Wkopcqai45Sg3Czd37urvrZQTb11bUe
uqbb5mnJS/Ob/gqR8dPEmh/FH4n+IvBXxC8epqvwn1XwjZGK08Sy+H9D8LSXd3A09s9nHMya1NdW
8wdhc23lRIQElDhwOvsdF8eeI/8AgoZ+1Rt+LHxf1uD4S6d4d8XeFvDdprSW9gLmW11Kc6c1vBCq
TWshCRmORWdxsLOzojr9peP/ANkb4UfFjxNqet+Kvhj8PPEus61p40nUL/VfDlne3V/Zhg4tpZJI
2aSEMoYRsSoIBxkU74b/ALJPwq+DnxB1Lxd4Q+GXw+8K+K9ZjaHUNa0fw7Z2OoXyMyuySzxRrJIp
ZVYhmIJUHqBXKov2bgnZ2lZrpJqNmlto437q/V3b6JSjzN2unypp9Unrrvqm1bbrpsviz/gmzbfH
jx38TPhV8WNS8aeE5/h14/8ADEq+JrJvilq3iqfxFqTW6TQ3Vpp9zplvbaVLC6TLLb2rrEFYgqWj
DHuP2nNO8QeNP+Cv/wANPAs/xK+I2leBPF3ww8RXeoeG9G1w6RatPbXNjGk6S2yx3SSlbhz5gm3r
5a7CgMgf6o+H/wCzb8O/hP431zxN4W8A+C/DXiTxOwfWNW0rQ7WyvtWIJINxNGivMckn5yeSayvi
B+xp8IPix8RB4w8VfCn4beJvFotTY/23qvhmyvdR+zlHjMP2iSNpPLKO67d2NrsMYJretNTnGSik
kpaf4ozSXmouSa0VlFJJWVsqcXGMk5O75deuji2/VpNPV6ttt3Z+c37MPxp8cf8ACtv2MPHt58Sf
iDrGu+MviZqvw/1xtR8R3NxY6xpNuusxxLNabhbST5soH+1NGbgtnMpBxWl8IvjD4s8Rftv/AAX1
jQfid8RtW8O/FrxX400TUNY1DxK0Vpq9vb217JapZeHnkuLS0js5LdI0udsM0rQ7pInWY4+57X/g
m3+zrY6dpVnD8A/gtDaaFePqGmwJ4I0xY9PuX8vfPCohxHI3kw5dcMfKTJ+UY2Lr9jz4W6Fc3et6
J8I/hcfEyalJ4itZ30C0tHl1fy2Vbx7hIHdJ2DFTcBWkCs33uhcqsU3Jr+b1tJRTS678z0tdvVat
onGUrxhZaJL1Tm15aKUV6RT0sj82vgl8RfHsP7FPwy+JVr8ZviX4k+Lg+Ntz4Hjg1DxPLcW/iGwf
xLcWc9pNpy4s2eOxD3AkEAeERAqViUR0eCviL470j9jPV/iTD8afiZ4n+LngT483fgzQ4dQ8TyG3
8QW//CQx2P8AZl1psHl2cxktC75NuGi5eMxqMV9X/wDBLT/gnlqX7JHw0v7/AOIXw/8Agy3xbi1f
Wbqx8T+HpXv7y4sr+/nvhayX09hb3ESJJcNHsUSKQgfgtsB/wTG/4J66p+zifFfiH4reAPgyfiNq
Pi3Wte0nxL4dmfV9RtrTU7yW7ezN3c6fazRrE0hQBCyyD5iEPy1pTnGNRN9LSv8AOl7q6a8s2+nv
yunrzGJtJS5esml5q1XV+S5oJdfdVmvs+G2PiX9ov9pP49eMfF3hbxD4V8I3nwu+KUuj6gmq/FHV
7aK30K3u1UWM/hqPTGsne7tCssVy85mZp0ZZFXEY8h/aT+K9h8ZP2PPAHxx8e/EvWtN8VWf7Qmk6
Z4h0e+8TyWug+HLey8Ssi2L6e8v2WFre3iSZrgos7AMzyGM7R+sWq/s2fDrXfi/Z/EK+8A+Crzx/
p0It7XxLPodrJrFtGAQES7KGZVwzcBgOT61S1L9kf4U6z8Rb3xhefDH4e3fi3UpIZbvW5vDlnJqN
08JBhaS4MfmOYyqlSWJUgYxiscNP2UqMrfw5Ql53i4N28pcjuujk3dtycqr2m6rX2uZJdLNTSXX4
eZWeukYqytHl8x/4KTfECHS/hD4K0i28V+KNEuPHvi/TdEs7fwvcC11HxKJPMlewivhcQGxWWKN2
a6SUSIiN5YZ2VT8n/AbU/jL8ZP2N9S0fRvEGseLr/wAD/GfX9KuPDbfFC9sNb8RaHZmby9MtfEK+
XdyTQs8UokkdDKsBSSUIzE/o58Vvg14Q+PHhCTw9458KeG/GegyypO+m67pkGo2byI25HMUyshZT
yDjIPIrnL39jr4Rajout6bcfCz4cXGneJbhrvV7WTw1ZPBqszR+U0twhj2yu0fyFnBJXjOOKzheH
O11vb1vTaevbkkvLmdrNybqbTULaNbvurVE0rPS/PF97xV27R5eP/ZG+OWiftH/sUL4q8PDxelpe
R6tbS23iaYXGqWF1DdXMNxayyKzrIIZkkiRld1KRphm6n4H/AGBJ9Y+Dv7Kv7BHiLwL4v8Y33iDx
sYvDniDws3iC5vNI1DR1sr2a4lGnM5t7eS1kihP2iKNHBIR2feAf1f8ACvhPS/Anhqx0XRNN0/Rt
H0uBbazsbG3S3trSJRhY440AVEA4CqAAK5zwH+zl8PfhZ451zxR4Y8B+DPDniXxOVOsatpeiW1nf
asV6G4mjQPLjtvJxWrkvaTlDRScX5+7zaa30kpNPW6Wmt7rO37pQfRSX/gSST6axsmtEm9bLY/P3
9g7X/wBof9oHxn8LfjRceJfCmi6Dq2q3th4+027+KOr6s9+SJohpsWgSaZHZ6Ze2k6oCIZg22J/N
eXJeuJ/YH8e6t4h+Bf7K/wALJNY8QeHvh78SPEfxBbXdS0TV59Hub65tdSvZLPTkvrd0ngaQvLL+
4ljkcW2ASu8H9Km/ZJ+FT+OPEPidvhl8Pm8S+LrSSw13Vj4dszfa1bSJseC5m8vfPGyAKUkLKRwR
is3Rv2Gfgn4c+FGpeAtP+D3wssPA2s3IvdQ8O2/hSwi0m+nAUCaW1WIRSSAIg3MpOEXngUlJKPLy
q3bp109FfmWm+jVrt3UtKTkna7+5JNL562euyVmtFH8/PF138RfDn7PnxV8U3Xj34n634e/ZS+Lc
cui6nH4t1O2m8T+FYPsFxqllfyW86DUzbI9zGJbgSPutSjMxMoZ/wY8c6l8QP2uPHfwluvFnxWPh
L4+appHjz4balF8QtennTw9bTTf2ktreJdiS1glFqsqrFIB5eqwKQQEVf010j4V+GPD/AMOY/B1h
4c0Gy8JRWR01NEt9Phi01LUqUNuLdVEYiKkrs27cHGMU6z+GXhvT9Y0fUYPD2hwah4esZNM0u5js
Ilm020fy99vA4XMUTeTFlEIU+UmR8oxdOpyyjfVK2vVtRjdvtzTpwk9XvNXblcmp70XbRu9v7qcm
0l00jOcdl9jS0bDvCfgCx8F6hq91Z3GtzS63crd3Av8AWbzUI43WJIgIEnldbdNqAmOEIhYs5Uuz
Mdqsfw18PNA8F6vrWoaPoej6Tf8AiS7F/q9zZ2UcE2qXAjSITTugBlkEcaJvck7UUZwAK2Kybvb0
X5bei2Xl0Ww9tgooopAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRR
QAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFA
BRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAF
FFFAHOfFb4t+G/gf4JufEfivV7bRdHtZIoWuJtxLyyyLHFEiKC8kskjKiRoC7syqoJIFYfwb/ag8
FfHi9msfD+pagmsWlst5daNq+j3uiaxYwM7JHLPY3sUNzCkjI+xpI1EgRiu4KSPKf+CqXwi8FfH3
9m/TPBvjP4gah8LJ9c8Tad/wjPiuznjhl0bXIZGuLGQNIQuWkh2BSQXZwoIZgR8X+Lv2wP2q/wBi
vwp+0F4F+Ir+Dvij8SPhx8JLnxh4Q+Jfh/TfJnubYTCIQ6lYr+7jnVw8yAAKywvjf85rP2sYxnKa
+Hma81GHO0ntzLVtO3u2abbstfZtuMY9eVPy5pqCdt+Vt2TV/eumkld/rLRX5efsseFP2lvih+xd
4n1/Sviz4J0LSfin8PdK1Dwjf3vxM1XxPfprryA3N091c2du1hDdiVIDBasyWsoHkhTT7G5+Knxh
/Y31Xwr4Bs/iF4V+Jvw7+Iq2/jLwB4p+LuqSXficJp6XEml6T4nFw17HDLHJDdRMJVIKukgVCwrp
rUnTnOm942vv/MoN7Xsm77Xta8VdHPQqKrCM1tK//pHOl2u9tWo3T95pXP0M+IX7Qvg/4VfEnwR4
Q1/WPsHiL4jXVxZeHrT7LPL/AGhNbwNcSrvRGSPbErNmRlBxgEniu0r8j9X/AGmtR179tP8A4J4X
ngjxX8Z/D/hrx0fFGj6/4d8S+Lr+5lv20+N0WHUEadoruWG4MyrcPvaRVjJdsKRy3wa/bC+L+g/C
74CfFK/8V+NNS+KnxC/aIu/ht4u8PXmt3M2lf2X9svons001nNrbPbxRROJoYkl+TLOwYg1Touco
wW7k4/P2ipx/GSbd9F30vpVTjT9r05VLt9mpJrW1rKnJJNb2va7t+zNFfgX8Z/2k/ij8KPhd+1V4
y0r4ufFhNS+Fn7S+m6J4biuvGepXNnp+nyXSpLZtFJMVmtnRyDDNvjAUFVU5J/fKCTzYEfOdyg8d
OlY0/foRrraVvxp06i/Col6pk1ZezxEsO94319Jzg/xg36NHzTo3/BXj4GeI/jj4o+Gmm6r8QtT8
e+CoZLjXNDs/hj4ouLzTYkTf5jqmnn5XXHlsMiXegj3l1BxvAP8AwW//AGZviRoI1qw8ea3aeGl1
FtHl8Rav4I1/SNAtL1SAbabUruyitIZQSBsklVssBjJAPz/+x7qEFz/wc0ftcpHPFI8XgDw6jhXB
KsIbbIOOhGRx7ivmP9ivxZ4U0H/g3D/bJfxVc6cNNvfFvjOztkuHXFxeypGtpHGCfmlacxbAOS2C
Kxp1b4dVpK79k52XVqqqdlva6d1vr3NpU74pYeLsnUhC76KdF1Lv/C9OmnY/cq2uo722jmhkSaGZ
Q6OjBldSMggjggjvT6+W/wDgif4E8bfDP/glN8DNC+IUOoWvivT/AAzClxbXwIubSEszW8MisAVZ
IDEpUjK7dp5Fcl8eP+F5f8Lh8Q/8I/8A8Npf2L9sb7H/AMIv/wAKk/sfy+MfZv7U/wBO8v0+0/vP
XtXXi6ao4iVBa2bV/R2/H/M5cLVdWhGs1a6Tt6q59hReLNLn8TTaImp2D6zbW6XctgtwhuooXZlS
Vo87gjMrAMRglSM8Gr9fJWmaZ4d8d/CrR9E+Knhz4t+LvihZtPc6dba3HoaeOtNRzIkcyXvht4rP
To3CyJHP58AOCrSbuK9e/Zf8E/EnwZDrqeOPEh1rR7iZH0C0vjFdavpsWXLx3V3DHDFN1RUURM6C
M77i4Lbljl31/wAn6PvrqvJ6mjls7f5+vp2fpY9Xor44/wCClfji+0j49/CXQdX1b4mw/DTWbHWp
tc0/4bnWG8TS3kKW32K42aPnUDZRs8iyGIGMSTW4lyjYrwGXxr+0npvws/Z4+HnxD1fWtT8SfFmb
XrjVz4m8cHwBdLJbiL+zNLTU9D0x5oZnty9yYQPOd4pVadlUxmI3lG8Vrey899PXRu21ra3djRws
0n2v8kr313S29dLdT9RaK/Lb4f8Ag7456R+2F+zh8Lfi38bvEupx67pHjW017TPCHiuYWd1BZeU1
l52oLa2l9JeRw3ixyThkbfboyeW/mFua+EP7T3xa+K/7PHwA+HyazN4gtvFviLxt4eutX1r4k6p4
QvNZfSNSlt9Ns31yytbq8N09uskuE2ST/ZWLSEb1e3BuKcNb7eavJfLbTe99yYp/a0s7P/wFy626
J9unfT9bqK/KXQ/hh8ebr9qn9n34RfFX9oHxoG8U6H420/W7fwJ4scRLFZrG1hIb82dtdS30Ud4i
yTOMF7aMhVJk32vEvxg8SaV+198P9e8M/E34keI9Mm+Oa/DnUdQ1LxTJY6ZcWcVpLFPpUWiJLJb3
BinjzJqEkNvO0hym5NhJGKlOEE/jtb5zVNX+bTfS2zcrRcTcoUp1GvgTb+UHN72u2oyst9m7R5nH
9OfDXj7R/GGsa7p+mahBe3nhm9XTtUiiJJsrhoIrgRN23eVPE+BnAcd+K16/HfwNrV1+yn4a/aY1
DwJrWrW2ua/+0WPC17JrfxC1a2s7LSZTpnnTvK/2wWjM8yQNfrbPNGtxGN4Cx7fQtR1f44/sweIf
C/w2+Jvj+y0L4afFn4mWOmwXej/EXVfEuteEtJn0y7l/s+TXr22tbtftd9bRpDMSZkSeRElVhGwK
Mfa04Sjo5KnvtzTjTlbz0qK1k3pJWuo8zqyUJzi9oufm+WDmm+17wejaWsXfV2+8f2eP2wvC37Tf
j/4meG/D1n4ltNQ+FOuL4f1n+19Kk08SXLQrMGhWXEjxFHUrIUVXDKyFlIYt+IX7Y/hX4a/tV+Af
g7qFl4nfxX8R7W9vdLuItJk/spI7SJpZRJdttjMgCgeXGXkG9CyqrBq+YP8AgksPDfgD9t39svwL
pvi2bXtQ0jxrpU8cGqa82q6utqNEsow0skzvcSqjgxebKzMTHhnZwTWz/wAFEfB1n48/4KX/ALIm
k6lf6vpun6lH4ytZbjTNUn0u6+fS4MJHcwOk0Ttg4aJ1fj5WBpO37lx1U4xfbV0+bzt73r28wl/y
8i9OVyXeyUvle8fTe+mx9u0V+T/iWx8fT/sieLPiVZfEb4veI9D/AGZPixetpdxZ+NtUifx14Os7
i3a/t7x7e4Qag9uPtaJPKWdjZbWZg0gb7n/Yi+xfE5/G3xe0zxD4k1rQ/idqxn0GG68QXl9pcGmW
yC2hmsraWV4IEuHjluN0CIJFmjJzgVUYKUOe/RP5SUJRv2bUnp0cJrW1wm3F2fdx+cXJS+6yd+0o
3s3Y9X8bfFXQ/h/fW9nqN3KdSvbS7vrSwtbaW6vLyK2RXmMUMSs8hUMg2qCSzqoBLAHlf2Qv2rPD
f7a3wD0n4j+ErXXLPQNauLy3t4tYs/sd4DbXctq5eHcSmXhYhWwwBG5VbKj5U/ah+Fvh3U/+C7fw
L1nVtV8R6dJ/wrjX7oGDxZqWm2rTW+oaWIIzFFcJE0btMweEqY5zsEiybUx86/sJa7q/wa+Dn7HH
iTRfGHi6L/hOfi94p8K6ppX9tzDRr7TprjXZhGbEEW7Ok0EcizFDMCSvmFSFBQhz04yl9p2Xl+8n
TXrdxXayvq3oFZ8qly/Y1fmvZ+0fpZbd32Wp+wNFfmT+yxrf7Rf7Q/xW8G/Fq28TeFfD+nad491H
RfG1lqHxP1e7F1p4vbm1XSP+EbOmJY2V5CfIMcqT+a/lgvJIshx94ftd6b4o1v8AZo8Z2PgrxBp3
hfxffaa9to+p310bS3t7pyEiDTBWMW9iEDqrMpcEAkAHOTtSVTv0+Sa87NNdL76bN0v4rpduvzaa
10umu9rNXad0vRqK/Lrx1+2J4u8E/CQfDvSvD3jbwH4y0/x9ofg7xvZeMvine3VjpVpe2dxNBNa+
JlS9u4obyWOKETsi3CtMo2QMyMML4keCP2iPgl4t+DXhXxl8aNb0PSvEnxvs9EtNC8LeO7rxDcQ6
DeafNcGyv9WvbC3vrmRJbV/LctkRXB3l2EbrcYOU1GOzlGKfRuThba/SonpfZ3tpeZNxhzy6RlNr
soqbf/pDWtt42vd2/WKivzd8b/Do/wDBNf8Aax0zSb/4j/HDxx4U+MfgW98K+Go/FfxP1m/ceKY5
QyQxs9wFiuLyGVRHLEqPEbRzGULtnn/jP8Ovjp4n+MHi34EfDjxndWmrfDLwVo174X1/xP8AGPXt
E1H7ZMty8+szRR2N4dah+0L5bw3kxgQRBBGu4MJvHlUk9Hf10cub5pRUtWrqSei1Ka97lbXTXpry
2895OLsnrFpXeh+oVFfnX+xp4O+IHxo/4KI/FnT/ABv8b/iTq6eAtP8ABHia1sNE15bbQkurq1vZ
bq1jhjgjWWwkPyhJkMjp5bOxdEdfqb/go38Tk+EX7GXjbWW8Xax4GmMMFjbaxpVlHeX8E9xcxQRR
wRySRRiWV5FiV3kRUMgdmUKSKqwcEurfT1tb727aXf32JpvnnypdvxV/wTW9vwPbqK/HX42fE/4n
fDP9kL9t3RtJ+JfxN8ES/CvUdAu/Dq/8J1J4m1fSUu7OAz2r6neLNcASSOzFElLRONscu3IPp37R
f7SXj79ij4vftS2fhLxb4t1+PQvg7ofja0TXtTn1s6PqU15e2t1fwRTOVhjWFEma3iCQAw5WNQSC
kk48ye60/wDAFP0StdXb3XZ3TjdpPzt1/njDtdu8ouyW19b6P7luf2xvC1r+2dZfAprHxOPGN94Y
uPFiXb6W8Wkm0hnhgZVuXwssu+dPliDhQDvKEqG9Xr81/hrpngj4O/8ABbj4Npp3xP1fxTD45+DO
szafJ4k8YSazLqVzLqFhNvtGuJXZfPjjkkEEBEKrA5jjRVavrr/goJ4Z8c+Mv2eZNL+HeoWtv4lv
NUs8WEniWfw1Lr9ssokudPg1K3Vp7SaWFZAssI3rtOCvLCqkeWjSk95OSe9k1VnD1skk3pfra7sK
MuecktrRa21ThGW7aV221vyrvZXNb4pftj+FvhH+038NvhPqdj4ol8TfFL7Z/ZFzb6TI2lxC1tpb
iUTXbbYg+yIgRoXk+ZSUCHcPWK/LDUPiRpH7VX7T37JGnwL8UPB95pPjzxr4e17Sdc8Qm61vR7q2
0KRZ7RNRimlaSLaV2zxTmTEmRIkmdp8HvjRrnxH/AGcfAvw+1b4j/E3VL8fGLxh4VtLKw8SXFlrX
izTNLnvvJguteFzDdWsdvGIJXnWR55hAse2TzGocfcT62v6rmSurXVrSjZptPV6KwOSTu9Fs+6kv
aXWtv+fbVnazsn1t+p9FfkN8JfiR8UPjD8G/2JYNW+M3xJsT4v8AiH4m8F+I4dI8Rq51iztBrIiM
t8IEuriREtIYxOzKWH70oJdrr1HjnQ/2iviN8U/il4L+Hnju103XPgBf6VYeHvEHjT4tavpNyNNj
0+ynkvtT0i20uW11eK7Y3Svc3EmQwcRiJoyzX7H33BvZv7k4pvt9qLtfa/azObZeX4tySXf7Mtbd
tNT78/bK/bB8LfsNfBG58feMbLxNfaLa3dvZMmiaXJfziSdxHGX24SKMuQpkldIwWUFgWUH1SN/M
RWGfmGa/G7/goF8SG/aM/YC/ab8deOvH/iDRvFnw7+I8HhhPDUfiKax0fR9Ng1awW3jl0/esMxuY
h9qFxPG0v7wiN0Rdtfr5oWraZ8Q/A9nfabqEGp6Nrdkk1tfadeborqCVAVlhmiblWVgVdG7gg9DW
KT9j7Tq7P5ShGUbvzu/xtdK7UpWq8nRcyfrGTjK39dnfWyPCPjrSPHkF/Lo9/BqEemX02mXLxElY
rmFtksWehZGypxnBBHUGtavxw/YnmPwb+AngPwf4f8S+NtI0X4qfH/xL4X8ZX48Z6nLPpumQ3+tf
ZY4ZJbhmsJLqaGKJrmDyppmyTI0pDj7c/wCCfeoeLfBv7UX7Q3wyn8SeIvGPw28AalpB8L6lrupT
atqGnzXdkZ7zTJL6d3nuBAfJdTM7yItyFLkbQNFTurp9E/naDfp8at6O9tOZ1Jcs3Hs393PKK9X7
rv5NNdVH6b8R/EDR/CeuaNpmoX0cGo+IJZYdOttrPLdvFC88gVVBJ2xxsSenQdSAeC/ZD/bC8Lft
rfD/AFnxL4RtPEllp+h6/e+G7iPXNLk0y7F1aOEmzbyYljAY7cSqjgqcqK+Xv26/hj4e1/8A4LM/
sp6nrWq+I9NQ+H/Fc0j2nizUdKtw1qljJCCsFxGgUtIwkXG2ZcJKJFVVHzb8OtZ1b4M/C7V/iPoX
jDxhpuqQ/th32g/YbXXZrbSLuwv9eS0u7eezjZYLkMjs4adZHjYZRkHFThY+1qwpv7aaXk/bQpJv
/wACba6LXV6FYhclF1F0kvmvZVajXreCs/yP2Ior8x9P8SftFftKfHzxj4t8LeIvCvhG6+F3xTl0
bUF1b4o6vbRW2g292qCyuPDUemNZO93aFZYrl5zMzToyyKuIx9qf8FDvi94q+AH7C/xa8beCLYXf
i3wt4Wv9S0pDAZwJ44WZX8v+Pbjdt77cVm5WoKs9Lq9vJxUk+1mpW16p/ZtJ2qcniXhluny36X5n
FrTzV9OjXW6Xd/G/4waV+z/8I/EXjbXYdYuNH8MWMmoXqaXp02o3ZiQZYpBCrO5A5OBwAScAEjL+
Dfx9tfjv8Nfh94w8P6D4gm8O/EPRodcgu5vssX9lQTW6TwrdIZ9+9w4UCFZQGB3FVwx+YG+EVp4L
/Ze+IHjnQfjd4v8AG/hD4gfCW/vV0fxB4gl1yK+vBaNK+r2k88rNbxskoR7a3VLZdyFUjxg+L/s0
/Erxf8P/ABr+wPZ6N4v8TXHh/wAT/Au/nuPCMdzGml3t3YaPZPBNsRBJJKxuGUh3dRsQqisGLaOP
J7ZVN4cvy0ruXrf2S5euquk7pYxl7SNOVPad9+q/dW9Le0fNfqtG1Zv9RKK/KL9miT9pL47fDnwZ
8Yl+JGkeDNB8a+FtTi8ZS2nxQ1HXtRutQNhJJF9h0a90lbDSL2zuImDwwsVCLKJPNZBIZv2J/Hvi
681L9hS61v4k/EjxHcfH/wCG2tQeMo9V8V3ssWomHTbe6gniiWRUt7mN2dRcQqkzKx3u7AMKnSlH
mTteO/q1UaXo/ZvXs07dAdSKs+ju16Jxv8/e28rXR+oHgjx9o/xI0ebUNC1CDU7K3vbrTnmhJKC4
tp3t548nqUljkQ44yp61U8bfFXQ/h/fW9nqN3KdSvbS7vrSwtbaW6vLyK2RXmMUMSs8hUMg2qCSz
qoBLAH46/wCDezwRofgn/gnzp66ZqWs3eoX2u65Le21/4ivdUFsqa1qEMRjhuJpFtwyxnd5SoJXV
3bc+5qz/ANqH4W+HdT/4Lt/AvWdW1XxHp0n/AArjX7oGDxZqWm2rTW+oaWIIzFFcJE0btMweEqY5
zsEiybUxNWFqqpRe6lr25YSnt1+Gy1RXNaM5yXwu1u/vqC1+d27fI+q/2Qv2rPDf7a3wD0n4j+Er
XXLPQNauLy3t4tYs/sd4DbXctq5eHcSmXhYhWwwBG5VbKj0yvx3/AGJdQ1r4V/Av9kDXNB8deNdM
k+IHxa8V+EdSs4dbcaVNp88+vSgCxObVpY54IpUmeJpQ2VLshCDQ+Ffjn4o+Af8AgnprXxdb4yfF
/wATeJYfiVqfw+vb/U9aS4sdN0WTxdHZS6k9uIhAlxb20cmydURYhO4wI0jVNXS5qnLHRXtr0bcU
lf8A7fjd7K73trNR+zupO+r+5Opr62pysldvTa5+vFFflj+2/pnjj4CXn7R/w/8Ah/8AEP4ral4G
svgbcfEC1uJPHGq32seENft55Bam31R7lr1YrmOKSQ27zNGwt3woRmVtjxh+0nfeD/29fh9a6F8X
jY6z44/Zw1TV7fTdc8ZzTaJc61Elm9leGymnMCyeUtzI0kaBnjjmckhWaue65OddpO3X3Y1W1bu3
Rkl3Ti+rS29m+dQ81r01dLX7q0W+zTWujf6L/FT4j2Hwf+G+ueKtUg1a607w/ZS39zDpenTajeSR
xqWYRW8KtJK+BwqqSaxv2aPj/on7Vf7P/g/4k+G4dRg0DxvpUGsafHfxLFdJBMgdBIqsyq2CMgMf
rX59/spXfxP8da/o2p6V4h/aGsPh8Phffap8SU8dQ3P2PUvFDQxrHHaSavBJIbZle6kI0iSKzAjh
KtglG5v/AIJk6zq/wXj/AOCetrp/i/xhcWHxW+GOqWOuaRe65NLpUq2mn211avFYk/Z4ZYiWQSRR
rI6HEjSHmulULOcZPZxSt/3Gv8pezTi+sWpW1scrrpxjKK3Tevkqbt5NKbUlr7ytfRs/VLxN4lsP
BnhvUNY1W7gsNM0q2kvLy6mbbHbwxqXeRj2VVBJPoK8t8P8A7bng7xR+1xF8GLK08UP4nm8KHxkl
7NpEtvpUtj5sEQ8u4l2+dIWnXiJXCbWDsjAKfLf+C6Xha18V/wDBI34+x3cmoxix8IXt9GbO/ns2
MkUZdA5hdC8eQN0b5RxwysOK+ch8E/D+uf8ABQDwN4U0rxd46tdIsf2b9VZ72w8bajJqwk/ta1Yh
tTad71THLkgCcbfLEZ/dgx1ywklJueyUnZeVKrP84LT11106Zx9yPLu2l/5UpR/Kb/pa/p/RX5Mf
Cz9or4z/ALYHwQ/Zi8HR6st/d+PfhHLr1xf3fxN1TwFd67q8M8EBlTUNOsbmeeeFP3rW+UR/PLSC
QKFH6IfsO2PxB0f9lLwXp/xV8R+HvF3xD0uyNjrus6JK81lqNxDI8RlV3iiLMQg3ny0G/fgAYroq
UeTnu/hk4+vLKUW/k4v5OOt20sI1b8q7pP0uoyX4S+9PTq/V6KKKwNCrq2h2WvW4hvrO1vYl3YSe
JZFG5GRuGB6ozKfUMR0JrmfhL+z14B+AXh280fwJ4H8H+CtJ1GZrm6stB0a2022uZWGGkeOFFVmI
4LEEmuM/bR/bg8I/sJ+BdD8Q+MdN8Y6jZeINbs9AthoGhzak0dzczJFEZWQbIkLuoBdgWPyoHchT
xHi3/gp/ong/wZe6pP8AC34yS33h+zn1bxNoi6PZxan4V0yK4uIP7Quo5btFkgkNrM8a2rzyyxpv
SNhnCurOXTZvpolJp+STTfRLVl8sm1FK70a+baXzbul3ei1PZPhp+zT8OfgvoOpaV4O8AeCfCema
xdfbr+z0bQ7Wwt764yD50qRIqvJkA7mBPA5qOx/Ze+Gml/CmbwHbfDvwLb+B7gTLL4di0G0TSZBM
SZQ1qI/KIcklsr8xJznNcH4J/wCCgHhj4teMjp/gbw74w8d6Nb2ul3d74h0WKzl06wGopBNaq6SX
KXT7redJ2aKCREjDbmDDbXnmn/8ABZb4eap4b1bxLF4K+LcfgXwz4tfwb4j8T3vh+PT7Lw1eq8Me
+7guJ471YfMnVC6Wz+WQxkEa4Y6ckpS9k1r28k1FXXa7SV+6tuiOa0VUT0vdPzactPOyb010Z7d4
i/Yv+Dvi/wAS+Gda1b4T/DTVNZ8FRQweHr+78MWM9zoMcL+ZClpI0Ra3WN/mURlQrcjBrQn/AGXP
hldfFZPHkvw68CSeOIpluE8RNoFo2rLIsbxK4ujH5oYRySIDuyFdh0JFeU/G7/gp94K+B+qeLJZ/
DPj3xF4U+HN4lh428V6JY21xpPg+V4oZsXKvcJdShYp4ndrSCcRK2ZCmDXNfED/gsn8OfBOs/FS2
s/CPxU8TWvwZ0+x1nxRqGnaDHDZW+nXSyuL6GS7mg+0wJHEZCYQ7SIwaFZgH2qLbSa9fvs7+junf
ZrW9tQcfs27L9El3ttbdPSx6Zqf/AATZ/Z11qLU4734BfBW7TW71dT1FZvA+mSC/u18zbcSgwfvJ
R502HbLDzX5+Y59k07TrfR9Pt7O0ghtbS1jWGGGFAkcKKMKiqOAoAAAHAAryG8/bT0m7+LM3hPw7
4T8Z+NH07S7LV9U1LRYrJ7TSYbzJtRIs1zHcStKquw+zwyhVUlymRnnviJ/wUl8FfDD4i2ul6nof
jI+FpvEkXg6fxtFa2zeHrHWpZBEljKxnF1uMrLGZUt2gWQ7GlVgQBKXMqS3elvRqK09Woru2kt0S
6kXF1b3S6+q5t/RNvsk29E7bEv8AwTQ/Zxn8Q3+ryfs//BJ9W1Tz/tl63gbSzcXfnqyz+ZJ5G5/M
V3D7idwdgc5NWvhx/wAE7f2fvg74vtfEPhH4F/Bzwtr9iSbbUtH8F6bY3lvkYOyWKFXXI9CK8g/4
K1fEHxZ8KNX/AGdNa8NeK/GOk2178WtH0XVtF0SWKOPxFaz+a7QzZTzW5gACLKkbCRxIHGNvd+Dv
+ClHg7xDoHjEat4b8c+EfF/gbWbLQNS8HatZWza415fFRYJCLaea2mS53Dy5UnMYAcuyBH2qi+aD
lD7MnG3XRQene7qJJLq/MqtpNQn1ipX9ZTWvp7Nu70Poeivgv9pf/gsjfeGvBWmW/gf4X+Pj46s/
idofgPxV4b1JtHh1Tw613NDKsZDXxtZmu7ZmWCWKd4QZNzyx7DXZ+Lv+CwmlfD34Z/FzxL4h+CHx
u0U/BCazTxVpc58OPfWsNzbm4W6jEertFLAkewsyyEkyYUOUl8tpXi5rZO34Qd13Vpxd10d9tR2f
ModX0+cl994tW8j7BorwvxJ+3nonhPxHqljfeEPGwtdPstJmttRgGnXVtq15qbhLTTbdYrtpmumY
8740hVRvMoQqxx/Bf/BTLwZ4u8NeJxN4b8caN458I6/B4V1DwJfW1o3iD+07iET21vH5NzJaSCaE
+Ysy3JhCK7PIgR9qs9dNtPO90rW3vdxVt/ej/NG8qaaUk9Hrfpazd79FZPV6aPs7Yn7dX7HOvftD
/GDwr4j/AOFb/Aj40+GtB0y4sP8AhFPiUr2sNjczSI7X8FyLG/UuVjjj8t7YYG4rIu5lbtfhT+wh
4A0H4Dal4A8TfD/4caj4R1nVH1ZvB0WhQTeGNJJCBYLa0lj8sIpjEhYRpvmklkCR79o85m/4LOfD
HTb/AEDR9Q8MfFOw8X634zPgC48Of8I4bq90TWPKSZbe7lt5JLRN8TrIjJcOJE3shZY5Cvsv7Kn7
WejftYaB4nn0/RPEfhbWfBWv3HhrX9C15LVdQ0q9hWOQo5tp54HVo5YpFeOV1ZZByDkB04v2bUFd
b+qbjK/mrzi7625opNJpDqT95Slo9PvtKPy+CSa0u1JtXuxNX/YU+CPiDX9G1a/+DnwrvtU8O2K6
XpV5ceE7CW40y0UOFtoHaItFEBJIAiEKN7ccmm6Z+wj8D9E+FGoeArP4NfCm08Datdi/vvDsPhLT
49JvLkBQJ5LUReU8gCIA7KWG1eeBXy5+3nD8d/gb4j+G2pWX7RfjrRh8Ufi9Z+E30nSdB8NSado2
jXklyYlt2utJluDcpDFFmSaWRd5k+Urtx7tZfs8/GePwlqPh3UP2gfEkVnDeT3dn4uh0XQz4kaEp
CYreaNtOGnLHG4udzLa73UxYaMhiYjLmpyqdLtO/dKE2n0+2nva6et7Xcv3dWNNb2TTX8rc4Jrra
8GrWuk1dJXt3CfsXfB2Pxv4c8TD4T/DQeJPB1vFZ6Dqw8L2IvtEgiLGKK1m8rfAiF32rGVC7mwBk
0/WP2NfhB4h8TanreofCr4b32s61f2+q6hf3Hhmylur+8tzm3uZZGjLSTREnZIxLJn5SK5P/AIJu
/GDxz8d/2QfDfif4hHTrnX724vootQsbY2sGt2UV5NDaagIckR/abdIptqkriUEYBAHrXxDXxG3h
O5PhSTRU11CjW41ZJWtJAHBdHMRDpuTcA4DbSQxRwNp1qXpzd3s99erTb73uk3pe62uiIWkrJW6f
ddJdrdulttDL/wCFAeAze+Kbk+CfCP2jxwqp4jl/se33+IAqeWovDszcAJ8o8zdheOlZmk/slfCr
QPg3c/Dmx+Gfw+svh9e7vtHhiDw7Zx6NPubc2+0WMQtubk5Tk81zeh/tgReF/EGleH/ij4a1T4aa
/rN1Hp9jcXD/AG/w/qtzIY1SK21KJRGHkkkEccV0ttPKytshYDNaf7Q3wl8ffFXXtATwt8VPEXwv
0HT7e7l1WXw/p+lXWpalOfJFsgOo2V3CkKgXBfagcsYwDjNZVPcg217u3lor2+Xbo3sXF3aV7PfW
/XS/zta/4nVfC/4HeCvgjY3Fr4L8H+F/CFtd+V58WiaVBp8c3lRLFHuWJFDbIkRFz91UVRgACl+L
nwS8GfH/AMISeHvHnhHwx420GWRZX03X9Kg1Kzd1OVYxTKyEggEHGQRXxn/wS2n+PX7SH7LPw3+L
Ot/tA+JNfuvEaarFrej634d0FdLjVJbu3t57dbLT7a48xJIoWKvcFGBkz0C123/BPH9pqf40ftG/
F7wzonx30X49+A/BsWnJb6q8mk/2xpupy+ebq1P9mwwQy2iosBSYwg+Y00fmSmN9m0oOU3CTu0r/
AHO3+Vntsr30JTcYuaVknb79P89N7Ju1tT2/42+B/Fkvw4t/Bfw60LwPZaLqljcaReXGoXslmnh6
3aExxyWtjFayR3e0n/UPLbLgD5znA7D4V/DXSPgz8MvDvhDQLZbLQ/C+m2+lafAowIYII1jjX8FU
Vw3x/wD2ttN+BvjDR/Clj4Y8W/EHx1r1jc6rY+GfDSWf2+WytniSe5Z7y4traONGniHzzKzltqK7
cV8v/tt/8FL7jx9+yB8PvE3wc0L4h63p3xA8e6X4R1i40iWw0nVdDP8AakNte6VKLy7t5ba+l/e2
6PHxG2XM0I2SmIOUmox1c5RXq3JxjffRSk1dJ6trV6DlGKs5aKKk/RW5n83GKaV1dJNaXZ9l/En4
C+BvjLd2Fx4w8GeE/FdxpUc8VlJrGkW989ok8ZinWMyoxQSRko4XAZSQcjiuC03/AIJt/s7aMmkJ
Z/AP4LWi6BeNqGliHwRpkY025Yxlp4cQ/u5CYoiXXDHyk5+UY8q/aS8HeL/2Wf8Agld8Sdc8E/Eb
4v8AhXxL4W0DUvGWmzeJ9R07xNrOkPHavcLpU895HepPAjrsJMk0mAQtyRhq4n9ij9pjTviV4e0P
xfpv7Yfir4233hnwrH4n8beDNL0rw1rqiOSzYNAi6NpkN3DcLckFIvNeRvKKGNslgotKU+V25Em3
6qT6X25ZXey3vZ3Cak4QcldT5kvVOKtrbfnjZPe9t00fYFj+zb8O9M+MNx8RLbwD4Lt/iBdwG2n8
TRaHaprE0RABja7CecyYA+UtjgV1Gv8Ah7T/ABXpM2n6rY2epWNxjzba6hWaGTDBhuVgQcMARkcE
A18x/Df/AIKPfD9v2bvhRr/gbw98TfG0nxaW8l8IeGxPFc+I9Tit2kkuZpJdRvEjRI1BYme5BCtG
ijcVjo8A/wDBXf4b/FT4h/DTQPD3hz4m30HxQ1fUvD1hq9z4dbTLCx1TT7eWe6s5jePDLIyCCZPN
to54PMjZDKCpxXs5O9O211bt309dPXTd2Eppr2l91e/y/wAlf0TeyZ7foX7L/wANPC/wy1XwTpnw
78Dad4N1xpX1LQbXQbSHTNQaU5lM1ssYikLnliynd3zXO337AXwI1PRPDemXPwU+Elxp3g2R5dAt
JfB+nPBobu6u7WqGHbAWdEYmMKSUUnkCvGH/AOC1Pw70zwVaatq/gT4waPeXXxGk+FzaW3h+G+uL
XWUmhhZZZrO4mtI4y067WafdIEfYrlcV0Hjf/gqp4a+H3w5uvEupfDT4xQweHNMTWvGNk+jWsV74
EsGlnjFxfxSXS71xbyybLM3MhiUSBCjKxSvyqqnppZ9PhUlr2UZJ32Sa2KlFuTpNXeunnzOLVu7l
FrzatqfRnifwFofjW60mfWdF0nV59BvF1HTJL2zjuH066VWRZ4S4JjlCu6h1wwDMM4JrB+Kn7N/w
7+Omq6Nf+N/AXgvxjfeHJxdaTca5oltqMulzAgiSBpkYxOCAdyEHIFaV5rw8f/DBNV8M6/Z2VvrF
jHeWOseStzCkEihxOqsyqcxnKliVBIJDAFT8zf8ABOb9qG7+NnjP4x2eh/GbSv2ifA3gq4srfRda
t5tIGuPeNBJJdWsosI7a0eEEQiGcxxB2MqlmEe8pJqUo2s4e95qzS2Wqe2una97IjnTjGad1LRfO
732tu7LzdrXZ7/4H/ZZ+GPwy+KGs+OPDfw58B+HvGviISDVdf0zQLS01TUxI4kcT3McYll3Oqsd7
HLKCeQK6bx14C0P4o+ENQ8PeJtF0nxFoOrwm3vtN1OzjvLO9iPWOWKQFHU9wwIqXwfrl14m8K6dq
N7o+peHry+t0nm0vUHt3u9PdlBMMrW8ssJdScExSumRwzDBrRolGy9m9lp5fLpb0KUtedbvXz/4c
8g13/gnt8AvFOlvY6n8D/hBqNlJDa27W914N06aJorVGS2jKtCQVhV2WMdEDELgE1p+Bf2K/g38L
/HD+J/DPwl+Gfh3xLJYjTH1bTPC9jZ3zWgiSIW5mjiDmIRxxpszt2oq4wAK9Moou9fPfzB628tvl
scB8K/2UPhb8Cr5LrwR8NfAHg66jEqpNofh6006RRKwaUBoY1IDsAW/vEAnOK6jxv8P9B+JmhPpf
iTRNI8QaZISXtNSs47uBsqynKSAqcqzDp0YjoTWvRSlquV7AnZuS3Z5LcfsC/Aq6u/DdxL8FfhLL
ceDYVt9Akfwhp7PocSyGRY7UmHMCh2ZgI9oDMT1JNM0L/gn58BfC3hePQ9M+CPwi07RYdSj1lNPt
fB2nQ2qX0Y2x3YjWEKJ1HCyY3gcAivXaKfM/1+d73+/X11B/8D5Wt+WnoeSXP7AfwJvNe03VZvgp
8JJdU0a/k1SwvH8H6e1xY3kkomkuYnMO5JmlAkMikMXAYnPNdP42/Zu+HfxL+IWieLvEngLwX4g8
WeGs/wBka1qWiWt3qOlZOT9nnkQyRc/3GFdpRQm1a3Tby9Aet79d/M8+8afslfCr4kePpPFniL4Z
fD7X/FM1vHZyaxqPh2zutQeCORZI4jPJGZCiyKrqu7AZQQMgGu/iiWCJI0VURAFVVGAoHQAdhTqK
V7K3Qbd9WcTL+zT8OZ/DfijRn8AeCX0jxxcPd+I7FtDtTba/M4AeW7j2bbh2AALSBiQBmtn4afC3
wx8GPBln4c8H+HNC8J+HtOBW10vRtPisLK2BOSEhiVUUE88AVu0UXtovL8Nvu6Ceur8/x3+/qc74
4+EHhP4m6pot94l8L+HfEN74buGu9JuNT02G7l0uZkKNLA0ikxOUJUshBIJGcV5j/wAOx/2bf+Ef
/sj/AIZ7+B/9lC6+3fYv+EE0v7P9o27PO8vyNvmbfl3YzjjOK9wooWmqG3/X9er+84i+/Zl+G+p/
Fmw8fXPw+8EXHjrSoBa2XiOXQrV9Ws4QCBHHdFPNRACQFVgME+tdtIglRkcBlYYIIyCPSloob0sL
rf8ArTb7jzCw/Yj+C+leEfEvh+1+EXwwttB8aTC48QabF4VsUs9dlDh/Mu4hFsnbeA2ZAxyAetZ/
hv8A4J7fAPwd4h8P6vpHwP8AhBpWreEsf2He2fg3ToLjRsSvMPs0iwhocSySP+7K/M7N1JJ9fopp
tO68vw2+7p2CWqcXs7/jv9/U80u/2L/g9qGseKtRuPhP8NJ9Q8dwm28S3MnhixabxDEcZjvHMWbh
TgfLKWHFZfhv/gnv8A/BuveHtV0j4H/CDStU8JENod5Z+DdOguNGIlaUG2dYQ0J813f92V+Z2bqS
a9fooT5bW0ta3y2+67sEtU09b7+fqYHw/wDhR4W+E9tqMPhbw1oHhqHV72XUr5NK06GyW9upTulu
JRGqh5XPLO2WY9SapfEn4C+BvjLd2Fx4w8GeE/FdxpUc8VlJrGkW989ok8ZinWMyoxQSRko4XAZS
QcjiusopNJqz/rp+Wg1Jp3R4Zc/8EwP2ab3QrTS5v2ePgZNpmnyyz2to/gPSmgtpJQgldEMG1WcR
RhiAC3lpnO0Y7j4T/sufDL4C+DdS8OeBvh14E8F+H9ZkaXUNM0LQLTTrK+dkCM0sMMapISgCksCS
AB0ru6Kbbs130Ytmmuhxnwr/AGcvh78C/BV14a8EeA/Bng7w7fM73OlaHoltp1lcM4w5eGFFRiw4
JIOR1rhfH37EPhHR/wBn3xL4U+E3hT4cfDHWr/Q73SdHvrHwpapa6WbkNv8A3MIjzG7sWZVZdxJJ
ya9toqZrmTT6q3ytb8m16FRlytNdHf53vf1ufFPwE/4JZeFReaafF/7OP7Lnw5t9LR7a+TwPZrqj
eLbZ7doWtrwzaZZ7bZmbzHgk+1B2SPLAruPu/hv/AIJ7/APwbr/h7VdI+B/wg0rVPCRDaHeWfg3T
oLjRiJWmBtnSENCfNd3/AHZX5nZupJr1+itHUldO+v69/wCvkZ8qty9NreXbz+evcp+IvDmn+L9A
vdK1ews9U0vUoXtruzu4Fnt7qJwVeORGBV1YEgqQQQcV5Tc/8E7f2frzVBfTfAv4OzXw07+xxcP4
L01pfsXk+R9l3GHPk+STH5eduw7cY4r2Kio/r8/8397Lu9v66f5L7keWXP7DHwSvPhNa+AZvg78L
JfAtjdNfW3hx/Cdg2k29wxy0yWpi8pZCSSWC5J716ZpmmW2iadb2dnbwWlpaRrFDBDGI44UUYVVU
cKoAwAOBU9FNyevn/wAN+QrL+vvCiiikB80f8FS/2bfiR+1V8DvDPhn4b2ngie/03xloviW9fxLr
l1pcIh02+hvRHGbezuizytCI8sqhAxb5yNp4f9qT/gmovxd/bBi+LM3wr+Anxgj8Q6BY+H9c0L4k
W6uNF+yyzyJd6bdHT7skkXLrJC8UYl8uJvMjK4P0R+1P+1l4H/Yt+E1146+It/rGk+FLBwt5qFj4
f1HWEsQVJ8ydbKCZ4YhtwZZFWMEqCwLKDyXwM/4KSfB39oj4iaf4R8PeJNXs/FGsaeNW0vSvEfhj
VvDV3rNmVLfaLOPUra3a6iCjJeEOACCSARTpu6cI62k5Prq4qL++Mfla6s9QquyTnpdJdrpSuvuk
/nezunY8W+NP/BNTxH4p+KXgLWfAugfC/wCG+s+ELzS7eLxx4X1C90LU7HRbMW7vpf8AZdvb/Zr6
3lYXUKwz3CRQxSRMFd1IPh/7N/wB+IP7Ynw+/am+FmnnwLY/DPxf8dfEMHiPWrm/uX1q0tkubSSe
2t7JYDDI0yIUEz3MXk793lyECv1MkjWaNkdQ6uMMpGQR6GuD+CX7K3ww/ZobVD8OPhx4C+H51xkf
UT4b8P2mkm/ZN2wzeRGnmFd74LZxubHU1VKo41HN66SXq5Tpyu/L92tOrbb3dyr71OMY6NSi7+UY
1I/f7+nZKyto18xeOf8AgnZ8QdM0H49fDrwhc+Crj4bftHajfalq+ravqV1DrPhJ72xhs7pLa0S2
khvlIh3R77i28svg+YF584+Jv/BM746Xtr+1LofhbS/hDH4d+M/gTSvAXheXUPGmpLdadb2FrNYp
cXaLpLLveC4eUpG7APEqbmDmVf0hoqPs8j25VF+cUrRX/bq0XXV3u3ctTcZKUdGnzLybak2v8TjF
v0WyufCXxk/4Jz/EX4zaP8ONSj0T4Z+B/ip4TtNK00fEPw94q1SDWNCtbVYmngVUs4hq1vJIsoFt
dNBDtkDMrMvMnw+/4JN2Hw5/aV8W6rdfCH9m/wAeaD4o8U3Pi6y8beItGik8Z+Hrm5mNzLAI2sJE
u1jnLGGU3cDRqyqUfywW+6aK19tLndTq3J/+BNN27axTurPe71d8lBKkqPRKK/8AAU0vXRta6Wex
4J/wUB/Zb8RftN+CvAk/hK+0W28TfDXxrp3jfTrXV3lhsdWlsxKBaTTRJI8CSCU/vVilK4zsbpXh
/wAav+CVPiH9p3QfiB4u8b/8K7n+JHjXXPD2tReHbm3k1rwlBDoyuINMujPCj3kUwnuvMnNvER5y
FYv3WH+z9Q+Jeg6ZrGsadNqlsL/QNOj1bULZSXmtLWQyhJWVQSFYwTAcZPltjpXl+uf8FF/g34d/
Z08J/Fe58YlvBXjzyv8AhHJ4NJvri+1xpFZ1jtrCOFryWTYjsUWEsFRmIABIw0hCWtlzKXpJ8tnr
pd+zja+/K0t5X0knKaurvl5bd4q8rei529P5k29I2+fvHX/BMfXNa+BPhmHwP8L/ANnf4M+LtC8f
+HvGdzoXhEPb6Nqg0u7aRhNfQ6bbyu7xudm60IjIK5YMWHc/Hv8A4Jyah8f/ANqu28T6xqHh6XwB
4x8HL4f+JGieVMsniC6s5Xl0ySFeVWON7m6Z/MYsQkK4YFiPWv2Tf26PhV+3LoWsan8K/Fkfi2w0
Ga3gvp47C6tVhee3S5iA8+KPfuikRsrkDODgggetVrVg9adSOjblZ33lBQ69OVRa7NJozhJWvB9E
rrspua27Sb9dnc+CtK/4JH+KNV/4Jz6R8LPGfiLwh498b+G/EdlrttPr+nf2hoOsw6aUtrCyvoZI
8vE+nwRRykISsru6h8AMfEv/AIJH2PxR/Z5020sfgt+zF8OfFGheJbLxQnhDSNHiv/CHiGa2juYG
h1KX+zrZ5klgupArfZGNu4VgJsEH7wvr6HTLKa5uZo4Le3QySyyMFSNQMliTwAAMkmq/hrxHZeMP
Dmn6vplzHe6bqttHd2lxHnZPFIodHGexUg/jRKpKTlK+rcZP1VrN978i0d0+Xbe9RtDlS6Jpf4Xe
6XZLme1mk7J2sfBvxF/4JxePxJ8E7j4a/CL9mf4W23gn4hWnjvxHonh3VrjTLOVra2ntlSKW30ZP
tUkiXDMZJYYfL8lEAcMZF9h/4J8/s3fFD4CfFb4/a18QLLwFa2HxT8bt4t0geHtfu9Smt0a0t7Qw
XCz2NsFIW1jcMjOCZWXACBn+nq8e+Pv7fXwm/Zh8TrpHjfxW2k3cccE17JFpV7fWuixTyGOCbULi
3hkhsIpHVlSS6eJHKNgnacOnUcW1Hed1683s9F/4Lgl6ebFKPMk39lL5KLm/zqSu/PyR5t/wUw/Z
0+MH7Rus/B4fDPSvhteWXw78caf431CTxP4mvdKluns/MC2kSW+nXQxIJSTKzAoVA8t85Heftd+H
/i/468P6Lo3gbwv8Ote0TUA3/CU2mveMr3QnuI8DFrDJBpd5vhkO4SMyxsyDaAN5K+2RSrPErowd
HAZWU5DA9CK83/aC/a++HP7Lj6RB418SR6fqviKRodH0azs7jVNZ1l1+8tpYWkct1clQct5UTbRy
cDmstIw9n3k5eraS/KMVby83e9ZzVRK7UeXTsnKS+5yk7+fkrbPwMk8bSeBlPjzRfB3hvV1mZINL
8M6pcapY2VsqqsafaZra1aRjgk4t41UMFAbbvbldM/ZIsfAPibWfEXg/xR49sPEutF1kl1/xpr/i
XS7ZJZlkl8jTby/a0hfAIjZIwIs4ClMxt0Xwr/aT8GfGfVpdM0HV5W1y1sotRu9G1CwudM1fTreU
kRSXNldRx3FuHIYKJY0LFHwDtbHc1pO6lzWs/n6Pz1tr36kRtbl/ruvz0OF8F/s86F4X1q31rUZd
R8XeJ7c7k1vXplu7uFioVjAoVYbUMB8yW0cSE5JXJJPQ/ES41+08DarJ4W0/SNW8RLbt/Z9pquoS
afZXEuPlWW4jgneJPVlhkP8AsmtmisqkeeLg9mUnZ8x8qf8ABNb9nr4yfsX/APBP/T/h34k0X4Z6
t438Im7GkLpviu+/srVxNcSXCm4uJNNEtqQ0zIQkFxwgb+LavU/Aj9mDXP8AhqXVvjh450PwV4V8
cav4Yi8KyaZ4X1GfVLd4EunuPOnvZra0e4kP7sKDbJ5YDjdIGBH0FRWsqjdT2vX8rpp/em0/wsQ4
pwcHs3d+dmpL7mk0fOn7QX7M/jaD9rvw38c/hrH4W1zxRpPhW78G3/h/xLq9xpFhe2c91BdLPHdw
Wt08M0ckJypt3WRXxlCoJ8Q+Jv8AwTe+K/hT9nvwp4X+HkPw21/XZvi0Pi74qutf8RX2jWovRqq6
ibKzSGwu2aJv9T5khQqIw+xy5VfvqilTk6fI4O3I7ry9/wBpb05/eafXTbQupaakpq6ktfP3HC/q
oNxXl5nh37e3wo+If7RH7DfjnwF4P03wZ/wmHj7w7c6BOus67c2mm6b9qtnhllWeKymkm8svlVMM
fmAcmOpvgP8ADPx34B/ZK0TTtb8L/D0fFXw54WXw9brZa7cT6Zd+TEI4la/ewS4iikZEd1Fs/lkn
Al2gnt4f2hfB9x+0DP8ACxNY3ePLbQk8SyaZ9lnG3T2nMCz+ds8o5lUrsD7+M7cc12lQ4qUJ9qn/
ALbzR0fk3JPfW6e2hzNSgpaunf8A8m5ZO/qowa20Sa3d/wApvDn7Kfxi+CXwj/Zd+A9vqvwz0j44
fDi21vVNO1HQ/HMunzyaagSJ5oJ73Q7tGEjXfly2smnzqQiSCVCmR6V8OP2MvGVx4R+Ez+A/DXgb
SPGP7OfxI1LVdTsNR8b3eqaV4ok1GyuBfzf2smmpKLoyag0jKbFUSVGjAVMEfbvxp/Z0+H37SWgW
+k/EXwJ4N8faXaS/aILPxHottqtvDJjG9Y50dVbHGQM10nhjwtpngnw9Z6Ro2nWOkaVp0SwWtlZW
6W9vbRgYCJGgCqoHQAACto1pXc3u3f53v8lbRrVNtyTWiUSirKK2s196a+fxOz0aWmt23+cGv/8A
BMD9o7TNCvLOw1L4J+JE1L4+J8ZWjuNQ1TRDZxRXSzCzEi2155zyqqDOyMQlW5n3jZ63+0X/AMEy
rf4i/tl6v8TpfhN+z78ZNN8bafp9hq9j8SLFDeeHZLUPH9o0+c6fd+ajxOu62cQgvEGEq7iB9pUV
lGyhGmlpF6f+ARp2/wDAYRXfS976lS96cqnWV7/Ocql//ApN9rOzTRyGoaRr3w2+C9vpvgjQ/Cmp
63othBaadpdzdv4f0h/LVU2B4Le5NtEFB2qkMmAFXGOR5H8G/wBnDWvAHxs+IXx18UaR4E8N+PPF
nhm00e40fR9Ymm0iNLJ7mZZrnUZLWF5Xdp8NKbRfLjQDbJjJ951Pxjpej+ItN0i6voItU1dZnsrU
tmW5WJQ0rKo5KqGXJ6Aso6kA8B+y1+2f8OP20dE8Tah8ONeutcg8Ha5P4b1pbnR77S5tP1GAKZbd
4ruGKTcgdckKRk4zkEB3lOUpRfvWbv2T91v0baTv1aXUcUowUbe7dK3R295L/wAlurW2fY6H4BfE
bVPi18I9G8Q61ocfhzU9Rjcz2MN215AhWRkDwzPFC8sMgUSRu0UbNG6EohJUdhRXMfGf4w6F8APh
drfjPxPLqUHh/wAO2xvNQmsNKu9UnghUjdILe1jlmdVB3MUQ7VDMcKCQqtSKvN6L8F94U4Sk1Bat
/izp6K5P4F/HHwv+0r8H/Dvj3wTqn9teE/FdkmoaVffZprb7VA/3X8uZUkTPo6g+1dZVTjKMnGSs
0TGSklKLumFFUNB8V6X4p+1/2ZqVhqX2C4ezuvstwk32adDteJ9pO11IIKnBB6imeMfFdt4G8Kaj
rV7FqU9ppVu91NHp+nXGo3boiliIra3R5pnIHEcSM7HgKScVLaSuykm3ZbmlRXkPwJ/bu+F/7TPw
38WeKfA2u6pr9j4GvLnTteso/D2pQ6zpd3bqWltpNMkt1vROAMCIQl3PChjxXm0f/BZr4CyP4eX7
f8VF/wCEs1B9K0Rn+EPi9F1e8Qv5lvbsdMAllTypdyJkr5b5A2nFcrclBLV2suuu339O/QTdk29l
f8N/u69up9T0V5R8a/20/An7PvxF8N+E/Eo8cHXfFyltJh0jwLrmtxXZUMWTzrK0miR1VGdkd1ZU
G9gF+as39mT/AIKBfDL9sDxb4g0TwHdeNL6/8KzyWmr/ANp+BNe0SDTrmMx77WSa+s4YluVEqEwF
vN2tu24BIUU5/Drv+G/3dewSfLrLTb8dV9627ntNFeJePf8AgoZ8MPhr+0np3wi1a48cjx/q6Cax
0+08AeIL6C7hzEHnjuoLJ7ZoIzNGJJhKY4i2JGQgge20LWKmtns+jtv9w3o3F7r9dV96CivE/iV+
3HpPgP40TeCdM8E/Ebx1eaTPYW/iK+8MaXDfW3hY3xItTdoZkuHVgC7G2hn8pMPL5aEMfbKFrHm6
f1/mhN62CignHPpXzSn/AAVx+Ck/iTxRpMM/xUur7wTd/YfEAt/hJ4tmj0SbYJAtzImmlIgY2WQM
7BSjBwSpBqeZXt13+Xf8V947O1+n9f5M+lqK8Z1j/goL8I9P+Enhjxzp3im48YeGfGl82m6Hc+Dt
Fv8AxVLqdwkcsjxxwabBcTEosMpc7MJsIYg4Fcn8M/8AgrR8E/i/qVva6Bf/ABHujdajc6PHPN8L
vFNpaNf2wkM1l582nJELlDFIvklvMLrsClyFNNNNxe63/r5r7xX0Uuj/AOD/AJP7n2PpKivHP2Wf
29fhr+2fe67B8PbzxdqX/CNXMtjqU2peCtb0O3tbqJ/LltTNfWkMbXEbcPCrGRP4lFXvif8Atr/D
f4P/ABJHhLW9a1H+3IbdLy+TT9C1DU7fRLd87J9QuLaCSGwibaxWS6eJWCMQSFOE9LN9dV5ryBO9
0umj8vU9VorJ8A+PNI+KPgfR/Evh+/g1XQtfs4tQ069hyYru3lQPHIucEqykEexrwHxd/wAFb/gb
4B8beLNA1rWPHmmXvgO4SDxJcXHw28Spp2giQkRzXV6bD7NDbuAWW4eQQsg3hynzU5JqXI9+3UFq
rrY+lKK8m8fftw/DL4d6loFnc6/e6xdeJrKPU7CLw5ol/wCIXNjIcJfSiwgm8i0JB/0iXZDx9+ud
+KH/AAU1+DXwj8H+D/EOpeIfEGp6B4+vG0/w/qfh7wfrXiGz1S5ExhWCOWwtJ08ySRWEaEgyhSYw
4BNFndLu7fPa3rfS24rq1/K/yte/pbW/Y97orxuT9vf4aRftOWHwca98Wj4ialp8Wqw6b/whWt+S
tpKpK3El19k+zRR5BRmklUJIpjba4Kiz+1p+11Y/sm2Hgzz/AAj4w8cat4+8Qx+GNG0nw59gW6nu
3t57gbnvrq2gRBHbyZZpRzgYOeF0T7uy83e1l5309SkrtrsrvyVua/py637anrdFeefGn9qLwd+z
L8BpviN8TdS/4QHw7YwQS3x1PbNPYySlVW3K2xlEs29gm2EyBm+6WGDXM/En9tS0+FH7THgD4cav
4D8drb/Ey9k03QfFUR0t9EnuksZ714XX7b9uQiK3k+ZrUIWwAxzmrUJOXKlfW3ldK9r7bfmu6J5l
y83lf5Ld23069j2miiioGFFFFABRRRQAUUUUAfJX/BeFxH/wR4/aHLMAD4OuhyccnaAPzryT4H/s
AeKfG2k/BP8AaL8f+OtN8beI/gx8OGf4e+HPDfhh9EsYJLnTFBa7aS8upbyVlCICjwx5XIjGSK+4
fjT+z34B/aR8LwaH8RfA/hDx9ottcLeQ6f4j0a21W1inVWUSrHOjqHCuwDAZAYjPJq58KPg74R+A
3gm28M+BvCvhzwZ4cs2d7fStC0yHTrGBnYs7LDCqopZiWJA5JJPNRGMoqq4y5ZStytfZsppv1992
7W89HOzlTurqPNdd+Zwdr9vcV11vrtr+VH/BMj9oH9p34o/srw/tFjxF4Z8R2Gq+C/E1xrmkXfjn
Uta1DWfENuJJLJLbR5LOO10ryGgaJra1nIkjlDvucBj0X/BLvxH8dP2if2WLP4p+LPH+k3Pw8+In
w01OTXZbb4n6vqGv3OvLz9ttYvstvHohhVZo3t7KfZGdjD5gXP6T+Af2d/h/8KfGWveI/C/gXwd4
b8Q+KpBLrWqaVottZ3uruCSGuZo0V5jkk5ck8ms3Q/2RfhP4Y03xbZab8MPh5p9p4+8z/hJ4Lbw5
ZwxeI/MBEn21VjAud+5t3m7s7jnOavEPnjNQVuaPKv7rfPftde+rbW5Iae7HlKPuOF3e07t9Wvdt
6Ncuu9+aV2rtP5O/4ID2HiP41/8ABPP4HfF3xl8R/iN4s8VXfhrUdNvY9T8RXN5Y6gH1Jik9xDKz
+ZdRCDYsxO8LLIpyu1Uy/jz481f9pD/gsbrfwB8U+PviN8M/Clh8MoPEng2bwr4huPD9xqeqG7Zb
q7E0ZCXZgjCqLacSwYDs8L9R9wfCD4HeCv2e/By+HfAPg/wv4H8PpM9wumeH9Kg0yzWV8b3EMCqm
5sDJxk45qD4m/s++AvjXqei33jLwR4Q8W3vhu5F7pFxrWjW1/Lpc4ORLA0qMYnBA+ZMHjrXRiKyq
YlVkrRTk7duZS/8ASZS5ltdpbPVc+HpSp4d0ZO8rR178sovX/Eo8r8m1qtH+YHxC+Mf7SH7R3/BT
j43/AA8+HnjPQdIuPg1pnhnUPBl14i8e6h4fsJLCWJJ77UZ9PsrOa31pbj54Xa4KR24KGIK5JHp3
w30bX/jl/wAFnf2oPhhefFP4o6Z4TtvBvhrWLfT9H8ZX0Y0S/lbfJJZbpGW2Vtq7o0QI6vhlKkqf
u/xj+zt8P/iH8RND8X+IPAvg7XfFvhgEaPreoaLbXWo6SD1FvcOhkhz32MM1W8O/svfDPwf8YdT+
Iek/DvwLpfj/AFpGi1DxNaaDaQaxfI23cst2sYmkB2JkMxzsX0FZU52dNv7KlfzbVk+29pPtJXW+
m1Zc6mls+W3lZxb8+jS8pO/Xm/Ln4e/DnTpf+ChX/BS3U5PFfxA0nVvDGiaY2jT2Pj3WNPeB5NAu
rhiFiukEhjdWePeG8gBvL2DIry61t7j9pL9mz/glZ4q8ceLPHWv+JfEvjEWepanN4x1SO6uwI7pj
KZEuFYXG4KvnjE235N+07a/Znxj+zF8NfiHrmuap4g+HngfXdT8TaYNF1i71DQbW6n1awDbhaXDu
haWANz5bkpnnFcbP/wAE2P2dbnT9HtJfgF8FZLXw6XbSoW8D6YY9MLyeY5gUwYiLSfOdmMtz15pU
nyypN7Q9j/5Scr2/x3V+2t7kYun7X2nLpzqqv/BkYJX/AMLi7d79D8u/FH7anxc/Zr/Z/wD+CkWq
+EPGPjrxFf8Aw2+Idlpvh6XU9Yutel8I6fcOi3MtuLp5THHCjyuBjahQEjC8fUH7VWseE/2Q/wBh
ebxD4b/aN+LSaR8SNY8Oy6SLzxBN4svrxbllX+z9Puri4jvLZL9UlzObwCAh3iaMJtr7K+Hn7IXw
m+EWqeIb7wn8L/h34YvvFysmu3Gk+G7Oyl1pWZmYXLRRqZwWZiRIWyWJ7mo9O/Y3+EOkfCoeBLT4
VfDe18Drdrfjw9D4Zsk0oXKuJFn+yiPyvMDgMH27gwBzmppWjThCWrXs033UFFSTvo0+XmV01dtS
UkaSvzScdNajXk5tuL7+7fl0tprFxZ+QuofFrxd8U/8Agk1/wUd8I+J/GHivWrD4S+KdV0vw6Lnx
bfard6Zaoqt9kbUZHFzeQq+5cXDOGXKsCvy16J8WfiJ47+Hnir9jD4C/DnWdUXwh8SvBV3qly+r/
ABT1vQ5NT1iKxt5YbX+24lvL2JIt/mJZxhY3ykeBH8lfqZov7Onw+8N3HiabTvAng2wl8aAL4he2
0W2ibXQI/LAuyqDzwI/k/ebvl46cVn+JP2R/hR4y+FWleBNY+GPw91XwRoRRtN8PXnhyzn0rTymd
hhtXjMUZXJxtUYycUQ0fvNu6pp924QlGTvvduSmnvzRWt9RVVzu60s6jXZc8oyStorJRcWtuVu3Y
5T4QeOPG37PX7BFn4h+Meo6X4y8b+BPDE934mvPC7PdQ6vNZxO0jQbo4i0jiPkGNPnLDAFfkd8V/
2v7A+KvCP7aniOCHxT+y7+0tpVj4R+LvhbSWFy3hO9tZXFi10rbnnEfKSKoiWTDAowlRG/diy0+D
TrCK0t4IYLWCMRRwxoEjjQDAUKOAAOMDjFee+C/2OPhF8N/EGu6t4d+Ffw30HVfFG8azead4ZsrW
41beWL/aJI4w024u+d5OdzepqpTk68q+l910XXmVl0kmrNawcU1fYqFlRVLXs+/RxafeMlfa0r2d
tzzT/glx8Uf+Fwfs7za6fjnD8d/t+ozTRalbx6QsOiW7MTb6cx023hi8+KDyjKHy4kdvuoUWvlD4
U6nefDb/AIOhvibL8Upo7ZPG3w6tLX4VXd+dkE1vE1uby0tGb5TOZRM7ouXxk9DX6R/DH4UeF/gn
4MtPDfgzw1oHhLw9Ybvs2l6Lp8NhZW+5izbIYlVFySScAZJzVb4u/A/wV+0D4Sfw/wCPfCHhfxvo
UrrI+m6/pUGpWjMpBVjFMrISCAQccECrc1HERrwWiUlZ9pRcb6LdXvfW+qe7ZFnKjKlPRyad105Z
qa07aWtol0tZI+Uf+C3fx71z4D/sGfFrxh8KdQFl8UfC+m6fbXmp6eiyXui6bPfwiaRjghCsRmkX
dyg3OABk185ftHfGPxb8L/F/7X/wp8N+O/iI3gTwr8BYPiHpGsS+MtRuNW8N6232p1MGpSTNdqk3
lxyeUZjGBGVVRGxSv1B8EfCDwl8MvAMXhTw34X8O+H/C8ERt49H03TYbTT44yMFBBGojCkcEBcYr
j9J/Yc+Cmg+Cdc8M2Pwf+Ftn4c8TxQQaxpUHhSwjsdWjgOYUuIViCTLGeUDghT0xXPUjelOlHrza
/wCKLSXkoy99f3r97m9OrapTnJfC4t+dpQb+bjFw/wAL8nf8q/gh4j+I3xS+OX7F/hiT47/GPTtM
+MfwIm17xwIvFlzLNrktrbRSKY3kZjZTOXKvc2vlXDKpJk3kvXAfBP8Aat+JnxS/YO/YE8U+IvjH
8SrDVvEPxouvBevavB4tu7R9b0kXN0ohvv3nl3LbYIkEsyvIBnDAsxP6/wBp/wAE5f2etPu9OuIP
gP8ABmG40izk06xkj8Faar2VtJ5u+CIiHKRN502UXCnzZMj5jn5t/b2/4JU6r4t1L4DWv7PPw6+B
HhHwv8LfH6+Pda0W4kfwzZ6vKkHkeQsVjp1xGzSxsQ8rrlRGg2uD8vd7eEsQpOPuyqRl6L20pu/k
qcnG21k7LWxxVKc/q1SEX7zi7PbajyJLzlO0rvra/wAKa+Vf2l/jt8Qfh3+yZ/wUS8IaR8R/iRH4
Y+BOtaRJ4B8Uf8JjqTazpdzcxQS3Onf2mZzdXCxSuF2TSuQJthyNoHtn/BTH4tfEH9jH/gnZ4Y+I
3g/xx4vvdV+KeseDtJ8T6hq3iSeOw0KyljCXNzazFZTpguCUjkniRypcSKvmfMfukfsY/CG5+Cqf
Dq4+EvwyPgJpxeP4W/4RqyfRBcbt5kFqYhCX35bfsBzz1rph8EvBg+E48A/8Ij4Y/wCEFWxGljw5
/ZUH9ki0C7fs/wBl2+V5W3jZt244xXLtGz1d6X/b3s0lK97/AMS2u+m/MdKcXNT2X7z5c9uW23wW
bWq1bS5UfA/jz4G/tTWf7Kl5oUfizwtqmqWXjqLV9D8I6T8W9Z/tTxD4d+xFzoZ8TSQ2uoC680NP
HOeXRAsjlN2eP+PXxE8W/ET9lH4UfFLwVL8ZNb+FHg/w9qx8a+Bx8TL/AMPfEGxEN15MmqJfw3KP
qT2RguY/KuJmjnUqwLvtI/Re0/Zk+G2n/CQfD+D4feB4fAghe2/4RuPQrVdI8p874/soTytrZOV2
4Oeal8S/s5fD3xn4U0vQdY8B+DNW0PQ2t307TrzRLae009rc5tzDE6FIzEeUKgbD0xVObTvHo4tN
67R5XfW70s97815KUZPmFF/DzdE07aby5tNNNbpaWtaMlKKUV+Xfxi/ai+I3g/8A4KhfHt/hn4v+
IGqWbfsut468N+HNR1i8vLOHVyyCG5j0+aRoYpzGiZVEXLM/GXbPV/sV/HzxlY/tF/soeHbXxn42
8Y6N+0H8Fr3xV47Gq+JbzUfJ1CK1s2TULZpZGaxJlkki8u1MUWXyEDLmv0Osv2Uvhdpvxqm+JVv8
NvAMHxGuFKS+Ko/D1omtyqYhEQ14I/OI8oBMF/ugL04png/9kn4VfD3xFqmsaB8Mvh9oer65BPba
je6f4ds7a51CKd/MnjmkSMNIkj/M6sSGbk5NNzXJyJfZktfP29l6fvYa6fwou23Lm4Scbc1neLuv
L2Sb8n+7lZXf8R67834p/sS/tR/FTQfhP+xf4vu/i18Udc1Xxp8eNZ8Fa0Nb8W3+o2upaSZJI1tZ
oZpWjl2bQUkkDSIT8rgYA/QP/g5B8deIPhT/AMEk/iB4r8KeL/FngjxN4dvdKuNO1Tw9rt1pF3G8
moQQOhkgkQujRyyAxtlScHGVUj6B0r/gm1+zroUelpZfAP4LWa6HetqWnLB4I0yMafdN5e64hxCP
LlPkw5dcMfKTn5RjvfjL8BPAv7RnhJNA+IXgvwn480KO4W7XTvEWkW+qWizKGCyiKdHQOAzANjID
H1NEp+5BbuMoy17JU7rru4yl6yfW7fRSkoYuWIa91393prKcrelpRh6RXSyX5FftX678RLT9qn9q
rwzpXx3+MejeFPBPwGt/iPb6bZ+LblJJNb+zShJo7nd59pCHRZWt7R4YZGIDIUJQ5PhT9rr9pL9s
X4i/s7fDLSvFMdnqni39nu28aaXqV/421DwcmreJGYRtfSz2NrcPqLW6qshsJEWCQPI0gYBRX6oz
f8E5f2erm7vriT4D/BmSfU7GPTLyRvBWml7u0jWNY7eQ+Tl4lWGIBGyoESAD5RjYuf2Jfgze+CvD
Xhqb4R/DGbw74MuTe+H9KfwtYtZaHOXLma1hMWyCQuSxaMKcknOTThKKXK9r+n/P5adnFVIWt/z7
jZq0XHKDcIafEuu/Sl993TndPf2jvfVP8+br4eXni/8A4L9/Aw/EbxJfzeI7f4DDV9Sn8OeMNUsd
IuNWj1GFJGtxFNCGtZXUZgZBFMAvmRsRXx78Ofi94s/Z1+HXxP8AHXgvxh4l8O6o37cE2izx2WqS
w6ffWNy224huLdWEVwki7f8AWq+3YCmw5J/fLxF8HPCHi/xloPiPVvCvhvVPEPhbzP7F1S70yCe9
0jzF2SfZ5mUvDvX5W2EZHByK82m/4Jn/ALOFzpE+nyfs/fBKSwurwajNbN4G0swy3IVlE7J5GDKF
dxvI3YZhnk1VGvySg2tFfRaLXERrNW7cseS3a3TQubThKC+0ktdbWoypX83zNT6a366v87/2yP2p
Pid4Quf27vHdz478aeHfFH7Per6A3w60621m4tNLgtLi3hx5tgjC2vkuXkkUm5jlIPCFGRSvX/Hz
43eKfj7+1f8AtHeHviF4p8S+A/Dvww+BNr4k8O6NY69NpVjc3F9ZXBvr+5RGWO8WKQC3EdyJYUKk
hAxzX6I/Eb9lX4X/ABh17T9V8XfDfwF4p1TSYlgsbzV/D9pfXFnGsiSqkTyxsyKJI43AUgBkU9QC
L/jv9n/wH8UfFOla74n8E+EfEet6FFNb6bqGqaPb3l1p8cy7JkhlkQtGsinawUgMODkVx1KKnQ9i
39lx9P3bhzerfvu/XbX3jSlV5KntLdb/AC54T5fRKMoL+7LVdH82f8EFvFOneK/+COXwFl0nULbU
Vs/CkNlM1pMkphuIiySRHkhZEcFSrdCMGuFuv+GiPtMm3/hvzbuONn/CkduM9t3OPrzX3npWk2ug
6dDZ2Ntb2dpbrtiggjWOOMeiquAB9KsV14qr7bETr7czbt6u5y4aHsqEaO9klf0Vj5Ql8I+GPihY
6Xe6NoXxGuvjLaWEFjqvibTptP0rWrK4jjdDHq9/Y40m5khkaTzLVFuokdiUtyMV778AND8b+HPh
Xptn8RNb0rxD4ri8z7Te6fbeRE6FyY1bAVZJFTarypFCsjAssMQIQdlVbWdGs/Eej3enajaW1/YX
8L29zbXESyw3ETqVeN0YEMrKSCCCCCRWcpu0mktdbbJeSXRfe/yNLXau9vm/m+tvkvK+p+b2q/Af
xN+z/p037VHwT0ybVvFeheIvEtl8QvCVgyqvxC0KLXtRZgqjhtRtMs8Dn5mAeIkhgKyNM+MGi67+
zT+w18UBLPaeC734wXmoSahdR+THYw6jHrsNo05biIPLcwR5YgBpAOpFfoX8Ev2avhz+zPot7pvw
48AeCfh/p2pTC5u7Xw3odrpMF1KF2iSRIERXYKANxBOBita9+EvhXUvAF14TufDPh+48LXySxXOj
SadC+n3CSszyK8BXy2DszMwK/MWJOSTVRqOFlHVRlFrpZJ3lG+uje2mjbdneymUeecpy0cozi+vx
K0X01ivvSS0tc8s+Nur2eu/tnfBLRrS8trjVtIbWNbu7OOQNNb2R097YTuo+6hmnjQE4DEnGcHHl
P/BK7WrPTPFf7XV5c3dtb2ln8b9ZluJpJVSOBF0/TyzMxOFAAOSemDX0d8H/ANlr4Y/s8+HdR0fw
B8OfAngfSdXYvf2Xh/QLTTLa9YrtJljgjVXJX5csDxx0rzv/AIdO/ss/9G0/AD/w3mkf/I9RFuEp
Sj1g4/NzhO9vLkS31vfTYORONn/OpfdCUbfPmv5WtrueM3nxW0f40/8ABYP9nPxVoU5n0bxD8IvF
d5p0zFf9Kt3v9JMUy4JykiAOp6lWBIByB9e+EvjFoXjn4h+KPDOlXa32oeDvsyaq0LI8VrNOrutu
xDEiZY1R2UgYWaI87uPPvGv/AATb/Z2+JWunVfEfwD+C2v6oYIbY3mpeCNMu5zFDGsUUe+SEtsSN
ERVzhVVQMAAV3PwW/Z78A/s2+GJ9E+Hfgfwf4C0a6uDeTWHhzRrbSrWWcqqmVo4ERS5VVBYjJCgZ
4Fac0fZxp9I81vPmqSnr6KTXm1fTYGnzuf8ANy38rQjF276x+5n5pfE7S7z9lD4m/wDBQj4m/Dq+
8d3XjrwVaaRc6YJvF2r6pb2jXWkRvNcyWc9zJbziAO8kYljcQpFsjCINo639py18afAL4sRaF8L/
AIwfFGXwr4++EfiPxbr17ceJn8QT6Hd2CW01nqdpNqH2gWiXLyvCYowICufKjjZQ6/c3gD9jL4Pf
Cj4i6n4w8LfCj4a+GvFutCddQ1vSvDFlZajfCd98wluI4lkkEjgM+5juPJyaj0z9iX4M6L4H8R+G
LP4R/DG08N+MJhc69pMPhaxjsdblDBxJdQiLZO25Q26QMcgHqK5Z026Ps07Plcf/ACSUbeibU/VW
7SXRCpFVIzaulK789YP77RcfST1tdPzD/gkz4A1Wx/Y3+HvjjXfH3xC8b658RfBfh/VNS/4STW31
GC2uRp8e+S2VxmEy7gZAGIdlDkb2dmw/2KPENhpX7bX7aF9dX1pbWVj4v0Rrm4lmVIrcL4csNxdi
cKF756V9NfDH4U+F/gn4HsvDHg3w3oHhLw3pgcWmk6Lp8NhY2oZy7COGJVRNzszHAGSxPU15Tdf8
Euv2Zr7WpdTn/Z1+BU2pTTm5kun8A6U07yltxkLmDcXLc7ic55ruxNdVMTUqwVoyTSXZOUZLTrZR
ta6ObDxdOgqcndq133smvlf5nz7/AMEbdL0zxz8av2ofiD4StbZ/g/4q+JBv/AlzHahbS8mWxig1
S/smIwYJ7kOPMj+VyjkE5NdZ/wAEYrKx8Rfs5fEjzorS+ih+NHjO4j3osqpIuuXDo4znDA4YEcjg
ivrjUfBWjax4QuPD13pOmXWgXlq9hPpk1rG9nNbspRoWiI2NGykqUIwQSMYrivhP+xx8IvgLomua
Z4G+Ffw38F6d4niEGs2uheGbLToNWjCuoS4SGNVmULI4w4Iw7DuaxU+XSK0jTjBf9u8lm+3wdOr8
takuaLTesqjm/nz6efx+W3np86/8EgfE+neGfgp+0Bqmo39nY6bpvxs8bXF3dTzLHDbRrfszO7E4
VQvJJOAK818V2HiXx18dfiN8d/2U/iboel+LLjT9JuvHvw78fxg6H4ktRpsFzZ3qvGxuNPlazmVB
KMxs0ZDqNjE/To/4JP8A7LIIP/DNXwAyP+qeaR/8j133xH/ZK+FXxitrCHxd8Mvh94qi0q4S7sk1
jw7Z3y2cyRrGksYljYI6xoiBlwQqKAcACsnH3IxTs4wjBP8AwxUW2no07X5Xp5vRrRzvUqTaupyn
Jr/FNzSvurXautdmktU/Gf2WP2xdR8U/sifBrX/BX7PHxNvvD3irwzaXMNlol/ocdv4ajAEawOdR
1G0mkQKu5HijcNHtPU7a8T8Sad8YfHX/AAUH/a68K/CvR/hfex+JPDnhjTdQ1HxXr95aSaM02n3U
YlS0t7KdbsBGcmN5rfJVRuwSR+iFvbpaQRxRIkcUShERFCqgAwAAOgArz3wD+x98JPhR8UNS8ceF
vhb8OvDfjXWTMb/X9K8N2Vnql8ZnEkxluY41lk8xwGbcx3MMnJrTEKnWnLmXuy5tL9JbJ+XS+j63
ZnTc4KMk/eXLr5rr6+W3kj4R0H/gn94h/Zm8YeFvD37OHxs03QPj38H/AIa6Poeu6P4us1ufDnj/
AEhGu/sr3ECP9otQlwLnE8BJjDBSGzk1Pi78ZL79qT/gnb+z7rWjaXb/AAi8R6t8b9P08CHbqllY
ammq3sc93amXC3Ns9wJJo84VkYDgV+hPxe/Zr+HX7Qekvp/j7wB4K8cWMkiTNba/odrqcLOgIRyk
yMCygnBxkZOKx/ix+xV8G/j1baLD46+Evwy8aQ+G4Da6THrvhex1FdLhO3McAmiYRIdi5VMA7R6C
qnVlUkpVdffjPs9J87s1Zrmeltk3zK2xEqSVN04aXhKF7X0cORXT0dlZ3erSUXpqfPf/AATk+OVx
8MPi7rfwC+Lmk2+j/tAW1kdfuPEEcklza/E/T1k8satbzyFnVlJCPZuR9n+7EvkhdvSf8FK/+Sxf
sm/9lktf/TNqtet+M/2Gvgn8R/HWm+KPEXwe+Fuv+JtHjt4bDV9R8KWF1f2KW5zAsU0kRdFiP3Ap
ATtisH9tn9lTxF+00nw2v/CfjDRfBviL4ZeLovFljcat4el1yyu3S0urbyZIIru0faRdFtyzAgoB
g5o9pedOclqpRbsklZTTulsvdWqWl0+WyaitaSSVWN9JQmle7d5U5Kze7956N62a5rtNv4m/4L56
n4z8Xfs2/GaTxJ8FviBqfhPwlpkMPhTXINQ8PyaHbyyPB5+qSxyakt8J/ne2QC1JjTzCCRMxX3n9
rLxDeeK/2if2GtSv9C1XwzeXnjrUJJtK1KS2ku7Fj4Y1X93I1tLNAWHrHK6/7Rr6u1v4c2PxK+Gn
/CN+PNN8O+MLW/tY4dXtbnSlbTNRcBSx+yzNMBGXG5Ud5CvA3MRuPkfxt/ZH8X/Gz9rX4UeOLnxx
4asPBHwm1abW7Dw9B4VmOqXlzLpt1YOJNQN/5QiAuS4VbMMNgG45zV4eaptU27pO9/lv835dtkRU
vOLls+Wat/iSSXy9bbvVvX2bwf4GsvA41MWU+sz/ANrX8upT/wBoatd6jslkxuWL7RI/kQjA2wxb
Yk52ouTWxXAfBP8AZ60b4H674z1LSrbS7KfxvrD6zfQaZp0en2nnMoUyeUhO+eT70szEvK5JOAFV
e/rDovRfLTb5bL0Ke79X89d/V7vz7hRRRQAUUUUAFFFFAHx7/wAFzP8AgoLr/wDwTa/YD1nx34St
bW48X6rqVp4d0SW7iMttY3NyzD7RIuMMsaI7BTwzBQeDius8E/sJ634X+D0k9h8Z/i5dfFDVdPiN
54o1LxTdX1nc3G0F9mlys2nW0TnKn7NbROqtlXDgNXoP7a37Gngf9vv9nDxD8LfiHZ3N34c8Qom5
7WUQ3VlNGweK4hcghZEcBgSCD0IIJB5j4Gfs5/GL4eaFYeGPFfxr0vxb4S0eGK2tJ7Xwc2l+JrmK
IgIt3fi+lt5CyAK7w2cDtyysh5p0Gkp82knJNP8Au2Xu917129PeTSd+VJGItJQ5dkndd3fR9ttF
rdNNrdnyZ4x/4KgeJPgF+0/+3Hq3/CGa54hvvgB4e0TVW0S++JEh0C/sTFLN5tlB/ZhNhdPA26Vc
zLJIirvUL5h9l+Dv/BUG9+KPxn+F3w98e/Ds+Ao/2gfA8nirwVfWHihtRmn8u1inu7O62W8BtbiO
OYNG8MswdVzujb5R82/8FQv2FdS/ZY+Dv7eX7QPiH4q+GrzSvjj4DOk/2A/hxtNfT5oIVttPjjvH
vpBLIwbYy+QplkdSojxsPqP/AATo/ZDg/aQ8J/s8/H25+Kvh/wAcW3w4+GaeH/AlppekRiDRbu5s
obe+lvp47lheTxtEYfLjS2EYR1ZS+XBSip4dqavywipeUpQradruUYPsk3smGMk44j9y7KV7PX7L
or7knU31a2u0eFf8Ed/+Cqni/wCFP7MXwJ0T4lW3ijx/a/GL4n694HtfFus+K59S1axuY52NqrRz
rI8tttBj3tcK6FeI2U7q+kPGH/Be/wCGPhT9rjVvhsz+G/sPh3xnZ/D/AFGe58UQ2+vy6rcsiCW0
0cxmS4sIZJBHNcmVCjBtsciqWHm/wk/4N+PGXwq+HPwN8NL8ePDl7bfBH4k3XxHtpj8O5o5dVlnd
XNq//E2KogJnG8AnDx8DYTJ9MfAH/gnlrH7LX7W3xQ8c+BviHBY+BPjDqq+IvEHhO98PC6uLfVdu
2W5sr4XCCFJQFLxy283IO1lyMbQcXKDqu9t/O0aVk30u/aq6Td+VtW1c1/jqukrJtuPledW9l5L2
Ts9LcyWtkYn7L/8AwUe8fftO/Fn4n+EtP+DenwXXwj+IsXgvXriLxkJITYum9tThMlnF5jopVmtu
DgnEhO1W9U/b6/bCtv2Fv2bdR+Id3pCaxDZ31lYFbi8eysbM3NwkAuby5SKZre0iLh5ZVhkKICQj
HiuK/YK/YH8Tfsc/Gb46eK9b+Iek+NYPjV4pbxWbO18LvpL6NMVMflCU3k4mjEQjUZRGyjMSd2B7
78TPCl/418KT6dp+oWVhJOGWT7bpyaha3KFGHlTQsy74mJG4KysVBAZSdw5m5KjTtrK0HL/Fyx51
2tzKWq2u7XSSWit7ad/hvJL0vLlfe9mlr2V7at/KPxn/AOCo3i/4CeGP2eNU1z4aeC9Utvjr46t/
BT3Xh74gnU7LTRdSN9kv7WcaegvoJIUeQhhbsp2r82Sy/P8A+2V/wWP1/wAV/sGftWao/wAP9Z8M
zfArxzH4D1O48KfEmTS9VuImuI4xf2N6dMcwy73jBiaIjY0n7zIAb2HxJ/wRMspP2Y/hz4M8NeNt
L8KeI/hn8S0+Kek3dp4YY+HYNRE0kr2kWlC7V4bA+a4SFLvcnXzG5B8++I//AAQG8W/EH9n79pL4
fP8AHbR47P8AaP8AGtv4y1C+l8APJc6Q6TiaS3jC6kiSKzxwBWKqVVJAQ5cFNZcmtl1dvS9BpfJe
2V9G99+W2tBwU4Oo9Lq/p++u/K/7ppXdtm371++0P9uf4u+Kf+Cxfhj4LaRoHhSTwDafCuHxjfNe
+I7iK9mjury3hNy22ydZbiHy3VIMxo4md2nU4Rfrv42/FLXfhToNneaF8N/GvxMuLm48mSx8N3Wk
W9xartJ81zqV9ZxlMgLhHZ8sPlxkjwrwH/wTh1fwb+3J4Q+O0nxEt7jXtM+HEHw78R6fD4d8q11m
OG4W4S5tS1y7WZMikMjm4yjYVkYb691+Nv7N3w7/AGmNBs9K+JHgLwX8QNM0+4+12tn4k0S11a3t
ptpXzUSdHVX2sw3AA4JHQ1pXcOSMabu053fde0k49P5OW3XppZJcdFSTfPtaP38kVL/ya/l1V+vB
eH/jr8Q/jPeP4ePwa+Mfwie8jLx+KNYuPCV9Z2Dphwrw2urXcriTbswsJ4c/NGcOtK5/ag8Xfs++
KfDfhv4r6Lpery+Jr2LTNM1/wcWkF7MwQb5tJkdryAbixP2drxI0UvJJGgYro+Ff+CcXwO+F2qHV
vh/8Kfht8MfE6IYoPEPhLwhpWmataRtxIkU62xKCRNyMRztc4IOGHovw7+DPhv4WNcS6PpoS/vlV
bzUrmWS71G/2jC+fdSs00uB03ucdBgVkmk126+f+WnVW807Gmtmvu8tvL8Hf1Rj/ALQ3wDT9ojQd
F0e78T+MPDelWOqLf6gvhvXb3Q7zVYlhmRbY3lnNDcRR+ZJHI3luC3khTwxr4e/YC/ZEX9oS0+Ms
mqfFH4/x3fgf4y6z4f02Rvi74qmRdHtJYALFo21HawaJ5EEx/fKWVw5Kiv0b1KO5l064Szlhgu2j
YQSzRGaON8HazIGUsoOCVDKSOMjrXzN+xF+xT8T/ANkbw78WoNR+KXgjxbqfxJ8Rah4vsrmLwFc6
dBo+qXmDJ5kX9qym4tQyRlYg8UgAYGY7gVil7tWcmtOR28589Nr58sZLXSzts2XWblThFPVTV/8A
Dy1E/wDyaUX30vukcR/wQ88M3U37O3i3xJq3iv4jeLNauPHXiXQvP8T+NNW19YbOw1m7trWOKO8u
ZY4isSKpeNVeTALsxAry39rz9o++/Zu/bU8a3P7QOt/GP4cfD3Vmtovhd8RfC2rXo8H+H/MtoYXh
1W1t2Nubo3bO4fUbeaApjbsCkn0z4C/8E8v2jP2b/gVr/gHwv+0T8L7O08Qatq+tPqp+EN4+p2Nx
qV3LdTtAx18wjZJM/l74X2gLu34yfQNR/YX8deGvBXiLwp4L+Kuk2PhPxcyw6lpviXweuufYrUWM
Fk0VgyXdsIndId5a5W6TzHJEYGVLq+9r2ila7V3ZJ6rWL3akr9bpp2ZBpSd9pSk/RXbjo7prZcrs
rLdWR7n8DEuYvgp4PS81u28S3iaJZrPq9vcG4h1SQQIGuEkPLrIcuGPUNnvXxp/wWC1fwv8ADn9o
L9mnW/GnxN8ZfDXwX4j8W3fh7xRdWXxL1fwjpM1mNJv7iFZ2tby3ijb7UkP775XOFQuU+WvYPAX7
Tf7Mn/BPj4feHfgpe/HP4U+E5fhrpNpoiaV4j8c6da6rbRRQIIzPHNMrq7JtflQCGBAAIrnvix8O
pv8Agoj8VPhD8U/gz8d/hPfeEfhFr8+pR/YNE/4SuHUr97Se0nie9tdUhjjUW12cRiMur7XLMp2V
0VZQniOeGsea97aWvvZbXTtptfZmFLmp4dwnpLkatfVvl0V31vrdvpe58tfDv4xfHj4i/s5ftAwf
BTXfHfxc+GPhHx9o8XgnXP7Y3+IfEvh0LDJrdnpmqz/Ndsh8yKG6d2kOXCytIFYe1/sOfFD4a/ti
aR490nwL8Ufi6+g6d4ei03WfAXinxPrVh4z8D6h5skryvczSjU0MilV8w3Uir5W2NgpZa+tfj38H
tQ+MWi6HDpfinUfCGo6BrEGswX1lbRXDu0SSL5LLKCpik37XGNxQsFKMQ6+OeHf2HPHUfxd8U/Fj
XPiB4H1D4w6r4X/4Q/R9UsfA9xY6FpdgbgTsZ7A6nJPdylx99rxAoACKmX38s25U5wt9lq/2m1TU
U79VJ3unblk5TUrtqW/WLTtqn5K9TmaS6cqtZrdWha2q+H/+Cbvi6L9vT9nv4efBTVfij8dvAfjG
HTbHx5rniHUPiH4gt/E3jVWBSQaRPJclH0/AEc212SN9223SRluV/WrwZ4UtvAnhLTNFs59TubXS
baO0hl1HUJ9Ru5FRQoaW4nd5ppCBzJI7OxySSTmvhTWv+CM3jTWv2Bfh38Ih8Y/Cum+OfhHq1re+
DPiLp3gG4ttT0K3gOTGkX9qnM0p3JJIJRE8TFDATh6900b/goL8J/gNaN4R+Mn7S37PQ+JGhyNBr
KJrdj4ZMb53IrWFzqFxLA4jKZDSnccsAoIUdderCTmoveTf+JWVmu3Kny8uytdaSJmveUorS3/gO
90+937yer1s/h18r/wCCm3g+X4RftMfAP4xTeM/iXpPgtPGVr4X8aaTp/jrV9N0SWC9jeCwu5rSG
5SACK+Nur/KFkWUiQOAMeF/srfHa2+CXx4/bW8A6v4g+MfifSNKsP7X8Btr/AMQNav7vUNPHm6bc
WmnTS3jSwtHq0UsCzxsk5MqZchYyPtr4++A/h3/wVU/Yf8aeEfDPjrw54h8K+OtPn0y18S+Hb6DW
Lawu0YGO4jeGTY8kE6o+0ODuTGV61wmr/wDBJnw3rPxP/Z58UTeJtSku/gZYTaffrLbCRvGyuYZ1
a7Yv8rLqEEV7nD5kB6Z3VhRglelV0i+ZP/DNJ3X96M47veM2lonap1Np09ZKz8rwk9Ht8cZOKs/d
cE3q0zwn9pr9k2/+DXjP9i/wVcfFT49z3fiXxQ/hzxfeQ/FnxLDJ4hjTSL++kEpS+GM3UYIddriM
LGGCKALf7VH7JS/CT9qf9lzwwvxQ+Pt9F8S/GGsWXiyRPi54ptI9XjTSL28REii1EJaok0cZVYAm
FQKSRkH6D/be/Yr+JX7T3xx+E3i7wj8UPBvgi1+EesN4hsLHU/A1xrkl9fPbXFrIJpk1S1HkGC4I
EaRhww3eaQQod+1n+xZ8R/2h/wBpr4OePtD+Jvg7wvp3wf1CXVrbSb3wPcapLqd1PazWlwZLhdTg
CRmCZgiLHlHG5nkHyDWNRSalPS8235Jpa+l09Fr5GcouKaTvanZecvet211jrtpvoj51/ax+FOm/
scftSfs1W2p/ET9pfXvDOqat4hTUbPSPF3jLXrvUbeGCS8sYJrOwuJ57oQSyBTKY2Z4kVZiyLgan
wO+I+l/H7/guLfy6Fr/x+sfDNl8Ml8Rv4d8S3Pi7w1pZ1U6j9kM6aTqX2eJ4vs5C7UgMG/LbfNBY
fQf7SX7I3xI+Mv7XHws+JHh/4k+DfDejfC6S6lt9Ev8AwTc6pcag13Abe633aanAqgwkeWFh+R8s
xlB2Dm/iN8ANb+C/7eupftP+MfjV8NvCvw803wqvhG90vWPDTWEdnppuROryatLqixJObpwPMa3C
FGCeXuPmVlRny1Kc6jsl7S/leEkm973k4vvdJvVK6qwcqdSFNe9Lkt52qRlJLa3u8yttZ8q0en1h
XwH/AMFWP2iPiV4H8XL42+HWs6xaeEf2YrnTfFXj3T7B3CeKYLmTZc6dIAQHFtpxluyjZG6W2bAK
g19CaX/wU3/Z08d6lb6H4a/aL+A+oeI9YkWy0u2g8baZey3F1IdkSLBHch5WLlQI0IZicAgnNeU+
DP8Agjt4U174b+OH+MWhfAb4zfFfxfe398njnWPhRCLiJrgHyUnjlvJppUtyQkaxXMGIY40G1lMj
Q/aRaqxXw6q+0pJq0fNdXdrobx9m1yTfxaPuovdp9H0Vk3q2tUjB/wCC3Hie1l/Y08D/ABI0Dxf8
R9IhXxh4ZhivPBHijWtOk1LS9R1OziuU8jTJka7MluxEYCSSKX/dYZudr4FaX4b8Ry/E25+A2sft
C23j/wAPeEpbeysPirq/jH+yZ7y9EjWU/wBj8Ru02Y5bMjzoY1TbLIu5zkJx6/8ABI/41v8AsPfD
34G3X7Q3gXUtH+HGsaVqenard/C26a9lh0u5gubG1fbraqUR4QjNjc8e1cqwLt7lrv7LXxr+MNlr
Gl/Eb40eE7jQNQ0DUtKisvBfga78OyC5u7c263U0txq975whR5GSLai+YyuSSi41qQp+zq04Nq8p
8rWkuVwglr3upabKTvezuRSnPnpSqWdlG91dXU5N6aaWafdrTdWPmT/gn3+0Vp/ij42fD/wB4i8a
/Gf4YfHzSJ31Dx94B+JGv3t8njIfYLqKSfTHnaW1aAXLJOiae0MWyM7ovlXH6V18veP/ANjrWPFP
xI8EeNPjB8U/DmseC/gfqDeKdEceHF0TUYZ4rSWFrnVNSN28MkSpJJIywW1ohKqXyq7T0a/8FYP2
WnYKP2lfgCWJwAPiFpBJ/wDJiqnU9pZac2uiWnlZdOqSu0ktH9mOUYONnrayV3q76t3f2nqnzaN3
s1pzS8Q/Y1vdW/4KkeKvi3478aeL/Hmj+DvCPj/UvBnhDw14U8V6h4aitIdMfyZLy7l0+aGe5nnl
LsUlkeFUWMCMHcSn7WHxA+KX7M2pfCb4LaT8R9Wvte+PnxLudOt/F9+IZtT0HQI7Y3c8MQ8oQi5V
IzBExjYYbzG3SEmvSvD/AOwb4u+A/wAWvGPiv4DfE7QvBmifEzVW8Ra/4a8S+FH8S6O2oyKolvLH
yL6xmtnmADSAyyxswDBV5z0n7Rv7Adh+018NfD1lrnjTxXaeOPB/iGLxb4f8YWTQx3ujanGCqmGE
qYRbGMmJrcqQ8bNuZpCZDlBqKpNrZQUl3a5Od9ndxe7Ta0dr6aT951LPdzcX2upqHn7qkrpXV1dX
au6t9+wK/h258PQeFfiZ8YLTRVv5H8T2GqfEDWNTk161ks57dlS6uJ5LmzkSSWOVPscsChowcAhS
vzX/AMEtP2mfEX7MPiXxx8LvjR481rxDo8mhz/FDwV4k8TarPf3baGJHjv7GW5uHeSRrGVFILOW8
qdD24+tfBfwj+No0KUeMPi34N1nWLGFzpUuieBbnRrKS48srHJqELapPJdIr4cxQTWqtyCcYx47c
/wDBJEfF34cfCTSfi7400zxdrPwf8Svq+nap4f8AD03h5dS06RGEulXUTXtyZIZXK+ZhwsiRohj+
8zEeZVLX0as+ujtZrzg0pW/lUop+9ZE5KUPeV2tVrbVXb7/Gm43d7NqUl7qPPP8AgmBr3j/4uf8A
BSL9oLxH8RPFHjmZ4tG8N6z4e8K3Gu30OkeFbTU4buQWv9nCb7KbgQwW/mSPGzCXzSpXcc/fvjGL
UJ/COqppV1BZao9nKtncTjdFBMUOx3HdVbBPsK+XPCvwQ1P9i/8Aaw+L37QnxQ+OHww0vwH8QbfT
rG/tdQ8Onw9Do0dmZIbAf2lcapJFvIuCshaECVyuwRfdPY3v7eX7M37TGnXfw7039oD4Oa9feN7e
XQ4tP0bx7pk2o3huEaIxwJFOXaUhjtCgnOMCpxP7yiqdFa8tkr6p22v389bt33KpvlrOpWel027a
bK7SfS97LotNj5h/4JpeOtYvvjp8MdHufiZ41v8AxvN4W1K++Jdj4k8W3urab4suFeOO3v8AQobt
/JNqZTLKJdLjS3SJkilAcoq/bX7UXxr134F/Di31Pw34Nu/G+t6hqNvpltZrcvZ2VoZWIN1fXSxT
G1s4gC0s3lSbFH3WJArxv9nT/gnT4k+GHiT4Vv42+JOm+N9F+BVnNY+BobLwoNG1COOS0ayDajci
6mW7ZbYhAIYbWNmG9kYhNnoP7cf7J+p/tceAfDOl6V4psfDV34Y8S2fiMR6pop1vR9X+z78Wt9ZC
eAzwksHAEqFZIon524PRiZKUo8j05tdLe65326JReyvZKyZlRT97n3s+rfvcvfS95dWlfqrHh2g/
8FjrbxB+zho3i/8A4Rnwfpeu6r8RLz4av/aXjhIfCdtqFr5xac60lo5NtKIdsLfZQ8kskaFE3Fh9
g/D3xBqXijwjbX+raZb6TeztLm3t75b6IxiRljkSZVUMskYSQfKCA+CMg182/DH/AIJ6eLfhV8LP
iN4Ut/H3gfxDpvj7xXqvid7LxF8Phf6btv4/ntLq2W+jFxEk2HHltBlRsIP3q9V/Yj/ZVs/2Kv2a
fD3w4sNWuNZttDa5kWd4fs8MZnuJLhobeHc3kW0bSlIodzeXGiLubG45pp09fitB/NxXOvlK+vW+
miu3K/Pptea+XM+V/ONla2lm3qzyf4cf8FG/EHxq+HvxJ8TeDfBvgTWrTwHNq1sLBvH3l6rbz6fv
VodUtlsXbT5JWjJRVNwQjRs23dgZvwr/AOCpWrfELxZ+zOl38OtP03w1+0d4MufFMV/H4me5vNAn
trBb2W1a2+xqs6bJI1WYTIWJfMS7Ru3bn/gm43jT9qqx+KPi7xH4avdR03w5feHTNoXhJdF1XW4r
yLypRqd4LmQXcKffihWGJY5PmJfgDzTwj/wS58U/APSfgh4i1X4zazrVj+yzoup2eg6b4c8FW8N1
rmnvaxRJbzrLLctLceRCYmaER+aWUokLAs2XPGNKUqmjtHzSsqik9N7v2crdLNd76OLlLlhrdyt3
d+VxS6ae9G73vd9Gun+Dn/BV/VPiT4x+Ecd58ItVj8LfH/z5vAWqaV4is7q6a2gTzZptUtboWgtC
IP3wjtpbx2RXG0ONhgsf+CuF/PrnhbUx8I9W1L4f/ELxve/D7wrqWl+IbM6zd6naTXMMj3Vjdi2g
trZjZ3JR1vJZWCKDCrOFr52/4JseEdH8MeOPBfirwl8Uvgt8XvFdrIIdX8K6bpOtTeIfBy3zs2ou
sUut3FposikStMsWlWaTvD5QSNnRRm/si6Lo3iL41Q+PtA+Jnwg8Y/EOTxPeeIj8LdS0PW18VaDL
e3bI7vp39ufYtLvlt5lSW+XR4wAXLs4d5X6lTXtIwtte/V7rTS11b7UUle+j2WVWa9nOUf8At1/K
Vnrtry+67tpbq9z3nR/+C9Hw61n9pHwp4PtpPA+p6F408RXfhLT5NJ8c2moeKbTUIGnRHvNEjj32
9pM0DLHN57vmSLfFGHBFzX/+Cnvjr4o/8E5/iV8Z/h74W+HLroPhXVNd0x08cNqMmmNbxqy2+pQJ
ZK1vfqnns1spkRZLfy2nG/evsHwB/Y+8cfs43F94a0D4n2R+FK3l1qGkaJceGmk1vRnnuGuDbrqR
u/LktFkdwI3tDLsIXzuM1574m/4JLp8TviF8UfE3inxfoUGqfEvwBefD+6n8KeE10KS9iuo0El/q
RNzMt/doyHynCwrGkjptbO4cVWLnh5Q+04ys9teV2Vl15rK6aSunrZ366E4RxEZTXuqUb9dOb3t+
nK72s2+VrS+nA6r/AMFgZ/2X/wBnv4baV48/4VHB8T73wJaeLNQs/EPxWi0a3vrApsie3u7uyWS5
1C4Mbt9nECxqwYNcAbHfsPEH/BRS2/bX+D0WifCHwZd+Ml8WfDuHxlr4u/FE/habQtKv0mjhiiub
eKWVtQdobgJGjRIPIYtcRZQt03hH/gn58QfhVq/gTxT4R+LuiWXj3w74UtfBWv3Wp+DHvdE8S6ba
ktbAWMd/DNbzQu0rJILp/wDXyhw42BNX4gfsE+KZv2iZPib4H+KKeGvEPiTw3F4U8ZR6r4cXV7bX
7SKSaSGeFFuLc2t1E1xOEfMse1wrQvtFdOP5KqqqOvM526JL3+W67O8L2s009LM5cFzUlTcnrGML
9fe9zm18rTtumnG7vdGb/wAETGk1z/gkV8Bmu5bmSS88H25mkaZhMxbduYuDu3HJO4HOec5r5l/Y
B/aq179hr9l7xBqF14Ll8Q/CfT/jb4j8Nav4hufFs9zrejJNrzWVrObeeGR7yFHeJJJJLtZgMtsk
wTX3D/wT9/ZKuP2F/wBkfwb8Kp/GeqePF8H2YsodUvrG3smaMH5Y0ihUBY15C72kfH3pGPNeSaT/
AMEqbi0g1zwXefEJL/4K+IPGs3j+88MtoATV7nUZNSGpG3k1IXHlmx+0qp8pbRZSoCmcjIPRWqQl
jp1Y/BJv7nOMrPr8Kla3UzhFrBxpv4otPz0hON103cd+m+wvh/8A4KOfESXUPj/oeu/CXwnovjH4
NXGnQaPpC+O55x4wGoHFnMsp0xPs8c7ERIQsrecsiMqBA7ek/t5ftXax+xl/wT8+IHxautG0+TxL
4P8ADT6iNMjuXurNb8oqpF5pSNpIRM4BfYjMoJ2qTgeWeMfhh4N/an/4Kc+BvHHgTxjp+tJ8P9O1
DSfiFBol1bX1lNPaXEMum2F86FjFd295JLOkRKuojfcACAfqH42fBvw9+0P8IvEvgXxbYLqvhnxb
p02l6nasxXzoJUKOAw5U4OQRyCAR0rgrRlLCpx+KS/K6Tv3nbmellpY66coxxXvr3U1detm4tf3d
UtbtPU+cPh/+w34q8afs1w69e/Gr4sRfGnxV4aEk3ia28WXi6TZXtxbhs2+j7zpscKOwCkWvmhRn
zN5L1pfFX9vLxb4O8S+PPDvw/wDhzZ/Ey9+CumWN545ebxONJmVp7Zrj7Pp6G2mF1dCBPMKTNaxn
zIx5uSQup8Cf2SfjD8EvC2n+Bj8drXX/AIc6Napp+nyXvg7/AIrGG1jRUjjfVVvPssjKq7fMOnby
D13DfUPjf9gjX9O+L/jzxP8ADT4g2Pgq3+LdpaWfjW01Tw8+uTXZtrc2sd1YzG7h+zXRtyELzLcx
kxoxiyH37YqbcpuhZJ3cVayT6JpbRs3dRbd9ureOGVowjX1cd332vZ9XppdKyuUvj3+0nJ+1R+xx
4Gj+D/iDU9F1j9oy1gtPDWtQxyQXuh2Vxbm4utQAHMUtvarIVJIAmMK7ssM8r+xp8XNV/a4/4Jda
3onjrWPEVv8AEb4fW+o+DPGV3pmt3ek6rHrGlEo1ytzayR3ERnEcNwCrrvSfByrEG5of/BIzw3df
FTwzb+MoPhf8RPgn8PvCkPhXwd4C8R+AV1KXw8saxhrsXlxdyRSXEpjUO5tFJREVSn7xpMP4a/8A
BKjxx+zX8VvjJf8Awd+Ivwo+HXw/+LUUap4It/hXK2m6FMlv9nF1D5GrwL5zx/6zZHHG7KreWpyW
zxkYyhXp0U7TUnG+6adoJvp7rk3a/vNXlaKteHnKMqMqj1g4387q82vR8u9tIPlXva/Jn7DX7Uf9
s2n7F83wa+Nnjf4p/E3xwthH8YvDV5491Dxla2mnmwd76+vYLu4uP7KmiuQgQxmAOz7NjjAH6W/t
v/tdW37Gvws0rxBcWuhzS67rdtoFrPr2tf2HotlPOHKS3195M32aDKbN4ikJd412/NkTfsG/s46/
+yF+yb4J+GHiDxVpPjOXwLpkGi2WqWGhyaOs9pBGscIkhe6ucyhV+Z1kCsTwi9K6r47/AA71v4oe
CW0rRtV8O6eZjILqDXvD41zTdRjaCVFhntvOhZoxK8UhCyoW8rbkBia68wqxlUk6Oq53JdPdbT5U
vsqyst7Ntq6sjDCwdk6mj5VH5q/vO27u12uopO2rPCviZ/wUG8beAvjr8LPhrbfB+LUvEfxZttYn
0rUz4xtU8PL9gjkkGblIpLkrJGIJCwtPlS4GBI6NGOQ1b/gtB4c8JfCeKbxVpnhDwD8R4/F+oeBL
/RfFnje30jQdM1Oyg+0SvLq8kJzavC0LRyJbNI5uIx5IO4L80/FH4N6P+wT+2h+xn8H/AAx8XvAX
hzxpBeeNNUgOqaZGNKsZtViUwW0Gki8jkgsZJzJDbQLdBiU2LK7Bs/Xdr/wTFvvC/hzR9c8O/Eie
w+MumeLNQ8aT+MLvRFurLVL6/h+z3cE+nJNHmyMCxRJEs6yRrbxHziwZmwsnFyXwu6T68ymtullG
6d9b8rS3vpNyUlG2u9unK4yt53bUWt1umzkfgD/wWdtf2vvCnhvTfhP4M0bxT8UNbl1qO40S48Wp
BoVimkTww3dwNWgtp/Pgke5t/s7xW7GUTKWWJQ5X6t/Z2+K2pfG74L6B4o1jwh4g8A6tqsDNeeH9
bjCXulzI7RvG+OGXcpKuOHQqwADYrxz4ofsQ+OvG/wARPAfxP0v4paTovxm8F2l5psuqP4Ue68Oa
pY3gg+0Wb6Z9tSdIfMtopYyL4yJICS7qStfQnhDTdT0nw/BDrOqJrGp8tcXUdqLWJmJJKxxAsUjG
cKGd2AA3O5yxqThyaLXr23fw+TVrqV2ndJ21c+9zb6a/8M/Na6rRqzaTulp0UUVkWeMft3ftU6n+
yB8E7DxNo3hix8X6xq/ibRvDFjp17rD6TbNPqV/DZxySXCW9wyIjTBjthckAgDNQfGT9rnXP2cvh
jb674r+FfjDXbrTtO/tPxQPBEkGraf4cgUMZJRPetYy3iIEZiltA8+ACYRuXd53/AMFj/wDk2/wF
/wBlc8Df+pDZVB/wVY8U+DPiN8JtV+Fr/tGWfwi8f6jps1/ZeH7G70m71TxPH5b7LaTTLmKa5u7e
Ro2UxW6q0uGQl13IST5cK6qV5e0lFddIwpytZWvrKTdtWtE0awipV4wlpHlTfzlJXvrbRJLonq0z
qf2qf25fEHwG8KfDbxr4a8HeGfGnw38e6zoOjzapN4ouNN1O0Or3sFtbzQ2YsJo541W4SRt9xC3B
AHevpCvhD9ufUvGOsf8ABNj4B3fxC0+00rx3c+O/hxJ4gsrVBHDa3x1rTjPGijhVEm4bRwOlfXPw
lv8A4c3fiTxqngWfwTLrEetN/wAJcugvatcrqnlRq32/yfmF15SxA+d8+xUHQCuupRjGE0tXGpUj
dO+kY0muysnN+9bW6T305KdRyUJP7UIt9NW5p99fdWl31O2ooorkNgooooAKKKKACiiigAooooAK
KKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAoo
ooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKAPLv2
vf2VNK/bG+EsHhLVtf8AEvhhbLWtN8QWeqaC1qt9Z3lhdx3du6i6gnhYCWJCVeJgRkY5ru/Avh28
8I+D9O0zUNf1bxTe2UIim1bU47WO8v2HWSVbWGGAMe4jiRfRRXlP7f37KfgL9sP9nyfwh8QfDGi+
JtLuNSshb/b7NJ30+WS5jh8+BmGYpQkjruQg7WYZwxB+Ev8Agiv8V9a079lT4hfseeNNQM3xB+BX
im58H3AuGJkvvDjmS5iuAOcRvbLNCgBO0NCCRkVKqNU6sV9lc6XR/DGTv0avBPTVa/ZKlFXhN7N8
rfbeS9b2lbrfRL3j7y/ar/Yxtv2uNY8JnW/H3jvRPD3hXWtO18+HtHXS0sNWvLC8jvLd7iSeylug
BJEgKwzxBlBBGTmvRvC/w1sfC/jHXfECy3d5rHiHyY7m5uGUskEO/wAm3QKqgRxmWUjILEyMWZia
/IT/AIIM+Jrj9kz/AIIV3XxJ+HvgzwIfF2q+Mbu01zWdUmtNMigsU1Ew/bLqWSWD7UlpFI7JbGeM
vyiOhevoL4K/8FbPi98S/wBlD9pDWbbwPo3i74g/AXxo/haOTQdAv4YNXtBLFv1EaRLcPdh4YHeV
rQXO+QxbQ6FsjeovZp04vRLmd9PiVNN6vZc0FzNpWWmkZcpKDdRqW/M4f+Audvv5ZOyu72vq43/R
qivyt/bi/wCCgPxO8e/8E9fg34v+HHxh+Fuu/wDCyfi1o3hO817w74TvbW3ms57ncIJrK4v3ntJV
aPZcW7TF3UlQ8O4mu3/aP/4LBfEb4O/tP+L/AITeGfCMvxC8UfCDw5pWq+JIPD/w717V5fGd7eLv
a1sVsZJ00dFjw6y30k6szeWAdplqVBt22fM4263UYzb9EpLzvokwcXbmtpbm+Tm4L75Jrst3ZH6N
0V8M3/7cfx38af8ABSz4kfAbwdafDG3trH4Y2fjvwtea/ouoRTWN1POsH2TUfLu8yqWV+YoomQMM
himJPdP+Cgn7Qfjj9l79lLVPGfgzw2fE2vabPZx3aw6XcasumWsk6JdX/wBigkimu1t4i8pgjkjd
wmN69amfu041JaKWnbaTg7t6JKSabbskrt21IpyU5uENbf8AyMZLTfVSVla7eiV9D3Kivzs+KX/B
ZW/8AfBH4C/2F4o8BfEvxN8e9b1Cx03xb4S8G6zqmj2Vnaq0rTHQra4m1KW5VTFE9qs4ZZDIzOgQ
rWl4e/4KofFL40+Kfgx8L9A8GWHwy+LvxRsdf1K7l8feGtTjs9NttJlMayrpry2l2y3vyvGHlQxI
xLCQrtanB3cUrtNr5pcz0euiTbvr2TYSkopSk7Jq9+msnFffJNL5XtdX/QGivh34+ftw/Hj4Eftq
fsq/CnUdP+Exk+ONjrFt4lW1tdQuxpOoWFmZzNZ3Lzw77di6fu5LcPiNhvy4KcD+0l/wVy+LvwH+
O9x8ILPwhpni/wCJvgTwLB4v8SweGPA/iDxHbeKbuWRkj0zT0si8mmq4UN9rvTJGjMqbHyWCcfh1
+JyS8+Xm5n6JRb89Ek27FzjKKu10i/lJqK/8mduys22lqfpBRX54aJ+0h8Yvit/wXf8AD3gqz8S6
V4d8A2Xwch8ZN4c1bwxcNdxpeahBHcQSYvIjHfL5Kqs0iOkQLp9nJZnP0P8Atxftx/8ADIeseHbX
+2/2d9J/tyGeXb8S/iz/AMIPNJ5bIM2qf2dd/aFG752ymwlRht3BOLhCEp6OXMrf4ZSi9tN4v+rX
iMlKUlHWyi7/AOKKkvPaS6H0RRXyH+z7+1pL/wAFBNQ1jwrb/ED4G6Te6Taf2la6h8G/jYni/WbK
UN5YkmtZNKgh8geYf9eJoy+wGMnBHc/C79oLxvYfGmx8D3g0T4raTNLPDd+K/DMT2jeH2j3ER6lE
xe1DjCITDciZnbItEQMyNQd0nu9V5pb+mz3t+IOcbNp7aPye/wA7pq1rvy0PoOsrxn470P4caDJq
viLWdK0HTImVHvNRu47W3RmO1VLyEKCSQAM8k18uf8FV/wBij4W/F/8AZx+MfxF8ZeCPDXjHxTo3
w11Oz0i51zTLfUBofkW15Os1p5qMYJmklBaRCGPlRcjbXxX+2F/wT3+Dfw6/4Iw/Dr4qeE/hZ4A0
T4gRaF4IAvbHRbSwN7c3GpaQzXE0scJfzyfMTzxl9lxMDuDYqKPvzcZaWlTT6/xHNK238mvr1trV
ZcvIoa8ym1fTWCg3ffrPT01tfT9jKK+HfG3/AAU48Yfs1eLf2g9A+Ien+GvEWofC6Dw5qHh5/DWk
ahD9tj1y4ktLa1ngD3U0ssVwmGkgXMqsCsKt8ld3+wH+2L8Rvj98VfHnhTxx4T1kab4ctrO/0bxj
/wAK48QeB9O1pZzIJbQWesAzCeBkXLpI6OsisAhyoqMXLbtf8E2vVJ+nZsU3yq772++1n6O689dU
tbfU9FfDPiz9tv8AaG8Q/F/9pnw54V0b4P6UP2fY9P1Kxg1BdR1WXxTaz2c94YHlSS2FnM8SRgOI
51ifcNswIcZvw1/4KQfG79pv9puw8LeAfDPwq0Lwlq3w10D4o2F7r91qN3fT6ffXMaT20qQrGsE4
jW6CFfOUMkLMWDsiTD37W7J+icZTTf8A27CWm/uvTa5U9xNvp+fNGNvvnDXZ82+jt98UV8Afs5/8
FaPHXx2+NPw8vrPwPrmp/Cj4kSXQlni+GfibSz4Ktkhklt7+61u7jXTL2CYRgN5CxiIyrh5lBY+m
ftI/8FRvBcPwUuPEPwV+IXw5+IR03VrOy8RavoDnxtb+CrK4Ev8AxMbyw0u4FxLEGiCYWSPG8uWC
xtTaaSbW+npd217K73289ymrScH01+5X9b6NW3b2Wqv9O614/wBC8NeI9I0fUtb0mw1fxBI8Ol2N
zeRxXOpOkbSOsEbENKyxo7kICQqsTwCa1q/Nr9oDxSvx3/bN/Yj+I3g/WPhL4r8T+INU8W2OneMt
GtnuNOuLBdKuzFnbIZpAgO57bz1Xzd6+Yn3h3Hg//gox8U/Hn7Kvh/Ws/Czw14sHxD1rwD4k8Raj
BPLomntp1xdwLc2ulm8ivLyS5e3hRLWK5aRDOWJdYzmpRajd7q91t9rl627xve2rsr2ZN02mn7rW
/naT6X6Qk1a97eaPu2ivzn8Hf8FVvjf8VPhb+zFqXh/wl8MbW++OHibWfCGr3mptqcK6feWA1ACe
GwZUlSJxYmUxzTeamfJIyTMqfFj/AIKwfGXwBrevaXpPgM+NPE/wpv8AT9E8XeHvCvwz8Wa/F4pv
ZLW0uL06Zq9vEbSwWFbolI7tZXkCfN5IZWalSk5un1Tt+KTdt7JuN3b7Se17Lm/K/wCLVr7XfLLr
bR6n6CeNvHmh/DXw3caz4j1nStA0i0AM99qV3HaW0IJwN0khCrk8cmtUHcAQc5r8of8AgrR8b/FP
7a/7APxd8S6dpHgBPhl8O/HVp4etbXWNKmufEM19ZataW1xqMFx5oismSV54Vi8iR5I9zebGH2V+
h/7XXxg8Q/AP9mPxN4v8L6BceJdb0S0jlhsobKa+cIZESSf7PB++nEMbPKYoiHkERVSGYGsm7Uva
y01/BxjJN9rqXXZb2d0qs3WVJea+ak018mrd7+Vm/T6K+Gtf/wCCqjaV8BPCOqaD4y8FfErWfiB4
nbwtpeteEPBGuarFpM0Omvd3T3mg2stxqImieGUG0EquFeMvJGA7DK+CX/BTD4w/HfVfC3wxXwXa
+BPip4j1bXYIfEPizwVrWl6He6VpcdtJ/attpN3JbXzC4N3BGsDzp5bCYmZ/LCvbpyu4pXa1+Vk3
vbZNPXW12r2dkmmlK+j+dt97X6xa8nZOzcb/AH1RXwr8S/2z/wBqbwT8R/gL4Au/Afwc8N+LPixJ
r2l397fape6hbW15p9rdzQXEVvBtxazJFbTbWuGlVZXiYKy+bXLRf8FZPi3q3xA0+HRPAV34qs9J
8YJ4G8R6RoHwx8V6gpliuBZ3+rW2uiJdOW2guBK32aRS5iiy0yOdikYOUlCOrbsvP3uXr0u1r0Tu
7RTaKl4Rc5LRb9baN2utL2jK1nrytK7aT/ROivi7/gjZ4w+KHxC0j45at8Q/GHh3xSsHxU1/SLcW
Xh+bTriJ7OdbUsZGvJkMBiihWOERq0YQ7pZS2Rwvxv8A+CmXx18Ap+1pqVn4f+E2n6X+zBdWN5HB
OdQ1K48S6fJZi9kiMga3W1uGgdCJAkqRybkKSriQwmmoP+aEZ+ikov8ADmW2r6LoVyS5507axnKH
q4uS/FxfkurtqfoXRXxzp37c/wAU/D37R/jfwNqmieBvE0y/CkfE/wAK2+nNLo5hfzng/sy8urqd
4pAXCH7XstlVS26IYzXjq/8ABXj4teH/AIaftBXkVp8I/iLqvwl8AaZ8QtN1HS7bU9C0e7trkXRu
LUO8l4L7yVtXMdzbSrDOxC5hIYq3dRcmtk39zlFr5OEk3tpvZq6prndo90v/AAJQcX81UhbrrtpK
36UUV8XL+3L8ZPhl8U/COj+KfDng3xlB8Vvh/qXivwlY+GLK7sr2z1PT7OC5k0y4kmnmW5ScTgRz
okBUrtaNshq9B/4J3/tiT/tceGdUurvxt4C8TajpMNuNU0rSNBv/AA9rHhq8kaVntL/T72eaeLbG
IlWRtnmssrBFXaKt02pSj1jv5e84v7nFrts72avmqsXCNRbS289E/wApLz3092VvetK8f6FrvivV
NBstb0m813RI4ZtR06C8jku7BJt/lNNECXjV/Lk2lgA2xsZwa1q/LX4nfELxX+xl+2d+3p8RPhXp
Pw805vCHhPwt4x1i21PS5nTW3jtNQmuIwttJDsnmVXP2l2kIYLuikBJX1H9q/wD4KueOvCviPXdM
+FPhDUfEGreEPDeleIptKT4ceJfFLeJpr2F7hdMiu9LjNvpknlKm24uTKC0uPJCoz1GnJGXdK/ld
X9WtHbS7ttqr6yi1UcPu89I/JP3436K++jt980V8F/D7/gon8d/iL+0D8UdPufB3w28HeCvhNpWg
eLNUtdUfU59el0e+tby5nhYbIlg1COOFP3TRuiOjoWfeJI7X7IP/AAUk+K/7Rfx68LaLdeBdWbwd
8RPDM+sWusr8LvFGiWvgW9WJJYbS9vdRSO21SOZXbbPa/ZwWi2hSHV6r2cnJxW6V7ddm196jKz2u
rXu1fJ1IpJt6O2vrb8uaLfWzT72+6qKzvB9rq9l4V06HxBfadqeuRW6Lf3en2L2NpczhRveKB5Zn
iQtkhGlkKjgu3U6NTJWbSdy09AooopAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUU
UUAFFFFABRRRQBwP7RPwR1D49eDrPSNP+IPjX4dPaahBqDX3hmPTHubgwuJEif7fZ3Ufl+YqOdqK
xKAFtpZW4W7/AOCfHhG3+OfxF+KGh6x4j8L/ABJ+Jnh2w8N6n4j05LB7u3itC+2eFLi2lhE0isiu
XjdCIYsIpXJh/wCCmn7Y3iL9gP8AZB8T/FvQ/BWkePbXwZGLzVtNvfEUmiSfZchC8Ei2lyJJQ7J+
7cRgqWO/ICt4ppX/AAV88W/D/wAU/s/L8V/hDofhnwz+0lLa2XhfVvC/jWXxFLY3dzDHNDDfW82n
WTRgrIMvE0yqQc8c0U4qq3Tiru6j85ppJP8AvJNWW+246lT2cU5PSzfyg4yba/uvleu2nQZ8Pv8A
ggF8M/h9+yFD8EE+JPxm1LwPp3imz8Y6Ul3qGlLdaRqFvO05aOSHT4/MjldsulwJVG1SnlkZr2b9
nj/gm54S/Zf8UfFfV/Cnir4gwXXxg8Rr4r1gTanC4tNQAG6S3YQhwjsNzRytIh+7tCfJXrmv/HXw
R4T+JWkeDNV8ZeFdN8YeII3m0vQrrVreHU9SRPvvBbs4klVe5RSB3qjf/tOfDbSvjFbfDu6+IXge
2+IF7GJrfwzLrtqmszoQTvS0L+cy4VjkLjg+lVzybuuv425U/wD0iN/8K7Eya1cujvr3fM7v155f
+BPueIeP/wDgkX8Ofib8C38G6vr3jaXU5vG9v8R5vFkE9jbazPr8JTZfMkdqtlu2RqhjFqIiBnZu
+auk1z/gnN4Yn/a1tPjVoPi74geDfG82jReH9ffR761a18X2URBiS/juLebLpghZoDDKAxAfGMVv
+CjP/BQ3RP2Dfgb4n1+1l8D+JvG/h3RZ/EcXgvU/F0eianq+n24LXEtsohnlkKKCQBDtJGC6da9e
/Z++Kv8AwvX4EeCvG32D+y/+Ew0Ky1r7F5/n/ZPtMCTeV5m1d+3fjdtXOM4HSim205w2g16K8XBW
XZxhytLS0eV7WFUmlJUpvWSfzSkpO77qUlJX1vLmW7Z5b4V/4J46D4S/4KB65+0ZD42+IFz4q1/w
9F4WuNFuJ7B9ESwiKtHGii0FyCsoMu83BYs7ZJXCj2jxx4SfxnowtItY1nQ5kfzYrvTJljmjcKwU
4dXRwCQ2x1ZGKjcrDIPyx+1P/wAFVpfgb8X/AB74T8JfD8eP7n4R6fpOq+Mbca4dP1QQalKY7dNL
tfs8ov5xgFo2ktxmSNVd2YqPry1n+1W0UuySPzFDbHGGXIzgjsRSs5Uo2+FXS++7t13bd+rvrcpp
QqSutXZv/wABSXl8NtO1j5V8a/8ABH74a+NPhl4W0j+3fHOkeLPB3iybxzpnjnS7qztPEEWtXD7r
m7IW2+xHz/uyQ/ZfJK4AjGBjpv2hP+Cbvhb9ozxF8OPFOpeLfHmi/Er4V3ElzoPjnSLmyi1qMzKE
uI5FktZLR4ZlGHhNuI+TtVc15vo3/BTr4hXn/BTLxd+zRqPwi8J6LrOneFrjxX4W1m78d3H2fxdb
K2yAIi6UfIYv8swLuYdrlBOFG6p+xL/wVW8c/tZeFf2gF1z4ReGvh140+A99JpVz4dv/ABvc3T3l
wkUkgkllXS18i1kVAYpo0uGcbj5YAXeU23FTp7Jc6tpZRaptpdLNKLileySatYqpFqTjPe/I+t3J
c9m+t+ZyTd1dyad7np3xt/4Js6B8df2p/g98XNS8ffEqx8RfBM3L6JaWd1p7WN2918t210s1pJI5
mjxGRHJGEQDyxGea0vil/wAE9/C/xA/a50X446R4m8a+AviJpulDQL+98O3NoIfEWmCXzRZ3sN1b
zo6B8kPGI5VzxIMLjc0D9tHwLoVrPpHxD8c/CrwT8Q/D+iprfirw0PGtrcyeGoCqFpZWlWCUQL5k
f76SGNTvX1GeUf8A4KQeB9L+OPxL0LVPEHw6svBXww8NW2v6p4lh8d6dd3Fs8jP5sFzpsbG5tVRB
CyyyfLKZ1VASOW5cllfSPM1tZb82u1n7yfR3a62cu843d9VFdb7rlVt73afdfF0ubmpfsGeELv8A
bY0j4922q+K9N8a6d4X/AOEQuobe/RrHWNPE4uI0uFkjeXcko3BopIy2SJN6nFe214X+z7/wUi+D
X7RH7LUHxi034h+C9P8AA4UG/v77XrSGHRHYBlgvXZwttPseNmikKsu8AjufadB8QWPinRLXU9Mv
bTUtOvolntrq1mWaC4jYZV0dSVZSOQQSDTmpxXs5acvTtduX4tt/MlNN866/jZJfgkl9xnfEH4ba
N8VNDXS9ftH1HTRKJZLRp5I4LrCkbJkRgs0RDHMcgZCQCVJAI1NI0e08P6Xb2Nha29lZWqCOG3t4
liihUdFVVACgegry24/b2+CEOj+Nb5Pi98NbyD4cQSXPikWfiSzupfD6IzKxuo45GeE7lZdrgEsN
oBPFYHwF/wCClvwU+Pv7LVr8YrL4keB9K8DybUvb/UfEFpbw6NK4DJb3jtIFt7jY8bGGQh13gEdz
Ceja2Vm/nom/XZGjTuovfVL82vyujt/2p/2fU/ao+A/iP4f3PivxT4O07xVaSafqF/4e+xC+e1kU
pNArXdvcRqsiMylhHvAOVZTzXkPxK/4JdaT8Vf2HvDPwF1T4r/FgeGfDE1i0WrQnRF1e8hsZEls7
aZzppgMcTxQkFIUkfyVDu4Lh+k/ad/4KZfBf9lT4GeHfiF4h+IHhSXw34xvrXT/D15batBLa6y88
ioJIplYoYEVjJJNnYkaMxPTPoNx+1H8MrRPCLzfEXwJEvxAVX8Ll9ftFHiRWUOrWWZP9JBUhgYt2
Qc9KcYtc3KvtRT/xR1ivJq7aXm+7JlK/K30Ta9HpJ+jsrvyXZW8V1H/gk/4S8YfFX4neKvF/jz4l
eNW+LWg2Wga5pupS6Xb2ccdkxeyuLZrOxgnguIJGkkSRZeHkLEEqmz2X4D/Au/8Agzo/2fVviH48
+JN7HGIINR8UPYfaYIRjEQFla20TcgEyOjSt/E5wK9Aqj4n1mXw94cv7+HT77VpbKB50srIRm5uy
qkiOPzGRN7YwNzKMnkinztK3RL+vnrvvbTbQGubR/wBaJfklpton0R+dXw7/AGebj9qj/gpj+1np
mr3vx98BeC/GMeh2Tva+GrvRdG8a2dpYNZ31sL+8sCAvmPtD2c8M0iMzRyPGCw+p/h9/wT60H4Z/
tgXPxg0vxh41SebwrbeC4fCxXTB4fstKtyWgt4kWzF0NkjPIGNwWJcgkoFRe/wDhH+0x4M+NepXm
maNqzQ+IdMQSX+g6lbyadrGnqWZA8tnOqTLGzI4WTb5b7SUZhzXDf8FFv2rfFv7FH7NOpfEfwx4G
0Tx/FoE8P9qaff8AiWTQnit5ZUhEsLrZ3IkZXkQlGCfJuIYsAjJe5GEbapJet1y/dZtdleVrJsJt
VHK70fTtblf33jF9L8seyLHwB/Yb0v8AZt1ueHw544+IH/CDLdyX2m+B7m6spNC0OWSQyEWzC2W9
WIOzMsD3TwpuwsahVC+j/FP4dXfxH0a2t7HxZ4n8HXlpK80V/ob23nBmglhAZLmGaGRV83zAskbL
vjjYg7cH51+JH/BQjx/+yfq/hy7+O/wl0Lwr4G8TaraaKvi3wd4zk8S6fol1cyeVD/aMdzp9hNBE
8pjQSxpMgL/MU4z9BeI/2hPAPg/4naP4J1fxx4Q0vxn4hRpNL0G81m2g1TUlUZLQWzOJZQADkopx
im05RS31a87pJtd7pNPXW1ulg57Sc+rV/KzbV+1m7/O/W588aH/wSB8KeEvHPw08Q6J8S/iro9/8
MdU1PXrZbd9GeLWNT1NpDqN7drLpz5kuFldCkHkxRrjyo4jzVb4Y/wDBHTw38KLPQX0/4ufGWfWf
DXjHU/G1hrFxcaL9riu9TV11GEqmmrAYLjzHLAxb0LHyniHFe/3v7Ufw4fXbzQbf4lfD+LxHbrdI
bKTXLWSe3e3jjkm3wCVXxEk0LyD5SqyISVDA1k+BP2vfhtf694U8F3/xf+FOt/ETxFpMGoWunaXr
Vrb3GvRvAZftdnYtczTG3kRXkTDygICfMcAtTjJ2uvK3o/esv7vu7bWVkrJ2KnvO89d7+uqbfn77
13u227vXxrw9/wAEe/DXhK8+GJ0z4r/GC0sPhJ4s1HxjoNh52izw/bL+W4e4SZ5dNaaSIrdXMYBk
DhZid5cK6+nav+w7pY+PWt+PfDnjbx74Il8X+W3irRdDuLJdK8USRxLCk1ws9tLNDOIlRDNaSwSM
qIGY7VxuS/tx/BWH4ayeNH+MHwuXwfFqB0l9dbxXYDTEvAQDbG483yxMCRmPdu5HHNavxw/aF8Mf
BX4ZnXtT8WeBdDOpp5OhTeI9fh0nTdUvJEJt4PtDbuJG2jMau2DlVY4BidVwhzvZfO90tPO6UdHe
+jtsNR5pcvV/K1m7+lm3d6Wd/M8G+MX/AAR0+H3xgtPiHo58ZfFHw14I+Keow614i8I6Hq9tbaTc
6lHPDM17Ez2z3VvLI0CeYsM6RvyxTfhx9Haj8L0n+G1h4Zste8T6VHpi2iQajDqLT6kRbvG6+ZPc
CRpi/lhZDLvMiu4YncTXlX/BNn9rPWP2xP2GPB3xW8XWmhaHqfiCK9uL2HTpHFhaJDeTwja8pLFR
HEpLtgE5OFB2jxr4Bf8ABVa3/ai+NniLUvB/xU/ZwX4VeC/EdzoOsafe67nX5LONQkesQXcdy0Bh
nuW8uOF7cI6DeLksRHV8rjN4ZPWKv6KNorXyukuy2tFO2bqLkWIel27X7vV/N8rbvu+8mk/RD/wS
q8E3PhvWXvPFfj+88faz4mi8YN4/+0WFt4itNVitvskNxCILSOyjCW37kxi18uRCwlWQsxO78Sv+
CfGlfFSw8IahqXxC+JUXxG8C3sl/pHj+1udPh163klhWCZDELP8As9oZYlVXgNn5RI3bA/z12fiP
9tb4N+DvBtl4j1f4t/DLS/D+pahLpNpqd54osYLK6vInZJbaOZpQjzI6MrRgllZSCAQa6Pxr8d/B
Hw1gt5fEfjLwroEd3aS38L6lq1vaLNbRJvknUyON0aJ8zOPlUckgVMpWjduyVvK1krW7e6lt0Svo
kau7nrq3deqbenmrt6bXbtuzyTx7/wAE+Lf4j/HP4T/EHU/it8VX1r4RTT3WnwiTSGtdVnuIjDdS
3SNp7EGaFjEUt2gjReYkiclzreGv2GNK8B/GTxD4n8N+NvH/AId0LxfqDavrvgyxubL+wNTvnAEt
1iS2e7t3lKq0i21zEkjAsysWct2GgftYfC3xV4h8M6RpfxL8Aalq3jSzOo+HrK18Q2k1xrtqASZ7
SNZC08QAJLxhlAB5rlP22P2+Phz+wR4S8N6r8QPEOjaKPFev2Og6fHf6hFZK7T3Eccs7PIQqw28T
tNI5wqqnJBIqryi4ra7cV6ykly+nMlpsmlorE/Emt7JP5JNp/c277tN3buzS/Zp/Y+8P/sq6747u
vDmseKLqz8e+I7zxRPpuoXcctnpt3duJLn7OqRo22SQb/wB60jKSQrKvy14v8RP+COug/ExfjxFq
Hxk+NEdp+0WYl8V20DaAsaRRRrDHFbE6UWiVbdRBkszFOSxk/eVP+zt/wU3svFf7Q/xk8KfE3Xvh
R4I0fwf4l0nQvBt7F4kXZ4nTULEXluVmuPKWaeSKSIiKFDg7grSjDn6K8f8A7QfgL4T+K9C0HxV4
48IeGtc8USmHRtO1XWbayu9XkGMpbxSOrzMMjhATzUcukNPsqKXlaLUbenLpvsPnd5Svrdyb87u8
r+bu77M+dPHv/BHvwx8WPG9/rXir4p/F3Xl1j4et8MtSsJZdFtrXUNIZDu3m302OVZjMfP3xyJ8/
ygCLMR8x/wCCgX7A6fBf9jz47eLdJ8TfGv4n+O/GXwnf4crpy6XDrU+uFBcixf7LpunrIkqvdOpe
IRwhSXkXO56+8PiB8RPD/wAJvB2oeIvFWu6P4a8P6TEZ77U9VvY7Kzs4x1eSaRlRF92IFYGu/tNf
Dfwv8LJPHWp/EHwRp3gmEqH8Q3Wu2sOlIWxtBuWcRDO4Y+bnI9aVWTlCUb2Wt/Lmcr/e5y+bLoy5
KkZJXatZd+Xlt625IfKKR4N+yB+xlpXiD4YeFvHWseLfjBqnii48Enw3o83ieEaPqnge0niiW4t7
S3+x20sUvmQxnzrtJbg+UmZGXGfVvg1+yFpXwl+OHi34kXniTxT4y8aeL7SDS5tS1v7FGbHT4JJZ
ILKGOztrePy0eaQh5FkmbdhpWAUDovEv7Tnw28GaT4cv9Y+IXgfSrHxiwTQbm8121gh1tim8C1Z3
AnOz5sRluOelTav+0b8PfD/jrTfC1/488G2XibWLZLyw0i41q2iv76B3WNJYoGcSOjO6KGUEFmUA
5Iroq1ZTqOSVndq3a9216u7b6u7vuzmoxUKKp3urL5pWSfpdRstk0rbI+e/iz/wSM0T4weJ/jlqW
ofGD4x2a/tA6XBoniW0s20FYILGDckUFqX0tpIwsMk0O5ndykrEsZAsi9bov/BOrT/B/ibw9r/h3
4ofFLw34k0vRbHw9rGqWEmk+b4xsrPcLdNQiksHtzIiu6ia2iglCsQHGBj1nwj8R7LUtZ8ZvN4y8
H6tYeHr1YpYLDbFN4dUW8bvDfyG4kBlJLSglINsciAoceY2d4K/a1+FXxK+HOq+MfDnxN+H3iDwj
oTMupa5pviKzu9N04qMsJriOQxxkA5O5hisYuySXRJ/KzSv3XvNa3Tv1TN5pyld7ttfN2ei7+6tt
Vyq2xwXwf/4J7aF8Iv2hfiV8QW8aeOvFDfFPTLbR9Y0DXDps+kpa2qNHbRxiOzjuCI4pJY8yTyFx
Kxk8x8OLfwT/AGLl/Zp8JXGkaD8RPinrHh3SbN7fwzoF7d6bPF4XURPGiWcjWqSzbFbai381xGu1
eABXpHgD48+Bvix4j1vR/C3jTwp4l1fw08cer2Olavb3tzpTSLujW4jjdmiLLyA4GRyK8LX9ujWv
Bn/BQz4jfDTx5H4C8J/DTwZ8P7Xxzb+I5tWkSbyZbp7eR72SYRQWyI0M3ygyDbsYyDJQK7uqd7c0
Wr+UYylv1aV7Pda20uS2uWVW11Fxv6uUYLTtdxTS0ta57f8AALR/FegfCPRrPxvq0uueJYI3F1ez
JbpPOvmMYjN9njjgMwi2CQwxpGZA5RVUgDsK831T9sj4Q6J8NdD8aXvxV+G9p4P8Tzi20fXZ/E1l
HpmrSliojt7gyeXM5ZWG1GJypHap9K/a3+FOu/FLUfA1j8Tfh9e+NtHt2u7/AMPweIrOTVbKFUWR
pZbZZDKiBHRizKAFZTnBFVOV5Sb03v5W1fpb8ETG3KrO97W876L72eg0V5vqP7YHwtsf2dtS+LcX
xA8Ial8NdLtZrybxLp2rQXmmGOFikmyeJmjdg6lNqknf8vXiuN/Zd/4KVfBn9qr4feC9V0P4kfD5
dc8aaINbg8PL4osZ9TtkWLzLhGhWTeWt8Osvy/IUbdjBpWd5L+W1/K93+j+4pvRPvt8rf5r7z3qi
vN9F/bJ+EPiTwLYeKNO+Kvw31Dw1qsk8Nlq9t4mspbC8eBGknSOZZCjtGiOzhSSqoxOADXk37an7
ftz8I/2ePAfxH+Es3w/+IvhnxX400Tw5daqmtG6tFtL+/iszPaNbBo7iRXkAwZY1UAnLEbC1GTnG
CWrcYr1k7L72xOSScnsk38opt/dY+oaK5DxH+0H4C8HfE7SPBGr+OPCGl+M/ECNJpegXms20Gqak
qjLNBbM4llAAOSinGK4T/goN+2z4a/4J+/sqeKviV4jvtEil0izk/sjT9S1SLTxrl/5bNDZxO/LO
5UnCKzbVYhTtNQ3Zc39b2/PT1NIxcpci3/r8Ovoe1UV8z/sw/ttWOtaTd3fxC+Nf7NfiLTtZubY+
FdU8H62tmmoRTyeQIZYJ7u4Uyi6/cI8U7iVuNkbfJXsen/tK/DnVvjBcfDy18f8Agq58f2kJuZ/D
MWuWr6xDEMZka0D+cqjI+YrjkVo4NO39aK7XquvYxjUUlzLb+rP59DtaK4J/2q/hfH4r07QW+JPg
Jdc1i8n0+w04+ILQXd7cwKGmgii8ze8sakF0UFlBBIFavwq+OHgv47aRe6h4I8YeF/GVhpt2+n3d
zoeqwajDa3KY3wSPCzBJFyMoSGGeRUrVXXr8u/4otu2j/rf/ACf3PsdRRXyd8Yf+CrHg+x8e/Gr4
c/DzWfAfiL4q/CTwuuujR9U8QraR6hOEuZbi1VY0kmZreGBHk8tG2meNWKZLD0H9hz9s/wAP/tWf
BLwLdXPibwVL8SdZ8HaV4m1/w3pOoxtdaSby1jl3NamR54oSzkIZM5GPmJ5pwi5xco9OV+qlzWa7
r3JahUfI1GW+v3rlun2fvx++257hRXIeBf2g/AXxR8aa94b8M+OPCHiLxF4WdY9Z0vTNZtry90hj
0W4hjcvCTg4DgZqTW/HENh8XdG0P/hLPClk9zp13dy6BcoDq9+qNEFuYG89dkMW5hJmCTcZY/nj2
kPPbz1/C/wDX+Q7atdjq6K8+0n9rb4Va/wCJLXRrH4m/D6+1i+trm8t7G38RWctzcQWzvHcypGsh
ZkheORZGAIRkYMQQRXBfsr/8FMvg5+138NvGfi/wv498HyeH/A2pXdnqt02uW22xt4ZZI0vbjLD7
PBN5UjxtJgPGAwJB4O/krvySdr/fp9/Zg09PNpfNptL7l/V0e/UVwdh+1N8MdV8B6T4qtfiP4Duf
DGvOYtM1eLX7R7DUXGcrDOJPLkIweFJPFfMn7Qf/AAVd0DW/2jvCXwh+DPxa/Z8Xxb4r0CXXbTVP
Emtx6np13MZbRLHS44rS7hkM96tyZI3V3Ijj3LDOG4aTc1TSu9reicn+Cbtu9km2k1dcrnfRK/yv
Zfi0r7d2lc+16K87+DP7TPgv4uaveeGNP8d/DvX/AB94bt4/+Em0Tw74hg1KbRrggCRXjUiZEEm4
KZUQkAZAPFaXgf8AaL+H3xO8ca94Y8NeO/BviHxL4VIXWtJ0zWra7vtHJJAFzDG5eHJBxvA6UNa2
30v8u68vPYSd1fb9G+j7PyOyorhPB37Uvwy+Iei+JtS0D4jeBNd07wW8sfiC60/X7S6g0JolLSrd
ukhWAoqksJCu0Ak4xXYeH/ENh4t0Gy1XSr601PTNSgS6tLy0mWa3uoXUMkkbqSroykEMCQQQRR/w
Px2+/p3G3Z2fn+G/3XV/Ut0UUUgPjX/gvzbar4o/4JUfFfwl4f8ADPjTxf4m8aaaNJ0jTPDXhu/1
u5nnMiSfOlpFIYYwsbEyS7Uzhd25lB+K/gd8NviR+wd8Sf2cPjho/gb43fFz4Wax4Xs/B/ivwlr3
hvXdc8V/CvU0tljnv9Ltb9Hvba0d0ZZEt1WJkQBN6tAF/ZLxF4j0/wAIaHd6pq1/Z6ZpthGZrm7u
51ggt0AyXd2IVVA6kkCsT4VfG7wZ8dvC1rrngjxf4Y8ZaLehzb6hoeqwajaz7GCvslhZlbaxAODw
Tg0YdunOU4atuLfayUlZ+TUpa6NNJqzQVkpxjGWyUl824O6804R+TkndS0/Lez/Yv8VfFn/gpb8d
rP4lan+0T4f8G/FLX/DnjfwRqPhPw3BLpeqpp8cc0Fre3tzp1xPpc1tNEMQyz2inc4IJbB8x/a1+
DnxR+J3xw07VNB+AvxL8IaJ4O/aw0vxDd2VhpGoammr2KRqs/iUyP5hKTYUbLMLBEqnzAzkvX7e0
VrhqvsJUpQ/5d8tvPllTkm+7tTjF9H8Vk0rKa5lPm3nf5XjNOy6K8211W17Nn5HftWfs2/EeTXv+
Ch/ha++G/jTxpr/x70SwuPh5qVjo8t7Y6haxWP2dbM3RX7PaSW07F/LmkjdgS8auRX3p+zlY/ELw
F/wTL8IWNj4Uk0j4oeHvh7b2VpoGszwHy9Ut7ARxwzPDI8expUXkPwrc7TkD32isGn7CVBNq8YRu
t1yKUYtedpavq1fTYEkq8a7V7OTs9nzuLkn5XirLonbsfhtB4D/aG8Y6j8L/ANprwZ8KPia37X3w
ytn8N/FPwl4u8OXVlpfj/TDLJ5sljfzoticbS0a2shIV1Co21Fk/Rn/gjh4N8OeFv2SUu/DnwL8S
fAUa/qdzqmp6P4g0W30bUb2+lkZ5pjbROzR26kiKESlXEUarsVVUt9YUV0KraMopWT2told3aX91
vVRd0m210sppyad3pv52TSb/ALyTtzJJtWT63+Cv+CwH7I/jzxf+0d+zF8dvhHo8+r+Pvhb43g0j
UYIwSkmhakRBdyS7QW8uLIYt0RJJWIwMiLVv2M/HPw//AOC2ln4q8NWMknwj+KXw8gg8b3Btm8td
Q0W6iNmGlXC+bMssa7XyXiS46hePvquQ+NP7QngH9m7wvBrnxF8ceEPAWi3NwtnDqHiPWbbSrWWd
lZhEsk7opcqjEKDkhSccGs6M1SUf7spNf9vx5benNedusmXUTq8y7xjF2392XPf12V+kVpY+F/GX
w4vPGP8AwckW2s6r8PPGWp+BJPgrL4Tn1258IX0/h2a/kvWuWtXvDCbVgbYsCWfZuby87zsrzbxz
8GPFvi3/AIKn/to2ugfDjx5DpHjb4Gr4S8Nak3hS+stE1TUYbMobWC9khS1JG9FU+YFbaQpO04/S
Lxr+1Z8Lvht8KtM8d+I/iT4B0DwRrZiGneIdS8QWlrpV/wCapeLyrqSQRSb1Usu1juAJGQK7jTtS
t9Y0+3vLS4hurW6jWaGaFxJHMjDKurDhlIIII4INZVaPPTVKX2I1IP1qc97+a9o7L0877PEv2qrL
dunJf9w3Ttbybpxv8/K340+LfgX8Xz+wv/wT+1yx8PfGrw5pfwPu4rLx1p+g+FPtPifRZjZCzXUI
dKvLW4+0rbyGYbvskp2SGSMEEPX6Y/sPfs66H+zT+ytZeENE1T4geItCaa+1CKfxdDHb6vKLueS5
kUwxwW4gXfK+2IwxsgIUquMV7XRXRXrOr7XmX8SUpP8A7etda9LrT1ad9Lc0Y8qppfYSivROTT9f
ed/lZLW/5k/CP9mf4lfDT4afHb4JeELbxZ4y+Fy/DDVdP8Inxb4YfSdd8K39xARD4eg1B1SHVLQi
RmEsbOsLRhGlY4rmfhvonjPQf2Iv2CfDv/Cj/iNL4m8J31tpOqa9caHqUN58OJIbBre5uWsl2FxK
rSwJJdI1qM7ysilA36uUVm5Npp9eS76vklNrXz52r72Sbbd29Jyck1/jt2XPGMXp/wBuJ22u2rWa
S/Cr4U/sn/Fvw7/wRl+E3h+/+FvxJg8RfDP9o238T65oreHbl9Tg0uLU5pHuoLdEL3UQWRWDWyyB
gSVyoJr3L9qP9jfxf8av+CrHxSTx/e/tAeH/AIR/HbwLo+laJqngTw7a6pHbtaNul0y+nlsL19Lb
zmM6SqbZCzEtLlfl/T34s/Grwd8A/B8viHx14t8M+C9At2VJdT17VINNs42YgKDLMyoCSQACeSal
+G3xe8J/GXw9b6v4Q8UeHvFelXkK3MF7o+pQ31vNExYLIskTMrKSjAMDglT6GqhN3TWvK7v504U3
+EFJX63vdaFVaspczenNf/066q+6UrPytaz1OD/ai/Zob9oz4A2vg1rT4b6y0MltKV+JPgtfGOmy
GJcb5LNbq1Vp+4kEoCkthTnjwX4M/wDBL+f9nf4l6X42tvBH7H9zc+HGe7ih8E/s+xeG/EEzCNgE
s9Ql1ySO2lYnAd0K4JBwDkfa9FSm4zc46Nu/zMmk4Km9krfI8H+Jn7L2pftcx6c3xMt9E0LT9IuR
eaXZ6ETNrNhKCw81dWZVktneMhT9jSKRMuBcupzXB/8ABbDV7yL/AIJ4+MPD2k+GPHXi/XPFLWmn
6dp/hjwzqGvXLOt1DK7yLaRSGKNY43YySbVJG0EuyqfrSik27JLRJ3+en52G9XeWulvl/X3n5+/8
FEvF2tf8FSf2fW+Afwv+H/xOitfG+oadH4m8V+LPBeq+EtM8M6bDdx3E0i/2pBbzXVwywFI0t45A
GdS7IMZ8/wDiH+xPe/Ef49/FLwF8S/EH7R9hY+KPHdr4w8Lx+D/C2nXugaxHaRWj2LPrB0e4m0+4
ga2ETLc3sC4T5MrIQf06l1a1t9TgsZLq3S9uo3lht2kUSyohUOyr1IUugJHA3rnqKsVcJcklKPm/
m3Bry0cItaO2vVppTXNTVN7Lb7mnf/EnZ2ttHtr+Tv7Pf7Ovw9P7Kn7asWo/s+a7HbXXjLXNT8Ja
XffB3UYri7trvToLa0k061ksA77p45MiBCYx87hFYMe28NeEvGfw3/Yh/ZB+NPgz4beONX+Ifwe0
Kx8HeIPCs/hy60/XLrTrq0isb2A290kcqiC7it7gORsMcLurFG3H7v1P9qHwBo/7ROl/CW48U6aP
iRrGly63a6AhaS7NlG21rhwoIjTdkAuV3EELnBx1XiDxda+Gb7Sba5i1SWTWbv7Fbm0025u445PL
eTdM8SMsEe2Nh5sxSPcVXdudVJTk4wUY7WpL1VKMof8Ak6lKMreiKqe9KT63qP09paX/AJLZSi/m
+58C/tXfs2+J/hf8a/hpqmoa98XrDwJH4J1Pw9rWr/DjwfY+KL2LV727iuLyW50+bS9Rl8i8+fMl
vDlWj2uQrDOX8H/2f3/YF/aG+GdpeeD/AIt/EH4OWvwvl8CeFb+50KTxFqvh27bUZZpI76CzgBto
7u2NqglMKRxrbJHK0eDn9IaKj7HJ0vL7pKomvl7SfLayV1dPW6fXzS++Lg0168kebq9bNX0+Pv8A
ghx4Y8SfCP8A4Jg+BvDnjDwH4s+H+p+Fvt8LaXrFnHHdSQtdzTxyRwRPJIFKShQjqkm5GGzG0t8N
/tEaXbfHH/gnl8bfDV78FfjHr3iPVfjw/i3w7Z6h8GfET3BsLjWIJjeweZp+Yw1jHdq+CrhX8tgD
Kqv+wvxW+K/hv4G/DvV/F3jHXNO8N+GdBtzdahqV/MIba0iBA3Ox4AyQPckAcmqHw++O/hr4qaL4
R1Tw9c6lquleOdIGu6Pfw6RefY57QpE6vJMYhHA7rMhSOZkkcb9qnY+2+ZyxDxC1aSXz5o1Lvzbp
+WnNbydkqaprRczkv/AZRt6JVHf/ALdv5/Iet+AtL/Z4/bv8W+PdX+G+v6r8J/ih8P7HQ9Gt/DXg
K91R7O+a6u59QgvbG1tnmtmu1ngZ5Z41QmLbK6sgB+cf2d/2YL79lP8Aan/Yqg8afDTxnquseAfC
Xii31nW7HwHqOuw+G4LybzNG06bUba2mi3W0bTQhVlKwncflWRS3681ieH/iHpfiLRYdQSS8sILm
8ksIl1Wxn0yaWZJXiKrFcpHIQzIxRgu2RdroWRlYkJONuXpt6PnSXr+8dn6ab3mWqlzfatf1Sir+
jUE2u+t9Fb8gPh1bap4T/ZQ+DEMfwn+M1jqGgftPX3i++tIfhR4gS7s9FOpX0yXbxrY7xF9lurYD
jJGYwC0Tov3V/wAFc/B+u+K/hF8KNS0Lw94h8SJ4U+LPhbxBqdvo+mzaheQWMF8GmnFvCrSuEUgs
FUkDJIwCR7p8E/2nvAH7R9/4rtvAvirS/FMngfV30HXGsHMsVhfIoZ7cyY2M6hhuCE7TkHBBFd5T
jPl5HH7M4VF58qpW+TVNP5vyCouac5P7UZQf/b0qjfo06jXyXmfjj+1HZ6r498Kf8FEryw+EPxjl
8Q/ExdBtvCefhdrcl1q0ltp8EBWCVbRkdYbuNzvVzGNvmKxRlc+h/Gb9nHUf2jvjT8SdJ+JOtftL
6H8PvjtouhS6EPCPgG1vLe4t4rGGN7C/kutFub3R7uK6WSUGeS1jX7RuDK6yEfoZ8J/2p/h78dPi
J428J+D/ABXpniPX/hzdRWPiS2si0i6TcSeZtgkkA8syDynDIrFkIwwXIz39TB2hFNaWjb0UUk1v
q7Jp6ryaZcqjcpW3Tl6p3Wj9OW1tHq1dM8A/bJ+DkHj79l/QdAu9X+Iuhajo19p2oafrvh3S013V
tGvbIefFdS2/kyrcqGi2uohfe0gCqCQR8ceI4Pjv8Q9K+EPxF8dRfEfwzofhbxB4jsdT1n4cfDuJ
df1KK6S3TT9fm8O6jY6hcweYiXEMsawNcx+cHAWNnA/UavOfGv7Xfw0+HvxN8D+C9W8Z6LB4q+JM
89v4Z0yOUz3GrNCjPMyLGGwiBGDSNhAcLncQCk25vq5O9vNpJ+bdo20e26bUXGUlGMbLSK1emyUu
ttlzX12e1k5KXwPr37J11+x18FdD1v4J+IPjoPFHh/TtUXRrfxR8N38S2HjG31W9N2+mX1hZ2dvJ
pyG5QlSFtBbrIpl+TMY7L4mWvxM+Gnx10HxX4H8N+KT4p+IWo+G7fxr8NNT8ES6t4Tna3gsvPvbP
W4oxDp72cT4Rp5jHJJZMEhaTDH9DKSSRYY2d2CqgyzE4AHqauFTkab1SaevZNu3o23zdL6xUZXbT
je/dpp26t2176W01vbRtpJL8krH4C+JvHnhj9r/wz8P/AIa+MvD+nar8ZtC8aQaVd+Cb/wAP2fi3
RLZtLbUo7Nrm3hgneaS1u8oGzLnJysoZof8Agp58EB+1fonx9+KPhP4WfEPUPD3iX4Pp4Og0i8+G
+rRar4k8TC+aWwuE0uW1F0GsowVF48KonnjZJhWI+/bH/gqV+zJqerQ6fbftGfAi4v7iUW8VtF4+
0l5pJC20IqifJYngADJPFd98X/2oPhp+z54U07XvH3xE8DeCND1iUQWGo+INetdMtL2QoXCRSzSK
jsUBbCknAJ6VF2qcF0ikk/P2caX/AKSk0uk/eXY05mqku7d2v+3/AGn/AKVo31j7u+p8afsuart/
4Kw+GrvRvAXxK0DwjL8CdP8ADpv7r4e6zo2kRX8V59rS0klntYoo5I7eRsByNrM0fEmUryH/AIKN
v8S1/wCCpfi7xb4I8DfEbxP4e8MfDjSrbWtGTwNrb6X8Qo7TULq9utFg1GG1aIytBNFIoV2inkT7
O+4NIlfd+if8FQP2afE1zNDpv7RHwM1Ca3t5buVLbx5pUrRQxRtJLKwWckIiKzMx4VVJJABNdr8D
f2rvhd+08mpN8NfiV4B+Ia6MYxfnwz4htNWFiZN3liX7PI/l7tj43YztbHQ1pKUnOFRbw55LrrOU
3d+Sc2rdbJN73xilCFSn0mqcX6QVNK3Zv2ad1qm21rZr4b/aY0rVPjz+0H4c8fXkn7Rvgf4O/ED4
c/8ACJx2/hn4ZR6hquiXf2uY3dnqel32jX15axTxPCqzQwrGfsvzOVMLFfjh+zvrv/BPbSvgD41+
EemeKNZv4NFT4K6mNZlhm1a4sr7CaNe3rRiNHa0vVg3YXKRXEwAyK+6/FP7S3w58DfEvT/Bet/ED
wTo/jHVYmnstCvtctbfU7yNVLM8du7iV1CgklVIABNU7z4IweNfitYeMtR8X+I9d0mweK/0Xw+5s
V0bTbkQSRfa4mit1uZXZJnOJ7iWMFgyIpCkTCUVy2Xu8zb84tzvG/dqdSKa2ve17t3Ju7btzctlp
1Sioytto4U5O97uN+0TJ+KnwXHhr9iDxP8P/AArZSXBtfBd5oel2seN9w/2J4o154LM2Mk9S2TXx
B8LdC8S+CPDf/BPvx1qnw8+J8GnfC7w9d+EvEttH4Pv7jVNKuLjQre3SSWyjja6jtxcwPEZWiCg4
YkRlXP6X6Vq1rr2mW97Y3Nve2d3GJYJ4JBJFMhGQysuQwI5BHBqxRGclOc3q5uLf/bvOvxVSX4Mm
UE4Rh/KpJf8Abyjv6cq/E/EzwP4Ul+CXx7/Z98UfEP4NeMPDuq2X7QPxA1C1kuvDMeoaxf6XdWup
3kTWsFqZrqWJGKSbFTLMgaJZPlY+jftFfDfxPoH7OHxA8R6d8OfijHovxT/aE8O+OPDnhnTfBWp3
2o2Gl2dzpcl7f3FlbQPLZee1pc3HlTpHISygr5rlK+/v2kv2HrL9pX48fC3x/d+P/H/hm/8AhHqE
mqaPp+inTBY3NxLE8ErXAubKaVw8EkkRCSIArkrtfDj2+ro1fZqnOO8OVJeUZU5a/wCJ011W8rrV
WquvaSkn9pNt+cva7eiqP7ktr3/L7x9+yHe/Gz4+/FDwp8Sde/aU0yx8ceO7Txz4Vi8J+ELCXQ9V
S3itJbBpdVk0aa40y5t2txE6XV5b4CYXhyD9K/8ABau5vbn/AIJo/E7w/pXh7xl4q17xXpbaRpen
eG/Dl/rt3cXDkMA0dpDI0aYRsySBYwcAsCyg/VlFZJ8tKFKO0bed7KMU358sUm/LRJaDi7VXVlq3
d/Nty08uZtpdtL9T82Pgn4L8E/tAf8FkPF/jK3+Dni620LxR8KNP01tc8UfCHWNFsr3WrbUHmczS
39hErTJDFZlZJD83kxqjEoAOU8Hfs5eLPFP7JfwW+CWoeC/GOn/G/wCFnxGtPFOueJ5PDN7FpMcU
WrSXWoalBq4iFrcm8tZJE8mGZp3NxskiUK+39N734h6XaHRjHJeahFr12bK1n06xnv4FkCSOTLJA
jpBGBE6+bKUj37U3bmVTt1UJuKhy7Raa9VN1F8rys11ikrp2ZDh8d/tJL5ezVL72ot3/AJr9Lp/i
Rpfw/tfDP7BfjHw1onwK+KmlXF3+0zb+K7HSrb4M67AzaCuuQ3KXKwLYDEC2Ecq7duVXEW0F1Q/c
f7DOrXJ/4Ki/tWzt4U8f6Novig+HbnRtS1Twbqul6Vqf2PT/ALLdeTc3FvHA7LIyAANl1BZNyqSP
tSuM/aB/aJ8Efsq/CnU/HHxF8TaX4R8KaOE+16lfybIoy7BUQAAszsxCqigsxIABNEKihBQeyVvP
4KcFr/3Di/NtrsVUi6tSU/tSbf3znUdl6za9Ej4m+NVj4i+F37V37aeo3fgT4jarpnxD+HGiW+gX
uieFr7VoNRlisdRtnijNtG++UTTQoYlBkAkEhURK8i+OfAfwz4li8Y/sh6F4X8A/E/wjq+kfAHXP
B2qanc/DjWtMsdA1i5trFbeK7uJLNY4j9qtLhyzHaDtcnEqM/wCs+karBruk2t9ayeba3sSTwvtK
70ZQynBwRkEcHmrFRyWjKnP7SUX0dlCrD5O1V/NLTdFe15nGpDpquq/5dv5q9NfJteZ+c3/BNP8A
ZRhT4n/CjxN4k1X9pCH4j/B3wvN4VutD8T+FdN0Tw9pME8CrPDFe2ukWseqQedAjRGK6uGU7XfBL
k9B+07ouhaP/AMFo/A3iW++GXjDWNDk+FXiDQfFWuad8N9U1fT70zy2ktrZ3F1b2kkdxmGG7AiLP
tL7MBpVVvufU/FVtpPiHTNLli1J7nV/N8h4dOuJ7dPLUM3mzohigyD8vmsm88LuIxWlWlarKpNVH
bRT9PfjNS/Gbereu7ZlThGEXBX15euvuuLWv/bqWy0Pxj/ZT8NXvwt/Z+/Yy0ey+D/xd8O6l4O+N
Ot6xr1vB8KddtDo2nz/2pFHPOVsgqRNHfWS5JwUDDpDIE7zw58FPippf7FY0SDw58WvDU/w5+Pmt
eK/Ecei+HrefVdQ0mfVNSnhuNLgvra4g1Ax/abS6wkMoYRlY8zKFH6wUVUqzb5ut+b5p02vO3ud7
66NWLdm3daNNfJ+1vvdX/euztpZaM/H74y/sd+CvBnxO+Bni/RvCnx9+Kt14j+N9r451vXvFPwru
Te6XbiyeC9kNrZaPanT4HnSwZ45YIzNJH5oV1jZx9MeK9W0/4X/8Fb/Cdh4c+G/jyDwv4f8AhZqv
haGbR/h/q0PhyG/ub6xu4LRL6G0+xxq0cUhMokEUbAq7q/y1900VknZKK2TlbbRSpeystLaR20tf
pbQUveu5btRXzjUdW76u8nZ6rTrfU/If9nL4VfEPxF8XPg/c6b4H+IHw7mf4ReMvBlpYf8INqWna
V8PdUmks5baza+uEe4mO5XP22aYwTtFvh2FnWvT/AAj8Cx8dv+Cd8Hgrw/8ACfxt4B/aP8A/Ci+8
B293qegXmkW2lTXFoEuEh1J41sb2O4nt1YSW73BVpVdgmXI/SmirnPmjKNrXXzT5qktG7/8AP2ad
7tq13u3am1UjVeri7+vwLW1v5ItWtZ3srOy+DP2FvhFoPhn4s3XxtvtX/af1HxL4f8EP4W1nS/GP
gO10aLT7WCSOdLWC107RrNtUljZZBC9oblNpdVYl0B+2vh38QdJ+KvgnTfEWh3Ml3pWrQie3kkt5
baTGSCrxSqskbqQVZHVWVgQwBBFaOr6XHrel3FnO1wsV1G0TmCeS3lAIwdskZV0PoykEdjUXhrw3
YeDvD9lpWlWkFhp2nQrBbW0CBI4Y1GAoA6ACnOq57q1tvm5Sl97d1u97tvUyhDlSSd+9/JJR+5K2
1trJJF2iiisiz5x/4Kkfs56t+1X+zPa+DfDPjbTPAvjWXxFpureGLzU7b7VYXepWE326G2uIekkT
i3YkENjaG2sVCn41P/BTL4n/ALKkPx5v/jd8DfDPhj9pL4ffC6TxJa674dnM/hv4gaZbTiKKXfgz
p5FxPzHIxIV5PuZFfpl8VPgx4V+OGi2em+L9A03xFY6feJqNrBewiVLe6jDCOdAfuypuLI4+ZGwy
kMARyHgT9ib4aeANO8S20egXevt4ws203WrrxRrN94mvdRs23Zs5LnUZp5jbDe+IA/lAuxCgk1m4
zUZxi7cylbyk4cqknunor7pxVrXd1rzxbjzLZxv5pT5mmtmrbXs1J3vZWfwfoX/BSX9pD9nj9hD4
ofGrxx4N8R654Usvh5pvinwrrXik+Homudau3CSW0dvoty7f2Yont5ImnC3ARZVkkZiCO++Gf7RP
xs8G/wDBQX4YfBbxJ8UJPFmjfEv4Yah44vdUbQ9Otr7StQUJGILMwwJF9jjaTfGs8csuVAkllX5a
+o/hZ/wT/wDhJ8HPgdqvw00fwtLceAtYtZdPn0LWNXvtas4rSUYe1hS8ml+z25/54w7IwRkKDzXy
n4b/AGGPFHwP/wCCyPwn8ReBvhV4xX4K+BPh9f8AhCbxJqHiy11RYZbh1niVBe6hJqLW8QQQhTH8
hICJ5Y3V01JRqV3GKtGXMl5L2dW13snzOFpKzbSvbryxjOGHu3eUbN+fvUlot3optxd7cztpt86f
s+/8FOv2g/FvwJ/Yp8S6t8Ub+/1H4ofGTVPBHi5W0HSI4dd06K8mSMMEtAYZFSEKGtzFkOxbccEe
z/D3/goX+0j+0f8AtvfFDTvh34J8Taz4W+EvxOtvBF7pUD+HrXQv7IUxi9vrya8uI9UN9gySwrap
5GxVVlkYlh9LH/gjd+zmus6FfxeBNQtJ/C3ieTxloiWvivWbaDRNUkfzJJ7SKO7WO3R3+ZoYlWJj
yUNehWf7Cvwt0v8AaQ1f4tWPhufTPHXiGGGDWbuw1e+s7TXBECImvLKKZbS6kQHCyTRO64GGGBgp
1EpRlNXs27dNqVk9rq8KitppO610NMQuadR09FLReS5qrfo+WcNddYWejuflb8T/APgqD+0b8J/A
v7Rni5Pixe6tD8Gf2grDwTpGmXfh3R1hvtHmuBHLaXMkdorsNrjbJGY5VK5LsDgfYnib9o/4oftW
f8FLfit8DPAvxOm+DyfCHwzomt2k0Xh6w1c+I7m8ZpJvtUd0pd7NI/Kj220lvJvkY+dwFru/Ff8A
wRF/Zr8caH4y0zVfBfiW80/4g+Io/FviG2bx94iWLVNVjMjJdOq3wAcGRjhcLlY+P3ce30/xz+wZ
8K/iN8aPDXxF1Tw5d/8ACdeE9O/sex1yz1vULG8msc5NrdPBOhvICeTHc+ahJJIJJznh2oQpxnq4
2v5/uoRv5/vIylZ6NSbdnoVX1rVZ09FK9l2/eua06fu2oXW1luj4k+MH/BQv9pX4k/8ABQv4zfDb
4N+EfEXiN/gOfD0cOkaYfD1rpfiI3qLPeS6rNqdxFdxR+SXW3Gn8rIhaVnVgtfeP7WPhLTfiP+zj
4g0LX9Nt9R0jXo7ex1GwulEkNzBLcRJLC46MrKzKR0IJrM8UfsJfCzxb+0JafFWfwzNZ+PLXTxpM
up6Xq19pg1KzH3ba9htpo4b2Jf4UuUkVccAV0/x7/Z78NftLeAf+EY8VHxH/AGObiO6KaL4k1LQJ
3ePJQNPYTwSsgJzsLlSQpIJUEKdpUI02rvrfr0fya15baNuKdtRt/vXOOi0tbpZL8b31vdrVq+h+
W/w40Hxh/wAEOv2rdH/Z71O01jxj+yz8c/FNpH8N9SkBuZPA2ry3scraVOzf8sXIZkJ5yN4BPnGu
3/ab/wCCk/xi8H3f7ZXjjSfFK6Dpn7KusaRZ6L4U/smzksPE0E1vFJOb+SWJrrMhmPltbTQhNiEi
Qblb9JfEPwm8PeMPCel6JrOmprWn6NcWd5aLqEsl3LFcWkiS285lkZpGlSSNG8xmLFhkkknPmPx7
/wCCcHwZ/aa8RavqnjPwhLqNz4jitYNajtda1DTbXXktZUltxfW9rPHFeGJ412GdHKruUYVmU3zN
8qlJtq6u9Xa8HFtfakkpR1eqau7ptyuXm5rWTacktm/e5kn9lSupaapp2spWXrngbxN/wmngnR9Z
+zy2v9rWMN55En34fMjV9je4zg/SvmL9rj9qD4ifCz4zXWkeHPF39kaZFbQyLbf8Mz+N/He1mXLH
+09KvIrR8n/lmqBk6MSa908Ofsx+BvCPx/134o6doYtvHXiXSbXQtR1IXc7C4srZnaCIQlzCm0u3
zIgY55JwK72pq2lJSjpvp99lfrpbdf5k0uaMeWbu7LXu7K78tb7dNfI+Pvh94q0345+AbjxV8VPH
l5pHiLRL77DofiDTfhz4k+FGowb0DfZo7XV7iaTUtzchAskLNhTEzCvWf2W/E/xQ1jXNZtvFkf8A
avgyCKN9A8Qanpf9h65qGQNy3NirMOOSZWSzbJ2/ZQB5jeszeFdMufEcGsyabYSavbQtbQ3zW6G5
iiY5aNZMbgpIBKg4Jq/TUkr269Onr6t63Vn0fNuxpvf7+v8Aw3Szv3Vun5/fAPWE+K//AAX3+O+n
/EeC3uNX+G/hPQn+F9neKjpa6ZdI7ajfWqtnEz3KpG8igMFRVzgVyH7Qn7cnij9k/wDa2/aLn0f4
J+EdL8UWHh/ww1z4h0rxaL2XXY77Vriw0qeSxnsrOIXCedOZfNvVjUJGvmuo3r9wftCfsYfDT9qX
UdH1Hxp4ZW913w6WOka7p99daRrekbiC4ttQs5IrqANtG4RyqGHByCRWX4M/YA+Evgrw74t0weFZ
NeTx5YDSvEd14m1e+8R6hrdou/bb3F3qE09xJEvmSbUaQqm47QKUHaEIv7KastL3bd77pvdvX3ru
2yW05JzlK3xOD9FHlTW+q93TZ7a6Nv4T/aO/al/bL/Z0+BHxF1maTXvCeh6bqfhw+G/EHxF0jwtq
OvXYvdRjsb6z+z6Fem0WONp4JY5nj3Fd8bAsVlXv/i1+3v8AE/8AZE+If7TXhq/12/8AiZJ4IsvC
GpeGJrzTtNtbjTptevJbF7YCMWsMkEMiLJGbiQNglZJyB5g+iPGP/BKv4LfEL4NR+ANd0vxzrHhe
G8gvUgvPiL4jmuFaBt0Ef2lr83HkROFdIPM8pJFVwgdVYaWmf8E0vg3YfELxt4ouPDuua3q/xH0V
fDvib+3fFmsaza6zYIu1IJba7upYCEG7awQMm+TaRvfdSlGzi139WrRsutndNcy1s72bbTiNr3fl
8veu+17xvo+rtokrfEX7Sn7Un7Z37OvwI+ImtPLrvhPQ9L1Pw63hzXviNpHhbUNevvtuoR2N9ZGD
Qr02iRxtcQSxzvEWK74yCxEo9B/br+Lvxz/Zo8P+JdJ0z476vr2v+FvB2t+ObaDw/wCDdLfWpyk7
vaRaks9s9jDpUUatEZFkt7qdozsLMj5+ivGP/BKv4LfEL4NR+ANd0vxzrHheG8gvUgvPiL4jmuFa
Bt0Ef2lr83HkROFdIPM8pJFVwgdVYdH8VP8Agn38J/jZ4pg1vxP4e1LU9Uj8Ov4SuJ/+Eh1OA6pp
bhgbW9EdwovVBdnU3IkZXYupDndWVbmdNxpu0ves7d4WjffaaTfdXe7d7ouCmnUV1o7ekk2vRxv8
7LZK3xnrPxG8Xal/wUq+H3xNvvHfjGK2s/2b7vx1c+G9Pi0/+zbiQXFjJcWaLLaySpFOyozMsgmz
FGFlVAUOVpf/AAUN/af+EfwquPjjrngbxl4g+Fd38Nb7xVqa+IpfCdrp2maolmtzZDSP7KvZr6Sy
m/eI63gllVdj71w6j7m0D9gn4U+GvE3gTWrbw3dPqvw20Q+G9AubnWr+6kg07fG4tpjLO32pFeGJ
0+0+YUZFZSpGaPhh+wR8Kfg9b6vaaF4bu00bWopYJdDvtb1DUdDtI5VdZY7XTrmeS0s0dZHVltoo
wysQQRxXRUnG0owWnv8AKnsuadWS817s47P3ZQur8zOehGS5HVd/g5vPljTT19Yy6e8p2bXKj5N8
NeEfGmhf8Fc/2Z9U8YfEq9+I03iP4beK9RR5tLsbG302WQ6S0kVp9mijJtDuTyxOZplAO6Z8jHuX
7bfx1+Ifwf8A2vf2YdG8OeIdNsPBnxF8XXmgeI9MfSEmu74Jpd5dxMty7kRIrW4yqRh2JB8xQCrb
3wz/AOCV3wG+Evjzwj4n0nwKbjW/h+s8fhe41fW9R1keG45tm+KyS8uJUtox5a7EiVViy3lhN7Z6
z4+/sT/Dz9pz4h+CvFfjGx8R3mufDu8OoeHprDxXq2kx6dcEFTN5VpcxRyOVLIWkViUd0+6zKXKp
C9Ky0i3deTnKVvPSVteut7glPlqXd3KNk/73Io38tVfT0sfBfjb9tP8AaG8F/A747eP7z4rafPff
B/44Wvg6w0yz8IWUGmalpc1xplu9vcrIZLggC9aRWiuI5A6ndIyEIkn7aH7af7QH7L97+054d8N/
FK11af4aWfhDxFpOq+IfC1jc3dpDrN3cWlxZRLarbQ+XG0cckUk8c0gAdXMhYOv1HqX/AARn/Z/1
jwf4o8P3Wg+PLjR/GuvReJ9ctn+JnicrqepxHcl3If7QyZA2xiQRlooScmKMr4z/AMFXf+CXdj4q
/Z4+JGqfCP4c+PvH/wAWvifBpGg6ju+IFzJBPYWd3DcKbiPVdSS1KRpC6oUVpQ9wxAAklesqc1GF
OMleygm+7Uaab9HOMpN9pNvdo6JJSnPl2bbXSyc27W2uoPlXna2ya2/jb8TPiN8NPi38ZfhP4k8a
X3xF8LeJvgxrHjawur7TbGzu/DNxEWtZLMG0iiD2solDRecrzKYZAZZOo4T9if8AaX+Ifwq1z9lT
weNasL34a6z+zc3idtAg0lEvWvtPttMUO92zuzhluCFREjCnO7zMjb9WeCf2A/hhq3wg8R6fe+Ef
F+kTfE/S4LbxMup+MNSufEAtwCw059SjvpZ44Ii8ieRbXP2cB5FTKOd1P4Vf8Ep/gn8FfiF4J8U+
HtH8a2+tfDnTH0Tw4918QvEV/Bplg5+a0WC4vnhaA4XMToyYjjGMRptqPuKcG9Wkrqz1SxCTts+V
1YWd/e5OZ2bML86jO22tnpo/Y313XN7Od9NOayueffsS+Jfj5+0r8Lvhr8Z7f4q6Dc+Gfin4Vm1b
VvDGoaFbSWfhS4uLcSWP9mvbpFcTCGQ7LhLu5fzMMUMJwg+VNP8Aij8V/wBr7wF+w34j8T/F7xXo
3iTxH8VvEuk6pc+HNO0u0tZ2tI9bSCdbae1uE3JFbLEqyeYoR3JDS4lH6I/Dr9gH4WfCOXWx4Y0b
XdBs9dM7vptj4p1aHTNOlnDiWews1ufs+nzN5kh82zjhky7EMCSa5vwT/wAEo/gT8Pvhj4e8Hab4
T1j/AIR7wl4hfxTo1vd+LdZvZNM1CRXWWSGaa7eVI5VklEkIfyZPOl3o3mPnRVaaq88Y2inFpb2t
Jtq71dk9G9ZWSdrJpyUvZyje7akr7XvBx2W13ZtbLW17u/yBqWk/FuO0/b0134LeOdb8IeOfB/xN
g1qKKw03Tb5vEEMHh3S3msWW9tp0R5Iw2x0UFZNmdy5Q/Xn7I3xfv/2o/ijeeP8Aw58Rdd1v4VR+
F9ItLDSZLLT1tb3Uri3W9mvWlS1S5Egt57RSglEQaSUeWpUAXvCn7LXg/wDYh1jxf4w+Gnw8+IXi
zxF8StVin8RWlr4xmvzdSsNv2x49Y1JLaNY0CoTD+88tUREZVCjoP2Fv2W9N/Y6/Zo0PwTp2nabp
bxTXWqX9tp5JtYby8uZLqdIiQCYkklZEJAOxE4HSopzXs0n9mFOP/b0YKEt94tJNWtaWu46i95td
ZTfrGUuZX7ST07tN3dtH8Y+I9O8dW37aP7eHiTwH8Sb34d6z4O0/wxrcMiaXYX9pqT2+hSyiC8W6
ikP2ZgpDeQ0MozkSjGD1cH7XfxE8D/G34A/Fjxx8QvEGhfBT43eCXuLzwo+l6Yln4Z8Qf2Wl9FGb
k2f2swSQx3bBZJwRNGo3FGEY+oPit+wN8J/jX8R7nxX4j8LSXer6nBHa6stvq19ZWXiGGMYji1K0
gmS31GNBwqXccqqMgAA1zP7Y3wMP7Xz6L8KtW+HV/N4K0/WdH8SXXiS8msBpQWxu1ufslvEtw12b
hjCkZ326Q+XM5EhI2nKkrKMG9Xyx8oq0ozl56NSSfwygrXbZVRptvok3po2/ccV8nFptauMmnZFr
wN4U+IMf/BP2+i8W/ETxfP481Tw5dahNr/2XS7bVNIklhaVIY1htEtd0AIjDmAlipY8kY/Pj4D+E
/E0/7Jv/AATKeXx/4h1TVfEfidNQi1DVLSynl0eOXwxqBaC3EUEQdVAco9z58m98yNKBsr9ftQ06
DVdPntLmJJ7a5jaGWJxlZEYYKkehBIr530//AIJNfArR4fh7FYeGvEunRfCq8a/8Kx2XjfXraPSZ
mG3cqx3gDgRkxKsgZVhJiUCMlK1hUiqk5WspOm/RQcm16u6130d99YmpSpqLetpp9m5xST9FZ6bK
+h8v6D/wUM+Lml/CmHwGb7xd488cXXxs8Q/CyLxFo1j4ftPEE9jYWtzeR3EUV61rpX2zy40TMiiI
7XYQu2Eb6s/4J0eLvjX4j+E+v2nxy8P6no2v6Nr9zaaLdarNpB1TWtI2o9tdXkWlTzWkNydzo6xM
qkx7lRQwFReF/wDglV8DvCHw58VeFLXwxr8+j+M9bXxLqYv/ABjrd/dHVQSf7QguZ7t57W6zyZ7e
SOQkKSxIGPY/hl8JtG+EXhJdF0Yaq1sOZLjUdWu9Uv7ptoTfNd3UklxM4VVXfJIzAKBnAFKElGnZ
q8nGKfbmUYc0lba8lLurSel9nU1qPl0jzSa72cpuKfe0ZRXrFavr8w/8E+vCeleJPjf+2dpOpabp
9/pWofFkpdWdzbpLb3Cv4e0cuHRgVYMSSQRzk5rgP+CJXgnRPtHxtsNBhj1L4a/C/wCKmt6P8Mrl
naWHS7OWK3a9tbQn5Tbx3JljQrnaN6g4zn2TR/8Agj78DdAuNektbP4oxp4rvzqeuwH4teLXttdu
WVEaW8hbUjHclkjRG81WDKiqcqMV7bofwD8JeEPgsnw78P6OnhTwfDYNpltYeHZ5dFNjAykEW8tq
0csD8kiSJ1cMdwYHmlz2irLVUoU7dLxUFzX/AO3GlptN+jqpaUmuntJTv1s+fS3nzJvX7K33Xyt/
wRY8C6R4v/YV0i81Kwhu7rw/8RvGV/p0r5D2k517VIi6kdCY5HUjoQxyKv8A/BDzU7Hwp/wS68P3
95NBY6fp+s+KLi4mchI4I013UGZ2PQAKCSfQV7D8Bv8Agn58Mf2Y/gzr/wAP/A1p4y0Hwr4keaW7
t08c67PPBJMWaWS2uZbxp7R3d3dntpI2Z2Lklua4DQ/+CMHwB8N/Dw+D7PSviXH4Od3eXw63xY8W
yaNcGSUzSCSzbUjBIryMzuroQ5ZiwOTmpTu5W0TUfvS106+WuvkKT5m5S/ncvk3JpX/7e7WTvufN
nx48LeOvgPd/Hf4ieGfCXhv9pf8AZu+L97cap498OyquneL/AAy0VnDbXJtzcr5V7BFDDvW3kEci
YUITncfrr4zeLLT4of8ABMPX/EXgDxR4g0LTtU+HcmraDrdiIY9RigOnmaGQebG6K7IFBOzI3Hbt
IBGr46/4J3fCP4iajfXF/wCHdUtk1m7kvdYtNK8SappNj4ilk2hjqNra3EcGoKVVU2XSSqIwIwAn
y16zqXgvSdX8GXHh24060k0K6sm06SwEYWBrZk8sw7RgBNh24HGOK5cRTc8HPDxerioxfZKLSTfV
K65dLpXTcrpR1pVOXEwry1SbbXe7i7pdG0ve1s3ayWrf5Z/sy+I/j74a8MfsYfCnwp8drjSfDPxc
+El5qbXt94Q0y+1bQ7m00q0khEUuxIZYI2uYgiSQGTbC/mTTGQMnonin9sH4weDP2ufA8UHxLuPF
3h3U/izD8OdVsNK8NWcfhS3tDZSFt93NCl42rCeNi62txNbRf6tlDK1fSngH/glb8Efhf8QfAPij
QfD3ifT9Z+GFkdO8MyL43114dOtyqo0Rga8MUqtGkcbCVH3RwwocrFGq2dV/4Jg/BPV/Fd3rUnhb
VYb678Ux+NgLXxRq9rb2msoxY31vBFdLFbSyFiZfJVBNn94HrvxFeNTE+2t7rk21vdOqpWv39nzR
v3tr1XHGlbDOlf3uWye2vs3G/wAp8sl5X2ej+NtY/bT/AGgvBnw9+K/jfWPilZ6jJ8K/j/p/gSHR
tO8K2VjpuraTcXWl20sE3mie4Uhbx3R451dXBLNIhWNPfbr9qPxj8M/28b3wv8T9e8f+B9A8S+II
NN8BuPDun3fgrxDbGBXFu1/HE93a6lJJ5qlbqaKNtqCGNzuJ6fU/+CNX7P8ArXg7xB4fu9B8eXGk
eKvEMXizVrd/iZ4nIv8AVYzlLx2/tDcZQwRs55aKJiCYoyvpc37Efw3vfHGjeIbzSdY1O98P3T6h
YW+oeI9TvdOhu2LE3ZspbhrZ7kFmInaIyruOGGTWFOSjCmmrtJJ+fuUk3688JNXurTd1du21dczq
OOl+a3S3vTcdulpRTtr7uj0R8a/BD9un4r2v7WfgI6n431D4h+C/iFo/i7ULmG00C0tPDKSaXtkt
U0O5NvBqE6+Wdsktx58MjEtE+3Fdl8CNc+Pf7T/7LHhj4yw/Gb7F4W+KXgS91nWdDtNK0+GbwdNN
aebZnRbgWru0kL5jm+3POGO5kERAQe6fDf8A4JifBT4ReJ/CeseHfC2q6dfeBbu8vPD2PFGrSw6P
9rXbcW8MT3TRpaOP+XUL9nU8rGDzW98J/wBg/wCFvwP1bU7jwv4evdMtNVlmnfR/7c1CfQrSWXf5
slrpkk7WVo7+ZJua3hjLeY+SdxzjVgpUJ0lu4tJ9r897978y1eseRW3ZrGSjVU1tzXt3Sat6bapa
NyeySv8ABf7CXxb+LHwN/Zp/4J7WVr8Tb7XvCvxhmSy8Q2GsaNYy3ojbQ7i8jggu4o4ytvHJb5/e
RyXDs+WuSo2HrPiN+3F8Zrz9k/x7+014a8Yz22n/AA88d6hoCfDWXR7F9L1jS7LWTpsiyTmE3638
oDSK8dwsSsUXyG5LfS1n/wAElvgRplv8PYbLwz4l0+H4VXrah4VisvG+vW0ekTkbd6rHeKHCx5iV
ZNypCTEoEZKV2Wo/sH/CzVfitP4ym8O3h1S7vo9VubJNb1CPRLu+jZXS9l0tZxYS3auqMLh4DKGR
DvyoI7q1eE6zqpWTlJ+icotJ99FJO+19HqzmhCSpxg9bKKfS9ue/pfmi7rX3T4Svv22f2g/Cnw0+
KfjvWfihaX0vwv8Aj7p3gaLRNP8ACtlY6dquk3NzpVvLbz+aJ7hSq3rujxzrIsgO5pEKxp9V/wDB
a7/lEn+0R/2Iup/+iGpuqf8ABGr4Aa34P8QaBd6D48uNI8VeIovFmr27/EzxORf6rGcpeOf7Q3GQ
MEbOcFoomIJijK+wftB/st+C/wBqb4GX/wANvHNnrGr+DtVgS2vrOHXtQsJb2Jcfu5bi3njnkRsf
OrSESfx7smuWbTw0aSXvLlu+/wC7pxlrv8cZSXfmvo2zopz5cT7V/Ddv/wAnlJabL3Wk+1uqSPl+
w+LXxN/aJ+Mvjv4Z+B/iHf8Awri+DngTw5q1pdWejWF+ddv7+2upNt2LyGXNkiwRKVt/JlLF8TLg
CvH7n/gqb45+KHwl+DXijxZ8RNK/Z00zxv8ADK48WWuoi2sZrfxR4jgnEX9kD7fDKPIkj2zLBCUu
phKBHKPLYn7W8Qf8E8fhT4msfD8N1pXiZZfDemR6LBeW3jHWbW/vrCMsUs766iu1n1C3BZv3N28y
Hc2VOTXi/wC0r+zHqkn7U+m6jH8Ivib4i8A6f4UsvDmgz/Cn4lP4Nu9HEc8jTRX0Cappgkt1Uw+T
5Uk2wJIPLUkE1Xlz1Hyu3M38vdqa/Nyi7fCnFbrR40o8lNJ68sY/g6d1br8Mtd7SdrN3XIfBP9sT
9oW+/aI/ZVtPiRqXhzTbH4w+Adb8SeIvCmm+DpdIurC+tbaCdIXe5vLqUbRdIhUeWd8JZsB/LTuf
2DPiB8bv2rPCnws+OSfEfSp/BPj5L268R+BbrS7VLTQrQiZbRNPuIYftTXcUqRpObqd433SlUiIV
K7b4Z/8ABOLwlc+MPAPxA8cHxpq3xG+HguovD17P8Qdduzo1nNO7raOTdLHeHyjHHLLcRu04jUSN
IFWu6+Fn7Dnwy+Cfj7VPEXhXQ9R0afV7yTUZ9Nh17UToSXcjb5LqLS2nNjBOz5YyxQI5ZmJbLEnW
U4c7klb4rLeycpNLz92SV/s8q5W73BJqDju9NdrtJJtdtVdd7+8k9D1qisX4feALH4Z+Gk0nTrjW
7m1jmlnD6trN5q9yWkkaRgZ7uWWUqGYhVL7UUBVCqoUbVYMthRRRSAKKKKACiiigAooooA//2Q==

--=_mixed 0035B28665257EC4_=--



From nobody Tue Sep 29 09:39:12 2015
Return-Path: <dev+ietf@seantek.com>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5D2FE1A6F3C; Tue, 29 Sep 2015 09:39:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.601
X-Spam-Level: 
X-Spam-Status: No, score=-2.601 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kh_CbAqSLzK3; Tue, 29 Sep 2015 09:39:09 -0700 (PDT)
Received: from mxout-08.mxes.net (mxout-08.mxes.net [216.86.168.183]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5AC7D1B47B6; Tue, 29 Sep 2015 09:39:08 -0700 (PDT)
Received: from [192.168.123.7] (unknown [75.83.2.34]) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by smtp.mxes.net (Postfix) with ESMTPSA id 04C04509C4; Tue, 29 Sep 2015 12:39:06 -0400 (EDT)
To: pkix@ietf.org, saag@ietf.org
References: <20141113051500.12824.67140.idtracker@ietfa.amsl.com> <8FF19ABF-17F7-4A83-ABF9-DF84C93528A8@seantek.com>
From: Sean Leonard <dev+ietf@seantek.com>
Message-ID: <560ABE89.3080000@seantek.com>
Date: Tue, 29 Sep 2015 09:38:33 -0700
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:38.0) Gecko/20100101 Thunderbird/38.2.0
MIME-Version: 1.0
In-Reply-To: <8FF19ABF-17F7-4A83-ABF9-DF84C93528A8@seantek.com>
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg=sha-256; boundary="------------ms000907060207060409040404"
Archived-At: <http://mailarchive.ietf.org/arch/msg/saag/3m8Wh3z4-s0E6WoA0D9bRt9h1n0>
Subject: Re: [saag] [pkix] (it updates RFC 2585) New Version Notification for draft-seantek-certfrag-02.txt
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 29 Sep 2015 16:39:10 -0000

This is a cryptographically signed message in MIME format.

--------------ms000907060207060409040404
Content-Type: text/plain; charset=windows-1252; format=flowed
Content-Transfer-Encoding: quoted-printable

By the way:

I wanted to point out that this certfrag draft is sliced out of a much=20
larger proposal, which is ways to uniquely and securely identify=20
certificates in text strings (i.e., URIs / URNs) for storage and=20
interchange. This was not just a proposal out of thin air or whatever.=20
To the extent that a certificate is uniquely identified, it is just as=20
useful to identify a specific part of the certificate of interest.

The certfrag portion came out of draft-seantek-certspec-03.=20
draft-seantek-certspec-04 refers to this draft (draft-seantek-certfrag).

Since draft-seantek-certspec-04, the URN proposal has hit some snags,=20
mainly due to the glacially slow (and occasionally retrograde) progress=20
of the URNBIS WG. Therefore I am pursuing a different line of attack=20
with that one. I am hoping that we can at least see progress on some of=20
these parts. My main fear is becoming that the apps people don't see the =

security angles, and vice-versa.

Sean

On 11/12/2014 9:23 PM, Sean Leonard wrote:
> draft-seantek-certfrag-02 has been posted.
>
> Among other nits, I think that this draft needs to be Standards Track w=
ith IETF Consensus because it updates RFC 2585, which is Standards Track,=
 and application/pkix-cert and application/pkix-crl are in the standards =
tree [RFC 6838].
>
> (Thanks Sean T.)
>
> Sean
>
> Begin forwarded message:
>
>> From: internet-drafts@ietf.org
>> Subject: New Version Notification for draft-seantek-certfrag-02.txt
>> Date: November 12, 2014 at 7:15:00 PM HST
> A new version of I-D, draft-seantek-certfrag-02.txt
> has been successfully submitted by Sean Leonard and posted to the
> IETF repository.
>
> Name:		draft-seantek-certfrag
> Revision:	02
> Title:		URI Fragment Identifiers for the application/pkix-cert Media Ty=
pe
> Document date:	2014-11-12
> Group:		Individual Submission
> Pages:		4
> URL:            http://www.ietf.org/internet-drafts/draft-seantek-certf=
rag-02.txt
> Status:         https://datatracker.ietf.org/doc/draft-seantek-certfrag=
/
> Htmlized:       http://tools.ietf.org/html/draft-seantek-certfrag-02
> Diff:           http://www.ietf.org/rfcdiff?url2=3Ddraft-seantek-certfr=
ag-02
>
> Abstract:
>    This memo describes Uniform Resource Identifier (URI) fragment
>    identifiers for PKIX certificates, which are identified with the
>    Internet media type application/pkix-cert.
>
>
> The IETF Secretariat
>



--------------ms000907060207060409040404
Content-Type: application/pkcs7-signature; name="smime.p7s"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="smime.p7s"
Content-Description: S/MIME Cryptographic Signature

MIAGCSqGSIb3DQEHAqCAMIACAQExDzANBglghkgBZQMEAgEFADCABgkqhkiG9w0BBwEAAKCC
CfYwggSvMIIDl6ADAgECAhEA4CPLFRKDU4mtYW56VGdrITANBgkqhkiG9w0BAQsFADBvMQsw
CQYDVQQGEwJTRTEUMBIGA1UEChMLQWRkVHJ1c3QgQUIxJjAkBgNVBAsTHUFkZFRydXN0IEV4
dGVybmFsIFRUUCBOZXR3b3JrMSIwIAYDVQQDExlBZGRUcnVzdCBFeHRlcm5hbCBDQSBSb290
MB4XDTE0MTIyMjAwMDAwMFoXDTIwMDUzMDEwNDgzOFowgZsxCzAJBgNVBAYTAkdCMRswGQYD
VQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAOBgNVBAcTB1NhbGZvcmQxGjAYBgNVBAoTEUNP
TU9ETyBDQSBMaW1pdGVkMUEwPwYDVQQDEzhDT01PRE8gU0hBLTI1NiBDbGllbnQgQXV0aGVu
dGljYXRpb24gYW5kIFNlY3VyZSBFbWFpbCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
AQoCggEBAImxDdp6UxlOcFIdvFamBia3uEngludRq/HwWhNJFaO0jBtgvHpRQqd5jKQi3xdh
TpHVdiMKFNNKAn+2HQmAbqUEPdm6uxb+oYepLkNSQxZ8rzJQyKZPWukI2M+TJZx7iOgwZOak
+FaA/SokFDMXmaxE5WmLo0YGS8Iz1OlAnwawsayTQLm1CJM6nCpToxDbPSBhPFUDjtlOdiUC
ISn6o3xxdk/u4V+B6ftUgNvDezVSt4TeIj0sMC0xf1m9UjewM2ktQ+v61qXxl3dnUYzZ7ifr
vKUHOHaMpKk4/9+M9QOsSb7K93OZOg8yq5yVOhM9DkY6V3RhUL7GQD/L5OKfoiECAwEAAaOC
ARcwggETMB8GA1UdIwQYMBaAFK29mHo0tCb3+sQmVO8DveAky1QaMB0GA1UdDgQWBBSSYWuC
4aKgqk/sZ/HCo/e0gADB7DAOBgNVHQ8BAf8EBAMCAYYwEgYDVR0TAQH/BAgwBgEB/wIBADAd
BgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwQwEQYDVR0gBAowCDAGBgRVHSAAMEQGA1Ud
HwQ9MDswOaA3oDWGM2h0dHA6Ly9jcmwudXNlcnRydXN0LmNvbS9BZGRUcnVzdEV4dGVybmFs
Q0FSb290LmNybDA1BggrBgEFBQcBAQQpMCcwJQYIKwYBBQUHMAGGGWh0dHA6Ly9vY3NwLnVz
ZXJ0cnVzdC5jb20wDQYJKoZIhvcNAQELBQADggEBABsqbqxVwTqriMXY7c1V86prYSvACRAj
mQ/FZmpvsfW0tXdeDwJhAN99Bf4Ss6SAgAD8+x1banICCkG8BbrBWNUmwurVTYT7/oKYz1gb
4yJjnFL4uwU2q31Ypd6rO2Pl2tVz7+zg+3vio//wQiOcyraNTT7kSxgDsqgt1Ni7QkuQaYUQ
26Y3NOh74AEQpZzKOsefT4g0bopl0BqKu6ncyso20fT8wmQpNa/WsadxEdIDQ7GPPprsnjJT
9HaSyoY0B7ksyuYcStiZDcGG4pCS+1pCaiMhEOllx/XVu37qjIUgAmLq0ToHLFnFmTPyOInl
tukWeh95FPZKEBom+nyK+5swggU/MIIEJ6ADAgECAhAaQkrPJ/nEG3M8lirbnsnnMA0GCSqG
SIb3DQEBCwUAMIGbMQswCQYDVQQGEwJHQjEbMBkGA1UECBMSR3JlYXRlciBNYW5jaGVzdGVy
MRAwDgYDVQQHEwdTYWxmb3JkMRowGAYDVQQKExFDT01PRE8gQ0EgTGltaXRlZDFBMD8GA1UE
AxM4Q09NT0RPIFNIQS0yNTYgQ2xpZW50IEF1dGhlbnRpY2F0aW9uIGFuZCBTZWN1cmUgRW1h
aWwgQ0EwHhcNMTUwMjAyMDAwMDAwWhcNMTYwMjAyMjM1OTU5WjAlMSMwIQYJKoZIhvcNAQkB
FhRkZXYraWV0ZkBzZWFudGVrLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
AM+J9tKgDs1LQtaDc+c4E58tCUQRNZiWbM1drOhLq2oSj75LuxPrrZy4XGjWoQFq9qGYHgiv
boRKoo2guKi2R5xrf/pZ27ELY5jCa3BQs4Q2YwziXWM5rktnFL2amO2MMwhuo0n7OIMDYftv
TEun2mOrnJ3G53zvawQdMbuRiHSNwc7DzWJwAjZQWFO8OF+BgNPzMDQGmzYQ4MVNk8NX5ecN
VbfusUU1wZOlfdy8lWTfcASDqa9jLoaAiSx2ay4q7/5m0BOWqOKZCS0f7MmIUtSqODEoiZkd
7oCj5MRKOg2ZLia33JN+oS5rTKN8rs4u4ZF5g8zypHS5TY/l3pNRlrcCAwEAAaOCAfIwggHu
MB8GA1UdIwQYMBaAFJJha4LhoqCqT+xn8cKj97SAAMHsMB0GA1UdDgQWBBQaZuXe8vDwU+ja
pyFW3zSvIW6TxjAOBgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAgBgNVHSUEGTAXBggr
BgEFBQcDBAYLKwYBBAGyMQEDBQIwEQYJYIZIAYb4QgEBBAQDAgUgMEYGA1UdIAQ/MD0wOwYM
KwYBBAGyMQECAQEBMCswKQYIKwYBBQUHAgEWHWh0dHBzOi8vc2VjdXJlLmNvbW9kby5uZXQv
Q1BTMF0GA1UdHwRWMFQwUqBQoE6GTGh0dHA6Ly9jcmwuY29tb2RvY2EuY29tL0NPTU9ET1NI
QTI1NkNsaWVudEF1dGhlbnRpY2F0aW9uYW5kU2VjdXJlRW1haWxDQS5jcmwwgZAGCCsGAQUF
BwEBBIGDMIGAMFgGCCsGAQUFBzAChkxodHRwOi8vY3J0LmNvbW9kb2NhLmNvbS9DT01PRE9T
SEEyNTZDbGllbnRBdXRoZW50aWNhdGlvbmFuZFNlY3VyZUVtYWlsQ0EuY3J0MCQGCCsGAQUF
BzABhhhodHRwOi8vb2NzcC5jb21vZG9jYS5jb20wHwYDVR0RBBgwFoEUZGV2K2lldGZAc2Vh
bnRlay5jb20wDQYJKoZIhvcNAQELBQADggEBAHiH/zXr779dLLJNLp6yW/RQvJSYuNbEqauQ
BWLZgvCF8FJjcS+y+bhN7RpTSVaEymbxnpJWFg0Qs6us6rXtttU6MF2JhTuxtu6yWW0EYy80
KGOt6zJRTxa46kAhAOqw4KPQ5RTvf/NT+2Qu8b2edlh+3t6f8iTQOAL/BNHnmr4QvpfnMLa8
NMAqd4FLOcSU9JKBlb5YtsEdfM3nBt4m95pfhpww79gB+zoXMoVaI+lfQHhkGth6mlaTkFUV
DT2pqq98XgESpObFEngb8ZRftBVoZfgJ4ajXcZnhKaqYEr23EtY207KgKb4LAXA84wtPcFfJ
rQaDArapR7xd2GNs+eYxggRBMIIEPQIBATCBsDCBmzELMAkGA1UEBhMCR0IxGzAZBgNVBAgT
EkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RP
IENBIExpbWl0ZWQxQTA/BgNVBAMTOENPTU9ETyBTSEEtMjU2IENsaWVudCBBdXRoZW50aWNh
dGlvbiBhbmQgU2VjdXJlIEVtYWlsIENBAhAaQkrPJ/nEG3M8lirbnsnnMA0GCWCGSAFlAwQC
AQUAoIICYTAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0xNTA5
MjkxNjM4MzNaMC8GCSqGSIb3DQEJBDEiBCCPL2hXKac+zXV2oKmzF+tLxNZ/iDB3kztrb+Gj
07r4LTBsBgkqhkiG9w0BCQ8xXzBdMAsGCWCGSAFlAwQBKjALBglghkgBZQMEAQIwCgYIKoZI
hvcNAwcwDgYIKoZIhvcNAwICAgCAMA0GCCqGSIb3DQMCAgFAMAcGBSsOAwIHMA0GCCqGSIb3
DQMCAgEoMIHBBgkrBgEEAYI3EAQxgbMwgbAwgZsxCzAJBgNVBAYTAkdCMRswGQYDVQQIExJH
cmVhdGVyIE1hbmNoZXN0ZXIxEDAOBgNVBAcTB1NhbGZvcmQxGjAYBgNVBAoTEUNPTU9ETyBD
QSBMaW1pdGVkMUEwPwYDVQQDEzhDT01PRE8gU0hBLTI1NiBDbGllbnQgQXV0aGVudGljYXRp
b24gYW5kIFNlY3VyZSBFbWFpbCBDQQIQGkJKzyf5xBtzPJYq257J5zCBwwYLKoZIhvcNAQkQ
AgsxgbOggbAwgZsxCzAJBgNVBAYTAkdCMRswGQYDVQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIx
EDAOBgNVBAcTB1NhbGZvcmQxGjAYBgNVBAoTEUNPTU9ETyBDQSBMaW1pdGVkMUEwPwYDVQQD
EzhDT01PRE8gU0hBLTI1NiBDbGllbnQgQXV0aGVudGljYXRpb24gYW5kIFNlY3VyZSBFbWFp
bCBDQQIQGkJKzyf5xBtzPJYq257J5zANBgkqhkiG9w0BAQEFAASCAQAIvMFikOvmkwUYXiRj
2l8PtgplwrvAcyCwZBrviNV6ADO0AokqvB5pGb/NJzjfUmoFOOFlmnsaUnpaq/VbNY34MwYr
qP2+YBzeoLBsjdkr4Chx7V3drILBiCH+POnWFGQ1qvhNx3HBEght2oqSNdjr3rp1AU7bi9HL
Vq2o8Ndb4gCcNmljKQptvm7mJjfeVeJRdOHK1JlmMTKvg8tZFEVDSQIR+LPZYVfY3MEycIgF
tgLSxvK+C7KxIGwbRktVHe7vq3P2LKBBWuDX8L/3an7NyA/bV0jW4ztmEG51b/srYFvEFJf4
df8Wwk1OV3IWPr2BfRrobBxX+lIzxj10FKbQAAAAAAAA
--------------ms000907060207060409040404--


From nobody Tue Sep 29 23:37:34 2015
Return-Path: <prvs=7088cfeee=abhijan.bhattacharyya@tcs.com>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EE59F1A0196 for <saag@ietfa.amsl.com>; Tue, 29 Sep 2015 23:37:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.716
X-Spam-Level: 
X-Spam-Status: No, score=-0.716 tagged_above=-999 required=5 tests=[BAYES_20=-0.001, HTML_MESSAGE=0.001, J_CHICKENPOX_64=0.6, RCVD_IN_DNSWL_MED=-2.3, RELAY_IS_203=0.994, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8vnq6Bhg-qBk for <saag@ietfa.amsl.com>; Tue, 29 Sep 2015 23:37:29 -0700 (PDT)
Received: from indelg01.tcs.com (indelg01.tcs.com [203.200.109.55]) by ietfa.amsl.com (Postfix) with ESMTP id 01FD81A014A for <saag@ietf.org>; Tue, 29 Sep 2015 23:37:26 -0700 (PDT)
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A2C7BADpgQtW/wQXEqxegleBIWmtB5JmAQuFdwKBexEBAQEBAQEBgQqEJAEBAQRrDhALBwYEAwECKAdGCQgGCgEIG4ggtgEBAQGVVgEBAQEBAQEBAQEBAQEBAQEBAQEBAReFSGqFPoQ7AQEuEQwBBAcGgihNHYEUBYU+iDiIAYUWhUmEA0aDcJFSg28RJoQ1aQGHVwcegSEBAQE
X-IPAS-Result: A2C7BADpgQtW/wQXEqxegleBIWmtB5JmAQuFdwKBexEBAQEBAQEBgQqEJAEBAQRrDhALBwYEAwECKAdGCQgGCgEIG4ggtgEBAQGVVgEBAQEBAQEBAQEBAQEBAQEBAQEBAReFSGqFPoQ7AQEuEQwBBAcGgihNHYEUBYU+iDiIAYUWhUmEA0aDcJFSg28RJoQ1aQGHVwcegSEBAQE
X-IronPort-AV: E=Sophos;i="5.17,611,1437417000"; d="scan'208";a="132604541"
In-Reply-To: <5BB93313-E54D-49E4-A58C-D301A4661CC6@icloud.com>
References: <BN3PR09MB05785CD1CEA251B7AB38C0F6E65D0@BN3PR09MB0578.namprd09.prod.outlook.com> <55F6DEB3.9020706@cs.tcd.ie> <OFBF224EDF.9A8FB1F7-ON65257EC4.002DC81C-65257EC4.0035B906@tcs.com> <5BB93313-E54D-49E4-A58C-D301A4661CC6@icloud.com>
To: David Misell <david.misell@icloud.com>
MIME-Version: 1.0
X-KeepSent: C812A2AD:54878310-65257ED0:0022B2E6; type=4; name=$KeepSent
X-Mailer: IBM Notes Release 9.0 March 08, 2013
Message-ID: <OFC812A2AD.54878310-ON65257ED0.0022B2E6-65257ED0.002460A6@tcs.com>
From: Abhijan Bhattacharyya <abhijan.bhattacharyya@tcs.com>
Date: Wed, 30 Sep 2015 12:07:19 +0530
X-MIMETrack: Serialize by Router on INKOLM102/TCS(Release 9.0.1FP4|June  07, 2015) at 09/30/2015 12:07:21, Serialize complete at 09/30/2015 12:07:21
Content-Type: multipart/alternative; boundary="=_alternative 002460A365257ED0_="
Archived-At: <http://mailarchive.ietf.org/arch/msg/saag/QYODgao9lJZVUe4iGikh0eow098>
Cc: saag@ietf.org
Subject: Re: [saag] draft-bhattacharyya-dice-less-on-coap-00
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 30 Sep 2015 06:37:33 -0000

This is a multipart message in MIME format.
--=_alternative 002460A365257ED0_=
Content-Type: text/plain; charset="US-ASCII"

Hi Dave,
Thanks for your response. Indeed the end-points need to have the keys 
provisioned before they can start to establish a secure session. However, 
the focus of the draft is on secure session establishment followed by 
secure exchange of full application layer message. It would be very 
interesting to know if the proposed algorithm has any merit for practical 
applications. 

Regards
Abhijan Bhattacharyya
Associate Consultant
Scientist, Innovation Lab, Kolkata, India
Tata Consultancy Services
Mailto: abhijan.bhattacharyya@tcs.com
Website: http://www.tcs.com
____________________________________________
Experience certainty.   IT Services
                        Business Solutions
                        Consulting
____________________________________________




From:   David Misell <david.misell@icloud.com>
To:     Abhijan Bhattacharyya <abhijan.bhattacharyya@tcs.com>
Date:   09/18/2015 03:36 PM
Subject:        Re: [saag] draft-bhattacharyya-dice-less-on-coap-00



Abhijan
Within containers it is required they have ssh keys, maybe thus could be 
used at provisioning time.
Also have you seen the 1 certificate one address 
http://blog.pivotal.io/labs/labs/sslip-io-a-valid-ssl-certificate-for-every-ip-address 
code

Kind Regards,

Dave

David S. Misell MBCS CISSP
Skype misell.dave
+44(0)7710380044
0207 7239135
Http://linkedin.com/in/misell
https://db.tt/ncfgMm3J



On 18 Sep 2015, at 10:46, Abhijan Bhattacharyya <
abhijan.bhattacharyya@tcs.com> wrote:

Dear Saag ML, 
May I please seek your attention to the following experimental draft: 
https://tools.ietf.org/html/draft-bhattacharyya-dice-less-on-coap-00. 
The draft is due to expire in October, 2015. 
The draft was originally submitted in Dice. However it seems, dice is not 
chartered to discuss this kind of draft. So, would highly appreciate if 
experts in the Saag ML spare some time to judge the proposed approach on 
the basis of its merit and share there views. 

Specifically, this draft tries to channel-secure the communication between 
Constrained Application layer Protocol (CoAP) end-points. The key driving 
factor behind this draft was that we had a feeling that the session 
establishment in DTLS, even with pre-shared-key, might be bit too heavy 
for very much bandwidth constrained environments. However, ones the 
channel is established DTLS-PSK provides a very robust yet 
resource-efficient mechanism to keep the channel secure. 

So, the basic idea is: 
1.      Leverage the lightweight yet reliable nature of CoAP and push the 
responsibility for session establishment to the application layer. That 
way the application layer has more control on the exchanges, which is 
desirable for constrained networks. 
2.      Once the session is established transfer the control to the 
transport layer which for channel security. This will completely re-use 
the channel-security provided by DTLS-PSK (thus getting all sorts of 
reliability and protection from replay attack, etc. ). An interface layer 
would map the <Server_write_key, Client_write_key, Server_IV, Client_IV> 
tuple  available from the session establishment process at the application 
layer to the DTLS session parameters. 
3.      Since CoAP already mandated DTLS for secure exchanges, the 
intention was to create a solution which will not be disruptive, rather 
will be able to co-exist with legacy DTLS implementation. The implementers 
will be able to mostly reuse modules from a standard DTLS implementation 
and can quickly build a system. Only the session establishment part of the 
DTLS protocol needs to be switched.

There can be many engineering issues to be solved. However, before 
proceeding we need to validate the basic approach and the usefulness of 
the proposal from experts. Any review comment is highly appreciated. The 
draft contains the experimental results in the form of tables. A snapshot 
of the graphs of the results from the original paper is also attached. 

The R&D behind this draft was published as a paper in  "Workshop on 
Pervasive Internet of Things and Smart Cities (PITSaC-2015)" in 
conjunction with "Advanced Information Networking and Applications 
(AINA-2015)", Gwangju, Korea, March, 2015 . 
The original paper can be found here:  
http://ieeexplore.ieee.org/xpl/articleDetails.jsp?arnumber=7096256 
Some figures from the paper has been attached with this mail as ready 
references. 

Awaiting your responses please. 
                          

Regards
Abhijan Bhattacharyya
Associate Consultant
Scientist, Innovation Lab, Kolkata, India
Tata Consultancy Services
Mailto: abhijan.bhattacharyya@tcs.com
Website: http://www.tcs.com
____________________________________________
Experience certainty.        IT Services
                       Business Solutions
                       Consulting
____________________________________________





=====-----=====-----=====
Notice: The information contained in this e-mail
message and/or attachments to it may contain 
confidential or privileged information. If you are 
not the intended recipient, any dissemination, use, 
review, distribution, printing or copying of the 
information contained in this e-mail message 
and/or attachments to it are strictly prohibited. If 
you have received this communication in error, 
please notify us by reply e-mail or telephone and 
immediately and permanently delete the message 
and any attachments. Thank you



--=_alternative 002460A365257ED0_=
Content-Type: text/html; charset="US-ASCII"

<font size=2 face="sans-serif">Hi Dave,</font>
<br><font size=2 face="sans-serif">Thanks for your response. Indeed the
end-points need to have the keys provisioned before they can start to establish
a secure session. However, the focus of the draft is on secure session
establishment followed by secure exchange of full application layer message.
It would be very interesting to know if the proposed algorithm has any
merit for practical applications. </font>
<br>
<br><font size=2 face="sans-serif">Regards<br>
Abhijan Bhattacharyya<br>
Associate Consultant<br>
Scientist, Innovation Lab, Kolkata, India<br>
Tata Consultancy Services<br>
Mailto: abhijan.bhattacharyya@tcs.com<br>
Website: </font><a href=http://www.tcs.com/><font size=2 face="sans-serif">http://www.tcs.com</font></a><font size=2 face="sans-serif"><br>
____________________________________________<br>
Experience certainty. &nbsp; &nbsp; &nbsp; &nbsp;IT Services<br>
 &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;
&nbsp; &nbsp; &nbsp; &nbsp;Business Solutions<br>
 &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;
&nbsp; &nbsp; &nbsp; &nbsp;Consulting<br>
____________________________________________<br>
</font>
<br>
<br>
<br>
<br><font size=1 color=#5f5f5f face="sans-serif">From: &nbsp; &nbsp; &nbsp;
&nbsp;</font><font size=1 face="sans-serif">David Misell &lt;david.misell@icloud.com&gt;</font>
<br><font size=1 color=#5f5f5f face="sans-serif">To: &nbsp; &nbsp; &nbsp;
&nbsp;</font><font size=1 face="sans-serif">Abhijan Bhattacharyya
&lt;abhijan.bhattacharyya@tcs.com&gt;</font>
<br><font size=1 color=#5f5f5f face="sans-serif">Date: &nbsp; &nbsp; &nbsp;
&nbsp;</font><font size=1 face="sans-serif">09/18/2015 03:36 PM</font>
<br><font size=1 color=#5f5f5f face="sans-serif">Subject: &nbsp; &nbsp;
&nbsp; &nbsp;</font><font size=1 face="sans-serif">Re: [saag] draft-bhattacharyya-dice-less-on-coap-00</font>
<br>
<hr noshade>
<br>
<br>
<br><font size=3>Abhijan</font>
<br><font size=3>Within containers it is required they have ssh keys, maybe
thus could be used at provisioning time.</font>
<br><font size=3>Also have you seen the 1 certificate one address </font><a href="http://blog.pivotal.io/labs/labs/sslip-io-a-valid-ssl-certificate-for-every-ip-address"><font size=3 color=blue><u>http://blog.pivotal.io/labs/labs/sslip-io-a-valid-ssl-certificate-for-every-ip-address</u></font></a><font size=3>
code<br>
<br>
Kind Regards,</font>
<br>
<br><font size=3>Dave</font>
<br>
<br><font size=3>David S. Misell MBCS CISSP</font>
<br><font size=3>Skype misell.dave</font>
<br><font size=3>+44(0)7710380044</font>
<br><font size=3>0207 7239135</font>
<br><a href=Http://linkedin.com/in/misell><font size=3 color=blue><u>Http://linkedin.com/in/misell</u></font></a>
<br><a href=https://db.tt/ncfgMm3J><font size=3 color=blue><u>https://db.tt/ncfgMm3J</u></font></a>
<br>
<br>
<br><font size=3><br>
On 18 Sep 2015, at 10:46, Abhijan Bhattacharyya &lt;</font><a href=mailto:abhijan.bhattacharyya@tcs.com><font size=3 color=blue><u>abhijan.bhattacharyya@tcs.com</u></font></a><font size=3>&gt;
wrote:<br>
</font>
<br><font size=3 face="sans-serif">Dear Saag ML,</font><font size=3> </font><font size=3 face="sans-serif"><br>
May I please seek your attention to the following experimental draft:</font><font size=3>
</font><font size=3 color=blue><u><br>
</u></font><a href="https://tools.ietf.org/html/draft-bhattacharyya-dice-less-on-coap-00"><font size=3 color=blue face="sans-serif"><u>https://tools.ietf.org/html/draft-bhattacharyya-dice-less-on-coap-00</u></font></a><font size=3 face="sans-serif">.
<br>
The draft is due to expire in October, 2015.</font><font size=3> </font><font size=3 face="sans-serif"><br>
The draft was originally submitted in Dice. However it seems, dice is not
chartered to discuss this kind of draft. So, would highly appreciate if
experts in the Saag ML spare some time to judge the proposed approach on
the basis of its merit and share there views.</font><font size=3> <br>
</font><font size=3 face="sans-serif"><br>
Specifically, this draft tries to channel-secure the communication between
Constrained Application layer Protocol (CoAP) end-points. The key driving
factor behind this draft was that we had a feeling that the session establishment
in DTLS, even with pre-shared-key, might be bit too heavy for very much
bandwidth constrained environments. However, ones the channel is established
DTLS-PSK provides a very robust yet resource-efficient mechanism to keep
the channel secure.</font><font size=3> <br>
</font><font size=3 face="sans-serif"><br>
So, the basic idea is:</font><font size=3> </font>
<br><font size=2 face="sans-serif">1. &nbsp; &nbsp; &nbsp; &nbsp;</font><font size=3 face="sans-serif">Leverage
the lightweight yet reliable nature of CoAP and push the responsibility
for session establishment to the application layer. That way the application
layer has more control on the exchanges, which is desirable for constrained
networks.</font><font size=3> </font>
<br><font size=2 face="sans-serif">2. &nbsp; &nbsp; &nbsp; &nbsp;</font><font size=3 face="sans-serif">Once
the session is established transfer the control to the transport layer
which for channel security. This will completely re-use the channel-security
provided by DTLS-PSK (thus getting all sorts of reliability and protection
from replay attack, etc. ). An interface layer would map the <i>&lt;Server_write_key,
Client_write_key, Server_IV, Client_IV&gt;</i> &nbsp;tuple &nbsp;available
from the session establishment process at the application layer to the
DTLS session parameters.</font><font size=3> </font>
<br><font size=2 face="sans-serif">3. &nbsp; &nbsp; &nbsp; &nbsp;</font><font size=3 face="sans-serif">Since
CoAP already mandated DTLS for secure exchanges, the intention was to create
a solution which will not be disruptive, rather will be able to co-exist
with legacy DTLS implementation. The implementers will be able to mostly
reuse modules from a standard DTLS implementation and can quickly build
a system. Only the session establishment part of the DTLS protocol needs
to be switched.</font>
<br><font size=3 face="sans-serif"><br>
There can be many engineering issues to be solved. However, before proceeding
we need to validate the basic approach and the usefulness of the proposal
from experts. Any review comment is highly appreciated. The draft contains
the experimental results in the form of tables. A snapshot of the graphs
of the results from the original paper is also attached.</font><font size=3>
<br>
</font><font size=3 face="sans-serif"><br>
The R&amp;D behind this draft was published as a paper in </font><font size=3>&nbsp;</font><font size=3 face="sans-serif">&quot;Workshop
on Pervasive Internet of Things and Smart Cities (PITSaC-2015)&quot; in
conjunction with &quot;Advanced Information Networking and Applications
(AINA-2015)&quot;, Gwangju, Korea, March, 2015 . <br>
The original paper can be found here: &nbsp;</font><a href="http://ieeexplore.ieee.org/xpl/articleDetails.jsp?arnumber=7096256"><font size=3 color=blue face="sans-serif"><u>http://ieeexplore.ieee.org/xpl/articleDetails.jsp?arnumber=7096256</u></font></a><font size=3>
</font><font size=3 face="sans-serif"><br>
Some figures from the paper has been attached with this mail as ready references.</font><font size=3>
<br>
</font><font size=3 face="sans-serif"><br>
Awaiting your responses please.</font><font size=3> </font>
<br><font size=2 face="sans-serif">&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; </font><font size=3><br>
</font><font size=2 face="sans-serif"><br>
Regards<br>
Abhijan Bhattacharyya<br>
Associate Consultant<br>
Scientist, Innovation Lab, Kolkata, India<br>
Tata Consultancy Services<br>
Mailto: </font><a href=mailto:abhijan.bhattacharyya@tcs.com><font size=2 color=blue face="sans-serif"><u>abhijan.bhattacharyya@tcs.com</u></font></a><font size=2 face="sans-serif"><br>
Website: </font><a href=http://www.tcs.com/><font size=2 color=blue face="sans-serif"><u>http://www.tcs.com</u></font></a><font size=2 face="sans-serif"><br>
____________________________________________<br>
Experience certainty. &nbsp; &nbsp; &nbsp; &nbsp;IT Services<br>
 &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;
&nbsp; Business Solutions<br>
 &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;
&nbsp; Consulting<br>
____________________________________________</font><font size=3><br>
<br>
<br>
<br>
</font><font size=1 color=#5f5f5f face="sans-serif"><br>
</font>
<br><p>=====-----=====-----=====<br>
Notice: The information contained in this e-mail<br>
message and/or attachments to it may contain <br>
confidential or privileged information. If you are <br>
not the intended recipient, any dissemination, use, <br>
review, distribution, printing or copying of the <br>
information contained in this e-mail message <br>
and/or attachments to it are strictly prohibited. If <br>
you have received this communication in error, <br>
please notify us by reply e-mail or telephone and <br>
immediately and permanently delete the message <br>
and any attachments. Thank you</p>

<p></p>
--=_alternative 002460A365257ED0_=--


From nobody Tue Sep 29 23:55:00 2015
Return-Path: <david.misell@icloud.com>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6E3BF1A03A5 for <saag@ietfa.amsl.com>; Tue, 29 Sep 2015 23:54:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.6
X-Spam-Level: 
X-Spam-Status: No, score=-3.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, J_CHICKENPOX_64=0.6, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VJHogKh7gzbD for <saag@ietfa.amsl.com>; Tue, 29 Sep 2015 23:54:55 -0700 (PDT)
Received: from nk11p14im-asmtp001.me.com (nk11p14im-asmtp001.me.com [17.158.72.160]) (using TLSv1.2 with cipher DHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BF93C1A03A3 for <saag@ietf.org>; Tue, 29 Sep 2015 23:54:55 -0700 (PDT)
Received: from [192.168.0.11] (5e03e8df.bb.sky.com [94.3.232.223]) by nk11p14im-asmtp001.me.com (Oracle Communications Messaging Server 7.0.5.35.0 64bit (built Mar 31 2015)) with ESMTPSA id <0NVH00L2L9VEHW10@nk11p14im-asmtp001.me.com> for saag@ietf.org; Wed, 30 Sep 2015 06:54:55 +0000 (GMT)
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:,, definitions=2015-09-30_02:,, signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 kscore.is_bulkscore=6.43041175862891e-13 compositescore=0.998521704883578 phishscore=0 kscore.is_spamscore=0 rbsscore=0.998521704883578 recipient_to_sender_totalscore=0 spamscore=0 urlsuspectscore=0.998521704883578 adultscore=0 kscore.compositescore=0 circleOfTrustscore=0 suspectscore=0 recipient_domain_to_sender_totalscore=0 bulkscore=0 recipient_domain_to_sender_domain_totalscore=0 recipient_to_sender_domain_totalscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1412110000 definitions=main-1509300115
Content-type: multipart/alternative; boundary=Apple-Mail-B6C3CABD-99A4-4C96-81BD-4403A0240289
MIME-version: 1.0 (1.0)
From: David Misell <david.misell@icloud.com>
X-Mailer: iPad Mail (12H321)
In-reply-to: <OFC812A2AD.54878310-ON65257ED0.0022B2E6-65257ED0.002460A6@tcs.com>
Date: Wed, 30 Sep 2015 07:54:50 +0100
Content-transfer-encoding: 7bit
Message-id: <6DEF1777-EE7E-4A73-AAAA-06B66EA38CBC@icloud.com>
References: <BN3PR09MB05785CD1CEA251B7AB38C0F6E65D0@BN3PR09MB0578.namprd09.prod.outlook.com> <55F6DEB3.9020706@cs.tcd.ie> <OFBF224EDF.9A8FB1F7-ON65257EC4.002DC81C-65257EC4.0035B906@tcs.com> <5BB93313-E54D-49E4-A58C-D301A4661CC6@icloud.com> <OFC812A2AD.54878310-ON65257ED0.0022B2E6-65257ED0.002460A6@tcs.com>
To: Abhijan Bhattacharyya <abhijan.bhattacharyya@tcs.com>
Archived-At: <http://mailarchive.ietf.org/arch/msg/saag/zqBbBNNaJab9dI9mFTFrcLOfos0>
Cc: "saag@ietf.org" <saag@ietf.org>, bill gertz <bill.gertz@blockfish.net>
Subject: Re: [saag] draft-bhattacharyya-dice-less-on-coap-00
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 30 Sep 2015 06:54:58 -0000

--Apple-Mail-B6C3CABD-99A4-4C96-81BD-4403A0240289
Content-Type: text/plain;
	charset=us-ascii
Content-Transfer-Encoding: quoted-printable

Agreed, it's a start bill concurs too about the principle

Best Regards,

Dave

david.misell@bcs.org
07710380044
misell.dave on skype


> On 30 Sep 2015, at 07:37, Abhijan Bhattacharyya <abhijan.bhattacharyya@tcs=
.com> wrote:
>=20
> Hi Dave,=20
> Thanks for your response. Indeed the end-points need to have the keys prov=
isioned before they can start to establish a secure session. However, the fo=
cus of the draft is on secure session establishment followed by secure excha=
nge of full application layer message. It would be very interesting to know i=
f the proposed algorithm has any merit for practical applications.=20
>=20
> Regards
> Abhijan Bhattacharyya
> Associate Consultant
> Scientist, Innovation Lab, Kolkata, India
> Tata Consultancy Services
> Mailto: abhijan.bhattacharyya@tcs.com
> Website: http://www.tcs.com
> ____________________________________________
> Experience certainty.        IT Services
>                        Business Solutions
>                        Consulting
> ____________________________________________
>=20
>=20
>=20
>=20
> From:        David Misell <david.misell@icloud.com>=20
> To:        Abhijan Bhattacharyya <abhijan.bhattacharyya@tcs.com>=20
> Date:        09/18/2015 03:36 PM=20
> Subject:        Re: [saag] draft-bhattacharyya-dice-less-on-coap-00=20
>=20
>=20
>=20
> Abhijan=20
> Within containers it is required they have ssh keys, maybe thus could be u=
sed at provisioning time.=20
> Also have you seen the 1 certificate one address http://blog.pivotal.io/la=
bs/labs/sslip-io-a-valid-ssl-certificate-for-every-ip-address code
>=20
> Kind Regards,=20
>=20
> Dave=20
>=20
> David S. Misell MBCS CISSP=20
> Skype misell.dave=20
> +44(0)7710380044=20
> 0207 7239135=20
> Http://linkedin.com/in/misell=20
> https://db.tt/ncfgMm3J=20
>=20
>=20
>=20
> On 18 Sep 2015, at 10:46, Abhijan Bhattacharyya <abhijan.bhattacharyya@tcs=
.com> wrote:
>=20
> Dear Saag ML,=20
> May I please seek your attention to the following experimental draft:=20
> https://tools.ietf.org/html/draft-bhattacharyya-dice-less-on-coap-00.=20
> The draft is due to expire in October, 2015.=20
> The draft was originally submitted in Dice. However it seems, dice is not c=
hartered to discuss this kind of draft. So, would highly appreciate if exper=
ts in the Saag ML spare some time to judge the proposed approach on the basi=
s of its merit and share there views.=20
>=20
> Specifically, this draft tries to channel-secure the communication between=
 Constrained Application layer Protocol (CoAP) end-points. The key driving f=
actor behind this draft was that we had a feeling that the session establish=
ment in DTLS, even with pre-shared-key, might be bit too heavy for very much=
 bandwidth constrained environments. However, ones the channel is establishe=
d DTLS-PSK provides a very robust yet resource-efficient mechanism to keep t=
he channel secure.=20
>=20
> So, the basic idea is:=20
> 1.        Leverage the lightweight yet reliable nature of CoAP and push th=
e responsibility for session establishment to the application layer. That wa=
y the application layer has more control on the exchanges, which is desirabl=
e for constrained networks.=20
> 2.        Once the session is established transfer the control to the tran=
sport layer which for channel security. This will completely re-use the chan=
nel-security provided by DTLS-PSK (thus getting all sorts of reliability and=
 protection from replay attack, etc. ). An interface layer would map the <Se=
rver_write_key, Client_write_key, Server_IV, Client_IV>  tuple  available fr=
om the session establishment process at the application layer to the DTLS se=
ssion parameters.=20
> 3.        Since CoAP already mandated DTLS for secure exchanges, the inten=
tion was to create a solution which will not be disruptive, rather will be a=
ble to co-exist with legacy DTLS implementation. The implementers will be ab=
le to mostly reuse modules from a standard DTLS implementation and can quick=
ly build a system. Only the session establishment part of the DTLS protocol n=
eeds to be switched.=20
>=20
> There can be many engineering issues to be solved. However, before proceed=
ing we need to validate the basic approach and the usefulness of the proposa=
l from experts. Any review comment is highly appreciated. The draft contains=
 the experimental results in the form of tables. A snapshot of the graphs of=
 the results from the original paper is also attached.=20
>=20
> The R&D behind this draft was published as a paper in  "Workshop on Pervas=
ive Internet of Things and Smart Cities (PITSaC-2015)" in conjunction with "=
Advanced Information Networking and Applications (AINA-2015)", Gwangju, Kore=
a, March, 2015 .=20
> The original paper can be found here:  http://ieeexplore.ieee.org/xpl/arti=
cleDetails.jsp?arnumber=3D7096256=20
> Some figures from the paper has been attached with this mail as ready refe=
rences.=20
>=20
> Awaiting your responses please.=20
>                          =20
>=20
> Regards
> Abhijan Bhattacharyya
> Associate Consultant
> Scientist, Innovation Lab, Kolkata, India
> Tata Consultancy Services
> Mailto: abhijan.bhattacharyya@tcs.com
> Website: http://www.tcs.com
> ____________________________________________
> Experience certainty.        IT Services
>                       Business Solutions
>                       Consulting
> ____________________________________________
>=20
>=20
>=20
>=20
>=20
> =3D=3D=3D=3D=3D-----=3D=3D=3D=3D=3D-----=3D=3D=3D=3D=3D
> Notice: The information contained in this e-mail
> message and/or attachments to it may contain=20
> confidential or privileged information. If you are=20
> not the intended recipient, any dissemination, use,=20
> review, distribution, printing or copying of the=20
> information contained in this e-mail message=20
> and/or attachments to it are strictly prohibited. If=20
> you have received this communication in error,=20
> please notify us by reply e-mail or telephone and=20
> immediately and permanently delete the message=20
> and any attachments. Thank you
>=20

--Apple-Mail-B6C3CABD-99A4-4C96-81BD-4403A0240289
Content-Type: text/html;
	charset=utf-8
Content-Transfer-Encoding: 7bit

<html><head><meta http-equiv="content-type" content="text/html; charset=utf-8"></head><body dir="auto"><div>Agreed, it's a start bill concurs too about the principle<br><br>Best Regards,<div><br></div><div>Dave</div><div><br></div><div><a href="mailto:david.misell@bcs.org">david.misell@bcs.org</a></div><div>07710380044</div><div>misell.dave on skype</div><div><br></div></div><div><br>On 30 Sep 2015, at 07:37, Abhijan Bhattacharyya &lt;<a href="mailto:abhijan.bhattacharyya@tcs.com">abhijan.bhattacharyya@tcs.com</a>&gt; wrote:<br><br></div><blockquote type="cite"><div><font size="2" face="sans-serif">Hi Dave,</font>
<br><font size="2" face="sans-serif">Thanks for your response. Indeed the
end-points need to have the keys provisioned before they can start to establish
a secure session. However, the focus of the draft is on secure session
establishment followed by secure exchange of full application layer message.
It would be very interesting to know if the proposed algorithm has any
merit for practical applications. </font>
<br>
<br><font size="2" face="sans-serif">Regards<br>
Abhijan Bhattacharyya<br>
Associate Consultant<br>
Scientist, Innovation Lab, Kolkata, India<br>
Tata Consultancy Services<br>
Mailto: <a href="mailto:abhijan.bhattacharyya@tcs.com">abhijan.bhattacharyya@tcs.com</a><br>
Website: </font><a href="http://www.tcs.com/"><font size="2" face="sans-serif">http://www.tcs.com</font></a><font size="2" face="sans-serif"><br>
____________________________________________<br>
Experience certainty. &nbsp; &nbsp; &nbsp; &nbsp;IT Services<br>
 &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;
&nbsp; &nbsp; &nbsp; &nbsp;Business Solutions<br>
 &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;
&nbsp; &nbsp; &nbsp; &nbsp;Consulting<br>
____________________________________________<br>
</font>
<br>
<br>
<br>
<br><font size="1" color="#5f5f5f" face="sans-serif">From: &nbsp; &nbsp; &nbsp;
&nbsp;</font><font size="1" face="sans-serif">David Misell &lt;<a href="mailto:david.misell@icloud.com">david.misell@icloud.com</a>&gt;</font>
<br><font size="1" color="#5f5f5f" face="sans-serif">To: &nbsp; &nbsp; &nbsp;
&nbsp;</font><font size="1" face="sans-serif">Abhijan Bhattacharyya
&lt;<a href="mailto:abhijan.bhattacharyya@tcs.com">abhijan.bhattacharyya@tcs.com</a>&gt;</font>
<br><font size="1" color="#5f5f5f" face="sans-serif">Date: &nbsp; &nbsp; &nbsp;
&nbsp;</font><font size="1" face="sans-serif">09/18/2015 03:36 PM</font>
<br><font size="1" color="#5f5f5f" face="sans-serif">Subject: &nbsp; &nbsp;
&nbsp; &nbsp;</font><font size="1" face="sans-serif">Re: [saag] draft-bhattacharyya-dice-less-on-coap-00</font>
<br>
<hr noshade="">
<br>
<br>
<br><font size="3">Abhijan</font>
<br><font size="3">Within containers it is required they have ssh keys, maybe
thus could be used at provisioning time.</font>
<br><font size="3">Also have you seen the 1 certificate one address </font><a href="http://blog.pivotal.io/labs/labs/sslip-io-a-valid-ssl-certificate-for-every-ip-address"><font size="3" color="blue"><u>http://blog.pivotal.io/labs/labs/sslip-io-a-valid-ssl-certificate-for-every-ip-address</u></font></a><font size="3">
code<br>
<br>
Kind Regards,</font>
<br>
<br><font size="3">Dave</font>
<br>
<br><font size="3">David S. Misell MBCS CISSP</font>
<br><font size="3">Skype misell.dave</font>
<br><font size="3">+44(0)7710380044</font>
<br><font size="3">0207 7239135</font>
<br><a href="Http://linkedin.com/in/misell"><font size="3" color="blue"><u>Http://linkedin.com/in/misell</u></font></a>
<br><a href="https://db.tt/ncfgMm3J"><font size="3" color="blue"><u>https://db.tt/ncfgMm3J</u></font></a>
<br>
<br>
<br><font size="3"><br>
On 18 Sep 2015, at 10:46, Abhijan Bhattacharyya &lt;</font><a href="mailto:abhijan.bhattacharyya@tcs.com"><font size="3" color="blue"><u>abhijan.bhattacharyya@tcs.com</u></font></a><font size="3">&gt;
wrote:<br>
</font>
<br><font size="3" face="sans-serif">Dear Saag ML,</font><font size="3"> </font><font size="3" face="sans-serif"><br>
May I please seek your attention to the following experimental draft:</font><font size="3">
</font><font size="3" color="blue"><u><br>
</u></font><a href="https://tools.ietf.org/html/draft-bhattacharyya-dice-less-on-coap-00"><font size="3" color="blue" face="sans-serif"><u>https://tools.ietf.org/html/draft-bhattacharyya-dice-less-on-coap-00</u></font></a><font size="3" face="sans-serif">.
<br>
The draft is due to expire in October, 2015.</font><font size="3"> </font><font size="3" face="sans-serif"><br>
The draft was originally submitted in Dice. However it seems, dice is not
chartered to discuss this kind of draft. So, would highly appreciate if
experts in the Saag ML spare some time to judge the proposed approach on
the basis of its merit and share there views.</font><font size="3"> <br>
</font><font size="3" face="sans-serif"><br>
Specifically, this draft tries to channel-secure the communication between
Constrained Application layer Protocol (CoAP) end-points. The key driving
factor behind this draft was that we had a feeling that the session establishment
in DTLS, even with pre-shared-key, might be bit too heavy for very much
bandwidth constrained environments. However, ones the channel is established
DTLS-PSK provides a very robust yet resource-efficient mechanism to keep
the channel secure.</font><font size="3"> <br>
</font><font size="3" face="sans-serif"><br>
So, the basic idea is:</font><font size="3"> </font>
<br><font size="2" face="sans-serif">1. &nbsp; &nbsp; &nbsp; &nbsp;</font><font size="3" face="sans-serif">Leverage
the lightweight yet reliable nature of CoAP and push the responsibility
for session establishment to the application layer. That way the application
layer has more control on the exchanges, which is desirable for constrained
networks.</font><font size="3"> </font>
<br><font size="2" face="sans-serif">2. &nbsp; &nbsp; &nbsp; &nbsp;</font><font size="3" face="sans-serif">Once
the session is established transfer the control to the transport layer
which for channel security. This will completely re-use the channel-security
provided by DTLS-PSK (thus getting all sorts of reliability and protection
from replay attack, etc. ). An interface layer would map the <i>&lt;Server_write_key,
Client_write_key, Server_IV, Client_IV&gt;</i> &nbsp;tuple &nbsp;available
from the session establishment process at the application layer to the
DTLS session parameters.</font><font size="3"> </font>
<br><font size="2" face="sans-serif">3. &nbsp; &nbsp; &nbsp; &nbsp;</font><font size="3" face="sans-serif">Since
CoAP already mandated DTLS for secure exchanges, the intention was to create
a solution which will not be disruptive, rather will be able to co-exist
with legacy DTLS implementation. The implementers will be able to mostly
reuse modules from a standard DTLS implementation and can quickly build
a system. Only the session establishment part of the DTLS protocol needs
to be switched.</font>
<br><font size="3" face="sans-serif"><br>
There can be many engineering issues to be solved. However, before proceeding
we need to validate the basic approach and the usefulness of the proposal
from experts. Any review comment is highly appreciated. The draft contains
the experimental results in the form of tables. A snapshot of the graphs
of the results from the original paper is also attached.</font><font size="3">
<br>
</font><font size="3" face="sans-serif"><br>
The R&amp;D behind this draft was published as a paper in </font><font size="3">&nbsp;</font><font size="3" face="sans-serif">"Workshop
on Pervasive Internet of Things and Smart Cities (PITSaC-2015)" in
conjunction with "Advanced Information Networking and Applications
(AINA-2015)", Gwangju, Korea, March, 2015 . <br>
The original paper can be found here: &nbsp;</font><a href="http://ieeexplore.ieee.org/xpl/articleDetails.jsp?arnumber=7096256"><font size="3" color="blue" face="sans-serif"><u>http://ieeexplore.ieee.org/xpl/articleDetails.jsp?arnumber=7096256</u></font></a><font size="3">
</font><font size="3" face="sans-serif"><br>
Some figures from the paper has been attached with this mail as ready references.</font><font size="3">
<br>
</font><font size="3" face="sans-serif"><br>
Awaiting your responses please.</font><font size="3"> </font>
<br><font size="2" face="sans-serif">&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; </font><font size="3"><br>
</font><font size="2" face="sans-serif"><br>
Regards<br>
Abhijan Bhattacharyya<br>
Associate Consultant<br>
Scientist, Innovation Lab, Kolkata, India<br>
Tata Consultancy Services<br>
Mailto: </font><a href="mailto:abhijan.bhattacharyya@tcs.com"><font size="2" color="blue" face="sans-serif"><u>abhijan.bhattacharyya@tcs.com</u></font></a><font size="2" face="sans-serif"><br>
Website: </font><a href="http://www.tcs.com/"><font size="2" color="blue" face="sans-serif"><u>http://www.tcs.com</u></font></a><font size="2" face="sans-serif"><br>
____________________________________________<br>
Experience certainty. &nbsp; &nbsp; &nbsp; &nbsp;IT Services<br>
 &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;
&nbsp; Business Solutions<br>
 &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;
&nbsp; Consulting<br>
____________________________________________</font><font size="3"><br>
<br>
<br>
<br>
</font><font size="1" color="#5f5f5f" face="sans-serif"><br>
</font>
<br><p>=====-----=====-----=====<br>
Notice: The information contained in this e-mail<br>
message and/or attachments to it may contain <br>
confidential or privileged information. If you are <br>
not the intended recipient, any dissemination, use, <br>
review, distribution, printing or copying of the <br>
information contained in this e-mail message <br>
and/or attachments to it are strictly prohibited. If <br>
you have received this communication in error, <br>
please notify us by reply e-mail or telephone and <br>
immediately and permanently delete the message <br>
and any attachments. Thank you</p>

<p></p></div></blockquote></body></html>
--Apple-Mail-B6C3CABD-99A4-4C96-81BD-4403A0240289--


From nobody Wed Sep 30 03:48:37 2015
Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 518301B59B7 for <saag@ietfa.amsl.com>; Wed, 30 Sep 2015 03:48:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.311
X-Spam-Level: 
X-Spam-Status: No, score=-4.311 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Y9vU8stZl9P3 for <saag@ietfa.amsl.com>; Wed, 30 Sep 2015 03:48:34 -0700 (PDT)
Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A20E91B5B02 for <saag@ietf.org>; Wed, 30 Sep 2015 03:48:34 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id 76665BDF9 for <saag@ietf.org>; Wed, 30 Sep 2015 11:48:33 +0100 (IST)
Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OOWL4y7eYDJa for <saag@ietf.org>; Wed, 30 Sep 2015 11:48:33 +0100 (IST)
Received: from [134.226.36.180] (stephen-think.dsg.cs.tcd.ie [134.226.36.180]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id 8EC16BDD0 for <saag@ietf.org>; Wed, 30 Sep 2015 11:48:32 +0100 (IST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cs.tcd.ie; s=mail; t=1443610113; bh=taMeqP+OnOLIAZ0FOSi2Z3ZoFxFwI71z4Y000PABOeU=; h=Subject:References:To:From:Date:In-Reply-To:From; b=UHa6go7U6BpjbAy1pKSG/PSgjjTE2O24A256q3D68i+NTj50cilDRnwj7AUnePeE/ 73tnasbUszaCNtpHJtI94A771Cz7+o78uMdPPL/KV9fCXMMSXK2HiZw906xFQIS2jE +PiSDWUsmlXHHu8UcB4i6CSdjgegg+pafnO16BtM=
References: <560BBDAE.9070606@cs.tcd.ie>
To: "saag@ietf.org" <saag@ietf.org>
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Openpgp: id=D66EA7906F0B897FB2E97D582F3C8736805F8DA2; url=
X-Forwarded-Message-Id: <560BBDAE.9070606@cs.tcd.ie>
Message-ID: <560BBE00.2090603@cs.tcd.ie>
Date: Wed, 30 Sep 2015 11:48:32 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.2.0
MIME-Version: 1.0
In-Reply-To: <560BBDAE.9070606@cs.tcd.ie>
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/saag/Nb5kTRyB0693slkFjQ9_XoTiAlQ>
Subject: [saag] Fwd: Re: [pkix] FW: New Version Notification for draft-wallace-est-alt-challenge-00.txt
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 30 Sep 2015 10:48:36 -0000

FYI, a draft I've been asked to AD sponsor. Please send feedback to
the pkix list for this one. (Or, exceptionally, offlist to me and/or
Kathleen.)

Thanks,
S.


-------- Forwarded Message --------
Subject: Re: [pkix] FW: New Version Notification for
draft-wallace-est-alt-challenge-00.txt
Date: Wed, 30 Sep 2015 11:47:10 +0100
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
To: PKIX <pkix@ietf.org>


Folks,

Carl and Max have asked me to AD sponsor this draft. Since it
seems like it's almost a bug fix, I'll probably go ahead and
do that if there are no significant objections here in the next
couple of weeks (say by Oct 15).

So if you care about EST, please take a look (it's only 8 pages)
and say what you think.

Thanks,
Stephen.

On 04/08/15 12:34, Carl Wallace wrote:
> The draft referenced below may be of interest to some on this list. It
> defines some new OIDs to disambiguate existing EST challengePassword
> attribute usage from PKCS #9/legacy usage and defines a new OID to convey
> a one-time password as an additional value or alternative to the
> tls-unique mechanism defined in EST.
> 
> On 8/3/15, 2:35 PM, "internet-drafts@ietf.org" <internet-drafts@ietf.org>
> wrote:
> 
>>
>> A new version of I-D, draft-wallace-est-alt-challenge-00.txt
>> has been successfully submitted by Carl Wallace and posted to the
>> IETF repository.
>>
>> Name:		draft-wallace-est-alt-challenge
>> Revision:	00
>> Title:		Alternative Challenge Password Attributes for Enrollment over
>> Secure Transport
>> Document date:	2015-08-03
>> Group:		Individual Submission
>> Pages:		9
>> URL:            
>> https://www.ietf.org/internet-drafts/draft-wallace-est-alt-challenge-00.tx
>> t
>> Status:         
>> https://datatracker.ietf.org/doc/draft-wallace-est-alt-challenge/
>> Htmlized:       
>> https://tools.ietf.org/html/draft-wallace-est-alt-challenge-00
>>
>>
>> Abstract:
>>   This document defines a set of new Certificate Signing Request
>>   attributes for use with the Enrollment over Secure Transport (EST)
>>   protocol.  These attributes provide disambiguation of the existing
>>   overloaded uses for the PKCS #9 challengePassword attribute.  Uses
>>   include the original certificate revocation password, common
>>   authentication password uses, and EST defined linking of transport
>>   security identity.
>>
>>                  
>>        
>>
>>
>> Please note that it may take a couple of minutes from the time of
>> submission
>> until the htmlized version and diff are available at tools.ietf.org.
>>
>> The IETF Secretariat
>>
> 
> 
> 
> 

_______________________________________________
pkix mailing list
pkix@ietf.org
https://www.ietf.org/mailman/listinfo/pkix