From nobody Mon Dec 2 03:32:17 2019 Return-Path: X-Original-To: secdispatch@ietfa.amsl.com Delivered-To: secdispatch@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 18787120047 for ; Mon, 2 Dec 2019 03:32:15 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.447 X-Spam-Level: X-Spam-Status: No, score=-2.447 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=icloud.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YwJxSAyBxeGH for ; Mon, 2 Dec 2019 03:32:12 -0800 (PST) Received: from mr85p00im-zteg06011601.me.com (mr85p00im-zteg06011601.me.com [17.58.23.186]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0743812002E for ; Mon, 2 Dec 2019 03:32:12 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=icloud.com; s=1a1hai; t=1575286330; bh=xUMUdiAwzuVZ5tQLhI9n8czFYUL3yElyuO7AXqSQHTk=; h=From:Message-Id:Content-Type:Subject:Date:To; b=oOP3jWIxyICHZpaq3mRCBTqyMEfawBpzBOxKuLWHnkEt3eAklOaW3EshDP466DCaZ w2EV4dkBqZacHb1JGLy4ZhqIXZWl6KoereuU63refz5LhiyURw2IbeVGdqF9wp74yi hqJqYfXRda7dV0A1/E+tG8ROGOcMNVqmVUiyZhkYzZyUWXmvNj9cF+GmxynZayWMtf v36Arm1gwhiRykr11fb8v73f/mxYoUYUxIZuNnj5i33fEbQiFPEvMjSJmziARRH/7r 6fbPLIcu7bMZBXOGEYnBpMU6Vm//VwlvlFry1DC0Qw1JKBcFSFEMJawf4vC1B7x2ZU HPWCazoxGVjJQ== Received: from [192.168.1.7] (c-73-241-31-81.hsd1.ca.comcast.net [73.241.31.81]) by mr85p00im-zteg06011601.me.com (Postfix) with ESMTPSA id 590E8920C8D; Mon, 2 Dec 2019 11:32:10 +0000 (UTC) From: Carrick Bartle Message-Id: Content-Type: multipart/alternative; boundary="Apple-Mail=_57CE84B2-32DC-4CE0-9AED-055EB830FAF4" Mime-Version: 1.0 (Mac OS X Mail 13.0 \(3594.4.19\)) Date: Mon, 2 Dec 2019 03:32:09 -0800 In-Reply-To: Cc: "Dr. Pala" , IETF SecDispatch , Nick Sullivan To: Tim Hollebeek References: <265ce9c3-8d24-b8c2-f13c-a54280a7ffba@openca.org> <5e81fda8-52d3-e39a-1999-ac98efd4ae70@openca.org> <58FB63D0-58A3-4610-8A86-43D6050C5FAA@icloud.com> X-Mailer: Apple Mail (2.3594.4.19) X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:, , definitions=2019-12-02_02:, , signatures=0 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=0 malwarescore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1015 mlxscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1908290000 definitions=main-1912020105 Archived-At: Subject: Re: [Secdispatch] Clarification for a question about OCSP caching from Nick (Cloudflare) X-BeenThere: secdispatch@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Dispatch List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 02 Dec 2019 11:32:15 -0000 --Apple-Mail=_57CE84B2-32DC-4CE0-9AED-055EB830FAF4 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=utf-8 > this isn=E2=80=99t about saving OCSP requests at all I'm confused then: if the revocation data on the ranges isn't cached to = be used later, how is this method any different from the status quo, = i.e. receiving an OCSP response with data on one certificate? > However, these filters express an aggregate of all the information = across multiple CRLs, and have some false positives due to the = compression. Yes, that happens, but we handle that by performing OCSP on all = positives to confirm revocation. This solves the issue of the "common = case" that Max described, whereby most certificates are not revoked: we = don't make OCSP requests for unrevoked certificates and do make requests = for those that might be, which does include some small percentage of = false positives. As for the lightbulb example, how many domains should things like = lightbulbs really be accessing anyway? I'm not an IoT expert, but I = would think that if your lightbulb is surfing the internet, something is = wrong. I would imagine it would access just a handful of domains in = normal operation, in which case it would make sense to have even just = one Bloom filter of revocation data. Carrick > On Nov 26, 2019, at 11:55 AM, Tim Hollebeek = wrote: >=20 > Hello, > =20 > I=E2=80=99m a big fan of the bloom filters that several browsers are = deploying. However, these filters express an aggregate of all the = information across multiple CRLs, and have some false positives due to = the compression. It naively seems to me that creating these bloom = filters based on compressed CRLs would be a bad idea, as it would = compound the errors. But I=E2=80=99d love to see or work with people on = data on that, because perhaps with the proper tuning that isn=E2=80=99t = really an issue. So if you=E2=80=99re using bloom filters, you probably = want to spend the time working on raw CRLs, and either way, this = proposal is of no interest to you since you=E2=80=99re not relying on = OCSP on the client side. > =20 > However, that=E2=80=99s not the use case that ranges really address. = Ranges are NOT intended for clients that want the status of multiple = certificates. Indeed, they don=E2=80=99t work particularly well for = that use case because it doesn=E2=80=99t take too many revocations = before you have to get a bit lucky for multiple of the certificates you = are interested in to be in the same range. > =20 > The real use case is for devices that do not have the storage capacity = to take advantage of the bloom filter approach. These clients still = need OCSP to be efficient for single certificates. And it is, on the = client end. However, on the server end, generating individual OCSP = responses and distributing them to a CDN for every valid certificate is = a significant workload. This is especially true because the smaller and = more resource constrained your devices are, the likelihood is you have = many, many more of them. So it makes sense to think about how to = optimize for the =E2=80=9Cmost lightbulbs are not revoked=E2=80=9D case. > Both the generation time and the amount of CDN content that needs to = be distributed is greatly reduced by allowing range-based responses. > =20 > So again, this isn=E2=80=99t about saving OCSP requests at all, and = this proposal has absolutely no impact on the very intelligent and = forward looking endpoint that choose to avoid OCSP requests by = compressing CRLs and replacing OCSP with local lookup. It=E2=80=99s = designed for systems and ecosystems who can=E2=80=99t do that, which is = not the Apple use case. > =20 > -Tim > =20 > From: Carrick Bartle =20 > Sent: Tuesday, November 26, 2019 8:43 AM > To: Dr. Pala > Cc: Nick Sullivan ; IETF SecDispatch = ; Tim Hollebeek > Subject: Re: [Secdispatch] Clarification for a question about OCSP = caching from Nick (Cloudflare) > =20 > Hi Max, > =20 > What's the current proposal? The draft = doesn't appear to = contain details beyond the notion of providing ranges and information = about the entire chain, and it doesn't seem to address the issues raised = in the PKIX and LAMPS discussions linked here = . > =20 > At Apple, we also cache OCSP responses in a compressed form, i.e. in = Bloom filters. Having the option to receive CRLs in a compressed format = like that would definitely be more efficient for us. I'm not convinced = that ranges would be as helpful. CRLs are helpful when someone is = compiling an entire catalog of revoked certificates. OCSP is helpful = when you want to check the revocation status of one particular = certificate. If OCSP is instead a hybrid of these two approaches, this = assumes that the client is going to want data on the other certificates = in the range they receive (many of which won't even exist, since, as = someone commented in the pkix thread, serial numbers are often = (usually?) randomized). I'm not sure how often that additional = revocation information is actually going to be useful to the client. = Statistics on that is the sort of data that would be helpful in = evaluating this proposal. If it turns out, for instance, that providing = ranges ends up saving only, say, 0.1% of OCSP requests, it probably = wouldn't be worth the effort. > =20 > As for returning revocation data for the entire chain, the question = must be asked: which chain? In some cases, certificates are = cross-signed, and so there is no one chain to provide revocation data = for. Is the client effectively going to delegate finding the best chain = to the OCSP responder? I'm not sure that's in the client's best = interest, and I'm not sure OCSP responders are going to want to bother = handling that. > =20 > Carrick > =20 > =20 >=20 >=20 > On Nov 20, 2019, at 2:47 PM, Dr. Pala > wrote: > =20 > Hi Nick, > thanks for the reply. My comments are inline... > On 11/20/19 1:07 PM, Nick Sullivan wrote: > Hi Max, > =20 > Thanks for your clarification. I now understand the work is aimed at = optimizing the number of signatures by the CA's OCSP responder and the = number of bytes of unique OCSP data. > =20 > Yes, that is correct. The other optimization is about the ability to = provide responses for the whole chain in a single message. >=20 > Currently, the number of OCSP signatures the CA needs to do is linear = in the number of active certificates. This proposal changes this so that = the number of signatures is linear in the number of revocations of = active certificates. It's conceptually similar to NSEC in that way: it's = a cover proposal in which the artifacts are constant size, but require a = linear number signatures in the size of the revocation set. Contrast = this with CRLs, which require a constant number of signatures, but are = linear in the size of the revocation set. So maybe the goals could be = better phrased in terms of lowering the cost of generating compared to = OCSP and distributing compared to CRLs. > =20 > I am not sure I follow. In PKIs, today, we use both mechanisms. This = is because usually the CRLs are used as a backup mechanism for OCSP - we = also need to support both because of Certification Policies (exactly as = in the Internet PKI environment), therefore it is not a choice :D The = proposed approach can be used to (a) limit the amount of data that needs = to be generated, stored, and transferred when pre-computing responses, = and (b) to compute all responses and serve them from memory - even small = instances without any hardware acceleration could achieve reasonable = performances (also for shorter validity periods in responses). >=20 > This proposal implies a middle-ground PKI deployment that has enough = revocations for CRL to be inefficient but not enough to cause the = negative space of the serial number to be of the same order as the = number of certificates. It would be great to see examples of PKIs that = motivate this optimization, which is why I suggested that data could = help. > Technically, you are correct. If we could predict the size of CRLs, we = could potentially try to understand what that threshold is. However, as = I explained in the presentation, the size is fairly unpredictable. That = is why we primarily use OCSP today. > =20 > I should also note that while this proposal reduces the number of OCSP = signatures (which can be on the order of 104 signatures for 2-year = certs), the impact is less dramatic for CAs that issue shorter-lived = certs. For example, Let's Encrypt only signs around 13 OCSP responses = for each of their 3-month certificates. > That is correct, the impact is less with short-lived certificates = because in those environment, the population of active certificates is = usually smaller. If the population is still large, you still have the = same problem. > You mention that your OCSP responses have a 7 days validity, correct ? = My question is: which considerations went into deciding such a large = validity period for the OCSP responses (7 days) ? Maybe costs = considerations drove the decision ? =46rom a security standpoint, such = long validity periods blinds clients from detecting revocation that = might happen during the 7-days validity period (the problem is worse now = with the deployment of OCSP stapling because clients do not fetch fresh = responses at connect time, AFAIK, if stapling is supported). I would = expect that few minutes validity windows or maybe few hours would be a = better choice - but how much does that cost to Let's Encrypt ? > The Cable industry has used certificates, for few decades now, for = different purposes - as a hardware certification tool and to secure our = networks - in this environment, the typical life-span of a certificate = is many years (up to 20) and it is tied to the envisioned life-span of = the device (no renewal). As you can see, in our environment, CRLs will = never be an option and OCSP simply costs too much (for an infrastructure = that, over all, has an active population of several hundreds million of = active certificates - we might be even beyond that with just the three = OpenCable, PacketCable, and DOCSIS). > Ultimately, we need to work on the solution so that we can have our = vendors to integrate it in their products, like CableModes, that are = going to be deployed (and provide internet connectivity) for hundreds of = millions of households for the next 10 to 20 years. We need to lower the = security risks associated with the infrastructures that brings Internet = to many of us - revocation is important to prevent possible compromises = to go undetected. I think that everybody who has Cable should support = this work that is going to directly impact them for many years.=20 > Cheers, > Max > P.S.: I also have other personal motivations for this work. I think = that this is also the right thing to do for non-technical reasons - I = come from the OpenSource world that so much has give for the success of = the Internet but where there is no money. More efficient technologies = could be leveraged by communities around the world who deserve good = security but costs get in the way. I know it is not a technical detail, = but I think we shall always try to have these considerations in our = minds - making the world a better place and less wasteful (energy) is an = amendable goal in general and emerging communities could really benefit = from our work. > =20 > On Tue, Nov 19, 2019 at 9:11 PM Dr. Pala > wrote: > Hi Nick, all, > at the end of the second presentation on lowering the costs of = revocation, if I am not mistaken, your question/comment (Nick) was about = the fact that Cloudflare hosts / serve most of the cached OCSP responses = and that the system does not have issues. > I am not sure if this comment is pertinent to what we are trying to = solve here... let me elaborate a bit more. > The work we have been doing around the proposed topic of work is aimed = at lowering the cost of generating and distributing these large volumes = of signed data when there is actually no need for that. By optimizing = the protocol to provide range responses (or other methods, if we decide = to go with a different approaches), we can reduce the number of = signatures needed from a CA and their distribution - very expensive = operations. > In other words, the proposal is not aimed at fixing any caching issues = because, as you noticed in your comment, that works just fine. The = proposal at hand, instead, is about fixing a problem that CAs are facing = today - high costs of deploying and running such systems. > On the other hand, your comment made me think about the caching = service you mentioned and its associated costs.=20 > Is it a service for which your company charge CAs ? If so, would you = be able to share what are currently the costs incurred by CAs to = leverage your service ? (I totally understand if you are not willing to = - after all, this is usually the secret sauce :D) > Last but not least, I also would like to point out that optimizing the = revocation can also help open-source communities, small companies, = universities, non-profit, etc. by enabling them to deploy cost-efficient = systems that can provide good quality of service using less resources = (computational, storage, network). > Please let me know, > Cheers, > Max > P.S.: If we could combine this idea with OCSP over DNS, we could = really provide access to revocation technology for everybody, not just = who can afford the price. Unfortunately we know how that discussion = went, and I still think it is a very evident mistake not doing it (I am = still working on this in my spare time - I think it is of enormous value = for emerging countries to have access to cheap secure technologies and, = in my opinion, IETF is dropping / has dropped the ball on this for = not-so-honorable reasons, I suspect...). I hope We can fix it in the = open-source community. > --=20 > Best Regards, > Massimiliano Pala, Ph.D. > OpenCA Labs Director > > --=20 > Best Regards, > Massimiliano Pala, Ph.D. > OpenCA Labs Director > > _______________________________________________ > Secdispatch mailing list > Secdispatch@ietf.org > https://www..ietf.org/mailman/listinfo/secdispatch = > =20 > _______________________________________________ > Secdispatch mailing list > Secdispatch@ietf.org > https://www.ietf.org/mailman/listinfo/secdispatch --Apple-Mail=_57CE84B2-32DC-4CE0-9AED-055EB830FAF4 Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=utf-8
this = isn=E2=80=99t about saving OCSP requests at = all

I'm confused = then: if the revocation data on the ranges isn't cached to be used = later, how is this method any different from the status quo, i.e. = receiving an OCSP response with data on one certificate?

However, these filters express = an aggregate of all the information across multiple CRLs, and have some = false positives due to the = compression.

Yes, that happens, but we handle that by = performing OCSP on all positives to confirm revocation. This solves the = issue of the "common case" that Max described, whereby most certificates = are not revoked: we don't make OCSP requests for unrevoked certificates = and do make requests for those that might be, which does include some = small percentage of false positives.

As for the lightbulb example, how many domains = should things like lightbulbs really be accessing anyway? I'm not an IoT = expert, but I would think that if your lightbulb is surfing the = internet, something is wrong. I would imagine it would access just a = handful of domains in normal operation, in which case it would make = sense to have even just one Bloom filter of revocation = data.

Carrick



On Nov 26, 2019, at 11:55 AM, = Tim Hollebeek <tim.hollebeek@digicert.com> wrote:

Hello,
 
I=E2=80=99m= a big fan of the bloom filters that several browsers are = deploying.  However, these filters express an aggregate of all the = information across multiple CRLs, and have some false positives due to = the compression.  It naively seems to me that creating these bloom = filters based on compressed CRLs would be a bad idea, as it would = compound the errors.  But I=E2=80=99d love to see or work with = people on data on that, because perhaps with the proper tuning that = isn=E2=80=99t really an issue.  So if you=E2=80=99re using bloom = filters, you probably want to spend the time working on raw CRLs, and = either way, this proposal is of no interest to you since you=E2=80=99re = not relying on OCSP on the client side.
 
However, that=E2=80=99s not the use = case that ranges really address.  Ranges are NOT intended for = clients that want the status of multiple certificates.  Indeed, = they don=E2=80=99t work particularly well for that use case because it = doesn=E2=80=99t take too many revocations before you have to get a bit = lucky for multiple of the certificates you are interested in to be in = the same range.
 
The real use case is for devices that do not have the storage = capacity to take advantage of the bloom filter approach.  These = clients still need OCSP to be efficient for single certificates.  = And it is, on the client end.  However, on the server end, = generating individual OCSP responses and distributing them to a CDN for = every valid certificate is a significant workload.  This is = especially true because the smaller and more resource constrained your = devices are, the likelihood is you have many, many more of them.  = So it makes sense to think about how to optimize for the =E2=80=9Cmost = lightbulbs are not revoked=E2=80=9D case.
Both the generation time and the amount = of CDN content that needs to be distributed is greatly reduced by = allowing range-based responses.
 
So again, this isn=E2=80=99t about = saving OCSP requests at all, and this proposal has absolutely no impact = on the very intelligent and forward looking endpoint that choose to = avoid OCSP requests by compressing CRLs and replacing OCSP with local = lookup.  It=E2=80=99s designed for systems and ecosystems who = can=E2=80=99t do that, which is not the Apple use case.
 
-Tim
 
From: Carrick Bartle <cbartle891@icloud.com> 
Sent: Tuesday, November 26, 2019 = 8:43 AM
To: Dr. Pala <madwolf@openca.org>
Cc: Nick = Sullivan <nick@cloudflare.com>; IETF SecDispatch <secdispatch@ietf.org>; Tim Hollebeek <tim.hollebeek@digicert.com>
Subject: Re: [Secdispatch] = Clarification for a question about OCSP caching from Nick = (Cloudflare)
 
Hi Max,
 
What's the current proposal? = The draft doesn't appear to contain details beyond the = notion of providing ranges and information about the entire chain, and = it doesn't seem to address the issues raised in the PKIX and LAMPS = discussions linked here.
 
At Apple, we also cache OCSP responses in a compressed form, = i.e. in Bloom filters. Having the option to receive CRLs in a compressed = format like that would definitely be more efficient for us. I'm not = convinced that ranges would be as helpful. CRLs are helpful when someone = is compiling an entire catalog of revoked certificates. OCSP is helpful = when you want to check the revocation status of one particular = certificate. If OCSP is instead a hybrid of these two approaches, this = assumes that the client is going to want data on the other certificates = in the range they receive (many of which won't even exist, since, as = someone commented in the pkix thread, serial numbers are often = (usually?) randomized). I'm not sure how often that additional = revocation information is actually going to be useful to the client. = Statistics on that is the sort of data that would be helpful in = evaluating this proposal. If it turns out, for instance, that providing = ranges ends up saving only, say, 0.1% of OCSP requests, it probably = wouldn't be worth the effort.
 
As for returning revocation data for the entire chain, the = question must be asked: which chain? In some cases, certificates are = cross-signed, and so there is no one chain to provide revocation data = for. Is the client effectively going to delegate finding the best chain = to the OCSP responder? I'm not sure that's in the client's best = interest, and I'm not sure OCSP responders are going to want to bother = handling that.
 
Carrick
 
 


On Nov 20, 2019, at 2:47 PM, Dr. Pala <madwolf@openca.org> = wrote:
 
Hi Nick,
thanks for the reply. My comments are inline...
On 11/20/19 1:07 PM, Nick Sullivan wrote:
Hi Max,
 
Thanks for your = clarification. I now understand the work is aimed at optimizing the = number of signatures by the CA's OCSP responder and the number of bytes = of unique OCSP data.
 
Yes, that is correct. = The other optimization is about the ability to provide responses for the = whole chain in a single message.

Currently, the = number of OCSP signatures the CA needs to do is linear in the number of = active certificates. This proposal changes this so that the number of = signatures is linear in the number of revocations of active = certificates. It's conceptually similar to NSEC in that way: it's a = cover proposal in which the artifacts are constant size, but require a = linear number signatures in the size of the revocation set. Contrast = this with CRLs, which require a constant number of signatures, but are = linear in the size of the revocation set. So maybe the goals could be = better phrased in terms of lowering the = cost of generating compared to OCSP = and distributing compared to = CRLs.
 
I am not sure I follow. = In PKIs, today, we use both mechanisms. This is because usually the CRLs = are used as a backup mechanism for OCSP - we also need to support both = because of Certification Policies (exactly as in the Internet PKI = environment), therefore it is not a choice :D The proposed approach can = be used to (a) limit the amount of data that needs to be generated, = stored, and transferred when pre-computing responses, and (b) to compute = all responses and serve them from memory - even small instances without = any hardware acceleration could achieve reasonable performances (also = for shorter validity periods in responses).

This proposal implies a middle-ground PKI = deployment that has enough revocations for CRL to be inefficient but not = enough to cause the negative space of the serial number to be of the = same order as the number of certificates. It would be great to see = examples of PKIs that motivate this optimization, which is why I = suggested that data could help.
Technically, you are correct. If we = could predict the size of CRLs, we could potentially try to understand = what that threshold is. However, as I explained in the presentation, the = size is fairly unpredictable. That is why we primarily use OCSP = today.
 
I should also = note that while this proposal reduces the number of OCSP signatures = (which can be on the order of 104 signatures for 2-year certs), the = impact is less dramatic for CAs that issue shorter-lived certs. For = example, Let's Encrypt only signs around 13 OCSP responses for each of = their 3-month certificates.
That is correct, the impact is less = with short-lived certificates because in those environment, the = population of active certificates is usually smaller. If the population = is still large, you still have the same problem.
You mention that your OCSP responses have a 7 days validity, = correct ? My question is: which considerations went into deciding such a = large validity period for the OCSP responses (7 days) ? Maybe costs = considerations drove the decision ? =46rom a security standpoint, such = long validity periods blinds clients from detecting revocation that = might happen during the 7-days validity period (the problem is worse now = with the deployment of OCSP stapling because clients do not fetch fresh = responses at connect time, AFAIK, if stapling is supported). I would = expect that few minutes validity windows or maybe few hours would be a = better choice - but how much does that cost to Let's Encrypt ?
The Cable industry has used certificates, for few decades = now, for different purposes - as a hardware certification tool and to = secure our networks - in this environment, the typical life-span of a = certificate is many years (up to 20) and it is tied to the envisioned = life-span of the device (no renewal). As you can see, in our = environment, CRLs will never be an option and OCSP simply costs too much = (for an infrastructure that, over all, has an active population of = several hundreds million of active certificates - we might be even = beyond that with just the three OpenCable, PacketCable, and DOCSIS).
Ultimately, we need to work on the solution so that we can = have our vendors to integrate it in their products, like CableModes, = that are going to be deployed (and provide internet connectivity) for = hundreds of millions of households for the next 10 to 20 years. We need = to lower the security risks associated with the infrastructures that = brings Internet to many of us - revocation is important to prevent = possible compromises to go undetected. I think that everybody who has = Cable should support this work that is going to directly impact them for = many years. 
Cheers,
Max
P.S.: I also have other personal motivations for this work. I = think that this is also the right thing to do for non-technical reasons = - I come from the OpenSource world that so much has give for the success = of the Internet but where there is no money. More efficient technologies = could be leveraged by communities around the world who deserve good = security but costs get in the way. I know it is not a technical detail, = but I think we shall always try to have these considerations in our = minds - making the world a better place and less wasteful (energy) is an = amendable goal in general and emerging communities could really benefit = from our work.
 
On Tue, Nov 19, 2019 at 9:11 PM Dr. Pala <madwolf@openca.org> = wrote:
Hi Nick, all,
at the end of the second presentation on lowering the costs = of revocation, if I am not mistaken, your question/comment (Nick) was = about the fact that Cloudflare hosts / serve most of the cached OCSP = responses and that the system does not have issues.
I am not sure if this comment is pertinent to what we are = trying to solve here... let me elaborate a bit more.
The work we have been doing around the proposed topic of work = is aimed at lowering the cost of generating and distributing these large volumes of = signed data when= there is actually no need for that. By optimizing the protocol to = provide range responses (or other methods, if we decide to go with a = different approaches), we can reduce the number of signatures needed = from a CA and their distribution - very expensive operations.
In other words, the proposal is not aimed at fixing any caching issues because, as you noticed in = your comment, that works just fine. The proposal at hand, instead, is = about fixing a problem that CAs are facing today - high costs of = deploying and running such systems.
On the other hand, your = comment made me think about the caching service you mentioned and its = associated costs. 
Is it a service for which your company charge CAs ? If so, = would you be able to share what are currently the costs incurred by CAs = to leverage your service ? (I totally understand if you are not willing = to - after all, this is usually the secret sauce :D)
Last but not least, I also would like to point out that = optimizing the revocation can also help open-source communities, small = companies, universities, non-profit, etc. by enabling them to deploy = cost-efficient systems that can provide good quality of service using = less resources (computational, storage, network).
Please let me know,
Cheers,
Max
P.S.: If we could combine this idea with OCSP = over DNS, we could really provide access to revocation technology for = everybody, not just who can afford the price. Unfortunately we know how = that discussion went, and I still think it is a very evident mistake not = doing it  (I am still working on this in my spare time - I think it = is of enormous value for emerging countries to have access to cheap = secure technologies and, in my opinion, IETF is dropping / has dropped = the ball on this for not-so-honorable reasons, I suspect...). I hope We = can fix it in the open-source community.
-- 
Best = Regards,
Massimiliano Pala, Ph.D.
OpenCA Labs = Director
<dhmacjdifkefaoin.png>
-- 
Best = Regards,
Massimiliano Pala, Ph.D.
OpenCA Labs = Director
<ijeffbhlgncflbab.png>
_______________________________________________Secdispatch mailing list
Secdispatch@ietf.org
https://www..ietf.org/mailman/listinfo/secdispatch
 
_______________________________________________
Secdispatch mailing = list
Secdispatch@ietf.org
https://www.ietf.org/mailman/listinfo/secdispatch
= --Apple-Mail=_57CE84B2-32DC-4CE0-9AED-055EB830FAF4-- From nobody Tue Dec 3 05:45:27 2019 Return-Path: X-Original-To: secdispatch@ietfa.amsl.com Delivered-To: secdispatch@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9FE64120019; Tue, 3 Dec 2019 05:45:25 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.001 X-Spam-Level: X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id L4jfX4uaTDmY; Tue, 3 Dec 2019 05:45:23 -0800 (PST) Received: from EUR01-DB5-obe.outbound.protection.outlook.com (mail-eopbgr150040.outbound.protection.outlook.com [40.107.15.40]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C189A12006B; Tue, 3 Dec 2019 05:45:22 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=cQ9yziiZemjJiqTGvIwwW4L5UTlGswP4Bdwhiaze3Mr2+53u6ASqUEooMGfhquC+Cjcc+LylxpXznjvKJS4juYSa273UYM261dg2Lxps9Vtx15zh53greIB7O+rwsx0yHFlW8AA+uZCybYfRBZUJeting5O/Rwxdsq2CTW9GBSILoKoi/J+LrV1GzMBGNo6QzeeBgH5Z0qHULbboWmVoP92gBWw8Kxjsa5U5DNPXJ1nE46ivrnyb4mMFkESPihTx4lgg0qYr3I9rCEX0Ve5sPn+QfsMathMnhdJdiOlWfx6oXLNOZl/ExFgpAa/RY1XxCENX7MyDcBgDkOpM8K8B2A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=BvuylkaWI4tG1XeZ1SFsIWnZDFBZZ8vlnrzsR03zw/s=; b=fq7Plv1scSCTN5KGVvD8ocmrhOHZqGYYe+VlUW+gyrkmJCM4h0QEhdYdMLiIYDYdNob4hmqyfzNmo/fXGzx7qEKx++sVMEiPSEqX0LByvJ9XCrS7IlR56SndoiuveVyhEDvxDieGUDNIS3i4ssui1eLbVzRHJz5oThmnIr6qkFWtjhX0ikA15ValI4Xi3sr8RBFQEK8LDiajrA4JCOC+PCafE9aClyt8FHfb0LxbGxjTtWIUGC8Gz0PFQNsgq+2avFxVBqgCfJrD63Q2nfwhCZPmJBTBeQa1jfJkicA5bp18o5rejpEwL0qfORbpznoOoqv4wLQRXfOTqfvBXuYE8w== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=BvuylkaWI4tG1XeZ1SFsIWnZDFBZZ8vlnrzsR03zw/s=; b=sZa4toHOA/rFHQkPIoU58w5209DZluoMBhDnFMVK8bX/dcsSiQDs0/X/1eczuZMJMh3phpRA99gzu+jAbIudWBbJQvUSQSYu1QV7McqllanSHbGC7xBcbiwXA3oontyoQ5JwFVANLwbchPLCsbt7JV03tfV6kEh8cOcYMLbugS8= Received: from VI1PR07MB5469.eurprd07.prod.outlook.com (20.178.13.205) by VI1PR07MB4047.eurprd07.prod.outlook.com (52.134.20.154) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2516.4; Tue, 3 Dec 2019 13:45:20 +0000 Received: from VI1PR07MB5469.eurprd07.prod.outlook.com ([fe80::a9f2:dbed:2252:2cec]) by VI1PR07MB5469.eurprd07.prod.outlook.com ([fe80::a9f2:dbed:2252:2cec%4]) with mapi id 15.20.2516.003; Tue, 3 Dec 2019 13:45:19 +0000 From: Francesca Palombini To: "secdispatch@ietf.org" CC: "secdispatch-chairs@ietf.org" Thread-Topic: IETF 106 minutes Thread-Index: AQHVqd/nPg3jMBsebEOAq4N99IwmtA== Date: Tue, 3 Dec 2019 13:45:19 +0000 Message-ID: <988F76D2-A300-49E2-8AB8-BDF0E835A029@ericsson.com> Accept-Language: en-GB, en-US Content-Language: en-GB X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: spf=none (sender IP is ) smtp.mailfrom=francesca.palombini@ericsson.com; x-originating-ip: [192.176.1.84] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: b5c62ea3-291c-454c-a5b1-08d777f709b3 x-ms-traffictypediagnostic: VI1PR07MB4047: x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:9508; x-forefront-prvs: 02408926C4 x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(366004)(396003)(136003)(376002)(39860400002)(346002)(189003)(199004)(66476007)(91956017)(6486002)(36756003)(316002)(76116006)(6436002)(86362001)(2501003)(606006)(186003)(26005)(5660300002)(99286004)(6306002)(6512007)(4744005)(4326008)(450100002)(33656002)(2351001)(5640700003)(66556008)(66446008)(64756008)(6506007)(54896002)(236005)(66946007)(102836004)(478600001)(966005)(6916009)(14454004)(7116003)(71190400001)(71200400001)(25786009)(6116002)(3846002)(9326002)(256004)(81156014)(2906002)(8936002)(2616005)(8676002)(7736002)(44832011)(1730700003)(81166006); DIR:OUT; SFP:1101; SCL:1; SRVR:VI1PR07MB4047; H:VI1PR07MB5469.eurprd07.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1; received-spf: None (protection.outlook.com: ericsson.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: o4N0IsegbSZXbsxhFl9D1dLFAAuYr3NbNlmD4vbovxgwiltbFcEJ2tbZK/SGf64zHk/bn7XYwwZ+acTFTKuoxFSBXtNcNGuXtuIZzzqhcfT02Rsy8EcMrQzWo8f9mWyGCyhNtgdV+WXuLv1X2QI/XsP8LIxLzz0Ntx0nJZU/PVlMrvJlMM39R5aJWKukXhi06sL5saYXkD75cTjRmHwXA+2luUfEuSWi6ObJMgOXMXVoGHSTq9NWctKZ4wCxS0mMZmLHob/G9ObUa0BKSLa8mfH780L4ME4yEQuhlGLKYvpW2ZepwUzDmUkPr7/cjWVe3Fr98B6ZrUS9ouiLja4oqqavaWxsiN1BrhRyI4Qsm+XzRiVNivnGvhzzR5VYT1ILgN2/A0k93Y0HsHLhs6yRuObvY+HL0iNnxkllh2YGoVGbfLOSIAQPFyHgwQTGMqB+gq/SLtR6cbc7VtIhpIRPtkZEz/ezzcMhJ7ae1+4DzxE= x-ms-exchange-transport-forked: True Content-Type: multipart/alternative; boundary="_000_988F76D2A30049E28AB8BDF0E835A029ericssoncom_" MIME-Version: 1.0 X-OriginatorOrg: ericsson.com X-MS-Exchange-CrossTenant-Network-Message-Id: b5c62ea3-291c-454c-a5b1-08d777f709b3 X-MS-Exchange-CrossTenant-originalarrivaltime: 03 Dec 2019 13:45:19.8181 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: hlWKEWYxfISOYwhysZmW+FZLhTGZV5EY/g6+lZUOxSWc+NIScguEYjhz5/wpI0RFShVlWwPYHgVL235fDGYyqFIRHzPrE3uJiEniNAO8Sk4W7wJpfWICxC8B/D9AxlbH X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1PR07MB4047 Archived-At: Subject: [Secdispatch] IETF 106 minutes X-BeenThere: secdispatch@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Dispatch List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 03 Dec 2019 13:45:26 -0000 --_000_988F76D2A30049E28AB8BDF0E835A029ericssoncom_ Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 SGksDQoNClRoZSBtaW51dGVzIGZvciBvdXIgc2Vzc2lvbiBhdCBJRVRGIDEwNiB3ZXJlIHBvc3Rl ZDogaHR0cHM6Ly9kYXRhdHJhY2tlci5pZXRmLm9yZy9tZWV0aW5nLzEwNi9tYXRlcmlhbHMvbWlu dXRlcy0xMDYtc2VjZGlzcGF0Y2gNCg0KVGhhbmsgeW91IHZlcnkgbXVjaCBSaWNoIGFuZCBHaXJp IGZvciBiZWluZyBvdXIgbWludXRlIHRha2VycyENCg0KVGhlIG1pbnV0ZXMgaW5jbHVkZSBhIGxp bmsgdG8gdGhlIHlvdXR1YmUgcmVjb3JkaW5nczogaHR0cHM6Ly93d3cueW91dHViZS5jb20vd2F0 Y2g/dj1DWUJoTFEwLWZ3RQ0KDQpBbGwgdGhlIHBhcnRpY2lwYW50cywgcGxlYXNlIG1ha2Ugc3Vy ZSB5b3VyIGNvbW1lbnQgd2FzIGNhcHR1cmVkIGNvcnJlY3RseSwgYW5kIGlmIHRoZXJlIGlzIGFu eXRoaW5nIHlvdeKAmWQgbGlrZSByZXZpc2VkIHBsZWFzZSBsZXQgdGhlIGNoYWlycyBrbm93Lg0K DQpUaGFua3MsDQpGcmFuY2VzY2ENCg0K --_000_988F76D2A30049E28AB8BDF0E835A029ericssoncom_ Content-Type: text/html; charset="utf-8" Content-ID: <628FBCF59DCB6D42B0BFE8C4F7E9AB21@eurprd07.prod.outlook.com> Content-Transfer-Encoding: base64 PGh0bWwgeG1sbnM6bz0idXJuOnNjaGVtYXMtbWljcm9zb2Z0LWNvbTpvZmZpY2U6b2ZmaWNlIiB4 bWxuczp3PSJ1cm46c2NoZW1hcy1taWNyb3NvZnQtY29tOm9mZmljZTp3b3JkIiB4bWxuczptPSJo dHRwOi8vc2NoZW1hcy5taWNyb3NvZnQuY29tL29mZmljZS8yMDA0LzEyL29tbWwiIHhtbG5zPSJo dHRwOi8vd3d3LnczLm9yZy9UUi9SRUMtaHRtbDQwIj4NCjxoZWFkPg0KPG1ldGEgaHR0cC1lcXVp dj0iQ29udGVudC1UeXBlIiBjb250ZW50PSJ0ZXh0L2h0bWw7IGNoYXJzZXQ9dXRmLTgiPg0KPG1l dGEgbmFtZT0iR2VuZXJhdG9yIiBjb250ZW50PSJNaWNyb3NvZnQgV29yZCAxNSAoZmlsdGVyZWQg bWVkaXVtKSI+DQo8c3R5bGU+PCEtLQ0KLyogRm9udCBEZWZpbml0aW9ucyAqLw0KQGZvbnQtZmFj ZQ0KCXtmb250LWZhbWlseToiQ2FtYnJpYSBNYXRoIjsNCglwYW5vc2UtMToyIDQgNSAzIDUgNCA2 IDMgMiA0O30NCkBmb250LWZhY2UNCgl7Zm9udC1mYW1pbHk6Q2FsaWJyaTsNCglwYW5vc2UtMToy IDE1IDUgMiAyIDIgNCAzIDIgNDt9DQovKiBTdHlsZSBEZWZpbml0aW9ucyAqLw0KcC5Nc29Ob3Jt YWwsIGxpLk1zb05vcm1hbCwgZGl2Lk1zb05vcm1hbA0KCXttYXJnaW46MGNtOw0KCW1hcmdpbi1i b3R0b206LjAwMDFwdDsNCglmb250LXNpemU6MTIuMHB0Ow0KCWZvbnQtZmFtaWx5OiJDYWxpYnJp IixzYW5zLXNlcmlmOw0KCW1zby1mYXJlYXN0LWxhbmd1YWdlOkVOLVVTO30NCmE6bGluaywgc3Bh bi5Nc29IeXBlcmxpbmsNCgl7bXNvLXN0eWxlLXByaW9yaXR5Ojk5Ow0KCWNvbG9yOiMwNTYzQzE7 DQoJdGV4dC1kZWNvcmF0aW9uOnVuZGVybGluZTt9DQphOnZpc2l0ZWQsIHNwYW4uTXNvSHlwZXJs aW5rRm9sbG93ZWQNCgl7bXNvLXN0eWxlLXByaW9yaXR5Ojk5Ow0KCWNvbG9yOiM5NTRGNzI7DQoJ dGV4dC1kZWNvcmF0aW9uOnVuZGVybGluZTt9DQpzcGFuLkVtYWlsU3R5bGUxNw0KCXttc28tc3R5 bGUtdHlwZTpwZXJzb25hbC1jb21wb3NlOw0KCWZvbnQtZmFtaWx5OiJDYWxpYnJpIixzYW5zLXNl cmlmOw0KCWNvbG9yOndpbmRvd3RleHQ7fQ0KLk1zb0NocERlZmF1bHQNCgl7bXNvLXN0eWxlLXR5 cGU6ZXhwb3J0LW9ubHk7DQoJbXNvLWZhcmVhc3QtbGFuZ3VhZ2U6RU4tVVM7fQ0KQHBhZ2UgV29y ZFNlY3Rpb24xDQoJe3NpemU6NjEyLjBwdCA3OTIuMHB0Ow0KCW1hcmdpbjo3Mi4wcHQgNzIuMHB0 IDcyLjBwdCA3Mi4wcHQ7fQ0KZGl2LldvcmRTZWN0aW9uMQ0KCXtwYWdlOldvcmRTZWN0aW9uMTt9 DQotLT48L3N0eWxlPg0KPC9oZWFkPg0KPGJvZHkgbGFuZz0iRU4tR0IiIGxpbms9IiMwNTYzQzEi IHZsaW5rPSIjOTU0RjcyIj4NCjxkaXYgY2xhc3M9IldvcmRTZWN0aW9uMSI+DQo8cCBjbGFzcz0i TXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjExLjBwdCI+SGksPG86cD48L286cD48 L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZTox MS4wcHQiPjxvOnA+Jm5ic3A7PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwi PjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0Ij5UaGUgbWludXRlcyBmb3Igb3VyIHNlc3Np b24gYXQgSUVURiAxMDYgd2VyZSBwb3N0ZWQ6DQo8YSBocmVmPSJodHRwczovL2RhdGF0cmFja2Vy LmlldGYub3JnL21lZXRpbmcvMTA2L21hdGVyaWFscy9taW51dGVzLTEwNi1zZWNkaXNwYXRjaCI+ DQpodHRwczovL2RhdGF0cmFja2VyLmlldGYub3JnL21lZXRpbmcvMTA2L21hdGVyaWFscy9taW51 dGVzLTEwNi1zZWNkaXNwYXRjaDwvYT4gPG86cD4NCjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFz cz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjExLjBwdCI+PG86cD4mbmJzcDs8 L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQt c2l6ZToxMS4wcHQiPlRoYW5rIHlvdSB2ZXJ5IG11Y2ggUmljaCBhbmQgR2lyaSBmb3IgYmVpbmcg b3VyIG1pbnV0ZSB0YWtlcnMhDQo8bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNv Tm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjExLjBwdCI+PGJyPg0KVGhlIG1pbnV0ZXMg aW5jbHVkZSBhIGxpbmsgdG8gdGhlIHlvdXR1YmUgcmVjb3JkaW5nczogPGEgaHJlZj0iaHR0cHM6 Ly93d3cueW91dHViZS5jb20vd2F0Y2g/dj1DWUJoTFEwLWZ3RSI+DQpodHRwczovL3d3dy55b3V0 dWJlLmNvbS93YXRjaD92PUNZQmhMUTAtZndFPC9hPiA8bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8 cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjExLjBwdCI+PG86cD4m bmJzcDs8L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9 ImZvbnQtc2l6ZToxMS4wcHQ7Y29sb3I6YmxhY2s7bXNvLWZhcmVhc3QtbGFuZ3VhZ2U6RU4tR0Ii PkFsbCB0aGUgcGFydGljaXBhbnRzLCBwbGVhc2UgbWFrZSBzdXJlIHlvdXIgY29tbWVudCB3YXMg Y2FwdHVyZWQgY29ycmVjdGx5LCBhbmQgaWYgdGhlcmUgaXMgYW55dGhpbmcgeW914oCZZCBsaWtl IHJldmlzZWQgcGxlYXNlIGxldCB0aGUgY2hhaXJzIGtub3cuPC9zcGFuPjxzcGFuIHN0eWxlPSJj b2xvcjpibGFjazttc28tZmFyZWFzdC1sYW5ndWFnZTpFTi1HQiI+PG86cD48L286cD48L3NwYW4+ PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7 Y29sb3I6YmxhY2s7bXNvLWZhcmVhc3QtbGFuZ3VhZ2U6RU4tR0IiPiZuYnNwOzwvc3Bhbj48c3Bh biBzdHlsZT0iY29sb3I6YmxhY2s7bXNvLWZhcmVhc3QtbGFuZ3VhZ2U6RU4tR0IiPjxvOnA+PC9v OnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LXNp emU6MTEuMHB0O2NvbG9yOmJsYWNrO21zby1mYXJlYXN0LWxhbmd1YWdlOkVOLUdCIj5UaGFua3Ms PGJyPg0KRnJhbmNlc2NhPC9zcGFuPjxzcGFuIHN0eWxlPSJjb2xvcjpibGFjazttc28tZmFyZWFz dC1sYW5ndWFnZTpFTi1HQiI+PG86cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05v cm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQiPjxvOnA+Jm5ic3A7PC9vOnA+PC9z cGFuPjwvcD4NCjwvZGl2Pg0KPC9ib2R5Pg0KPC9odG1sPg0K --_000_988F76D2A30049E28AB8BDF0E835A029ericssoncom_-- From nobody Wed Dec 4 15:36:01 2019 Return-Path: X-Original-To: secdispatch@ietfa.amsl.com Delivered-To: secdispatch@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B883312003F for ; Wed, 4 Dec 2019 15:35:58 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.898 X-Spam-Level: X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=entrustdatacardcorp.onmicrosoft.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jpEtjkgakWCz for ; Wed, 4 Dec 2019 15:35:55 -0800 (PST) Received: from mx1.entrustdatacard.com (mx1.entrustdatacard.com [204.124.80.220]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8F591120072 for ; Wed, 4 Dec 2019 15:35:55 -0800 (PST) IronPort-SDR: tLFum1C4D6wMNGHKwkcDMOoRJ13VF0Ikdw3JAEjgxmQeAp0+Z4LaRqv/X/Y+jUwODmNc2xCaCi PieqA8yg70/Q== X-IronPort-AV: E=Sophos; i="5.69,279,1571720400"; d="scan'208,217"; a="63078374" Received: from pmspex01.corporate.datacard.com (HELO owa.entrustdatacard.com) ([192.168.211.29]) by pmspesa03inside.corporate.datacard.com with ESMTP/TLS/ECDHE-RSA-AES256-SHA384; 04 Dec 2019 17:35:54 -0600 Received: from PMSPEX04.corporate.datacard.com (192.168.211.51) by pmspex01.corporate.datacard.com (192.168.211.29) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Wed, 4 Dec 2019 17:35:54 -0600 Received: from NAM02-BL2-obe.outbound.protection.outlook.com (172.28.1.8) by PMSPEX04.corporate.datacard.com (192.168.211.51) with Microsoft SMTP Server (TLS) id 15.0.1497.2 via Frontend Transport; Wed, 4 Dec 2019 17:35:54 -0600 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=lpJDSFJjk0+/J0YE0RLy8inBUx83qAonH+tyJ84CZQQDiqSNpD4QgYRnWp9IWtfy8eILeDs9n+0e3EqRbkTaeXvRyJ9jRHsV5vTyuwxUcWtMjnLmdWAXS3zhMAnTLRIIdwsG0C8ENdm4RPT/YAiAtG5DEDd3sBFvpKfBn1eXPRj4Hvy4viPnrfl7xgtqXMEqgG8RC/0G+ehdkdmqZcqKn1kgoMXseXs+aZ1PXs1PS/KAQkJtorHFWZwRLDE1ik1aSUCn1Fr5Be5Zsv8uPqzA6k05xOiZyqYvu+arPeKRghsZ9QjVhDzTlRMZL4dmAvR15+F1KeqAv+sDRLgnayHmpQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=jv9R4eyuhl6Fc4CTHtFQr77uJf0+up6zjONFffWgc2Q=; b=iiQngWhx6eZBfmtzT0aRXh0oVW6P5WGQ3/fdAxWpPnVvSrGZf1NNR9M0pukz4vTIR2vrNn7aTIxtAcMaN4ZRfoaKh+iU60OXBPRvT8SZmBf/sEBdgJX9A2qs6kw4JeVaC8pXuA0DvSdmXOMhPlk4njyqoJjzwUb1TH9zZ4ejWwde3lUXMs/yuHRBMuPoFDxdXNMScaHbfDWL7eJtLKCSMTEy8aIuJvMvdEYYNcsfzmctktCoEefTwjvUNYZMfKV4F+ByIc8gn7YqqgQrHiKJ7NveL9XC/MKlWh2hg78sAFwBD27JBPDvK7mND4eGZatUktbREiVuB37wIMQHbIMcSw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=entrustdatacard.com; dmarc=pass action=none header.from=entrustdatacard.com; dkim=pass header.d=entrustdatacard.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=entrustdatacardcorp.onmicrosoft.com; s=selector1-entrustdatacardcorp-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=jv9R4eyuhl6Fc4CTHtFQr77uJf0+up6zjONFffWgc2Q=; b=CSy9DEudN5wO84y/JrO6mgE05L4OqcQaAwA1JOn6gR1kdn6yZvNOhQbZwIaj4NvfDzgSO7peNbzWnYwBfNyMdifd4WDAGrJBZm7KO3yc3qXeakxuTNIkrZswMC4HH5YFQYym8VaYXGPe/kXKjM1OeGRHrhGW8hrb4o5NojzkHH8= Received: from MN2PR11MB3710.namprd11.prod.outlook.com (20.178.252.147) by MN2PR11MB3773.namprd11.prod.outlook.com (20.178.253.160) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2516.12; Wed, 4 Dec 2019 23:35:52 +0000 Received: from MN2PR11MB3710.namprd11.prod.outlook.com ([fe80::6525:fc5b:ffbb:acd]) by MN2PR11MB3710.namprd11.prod.outlook.com ([fe80::6525:fc5b:ffbb:acd%3]) with mapi id 15.20.2516.013; Wed, 4 Dec 2019 23:35:51 +0000 From: Mike Ounsworth To: John Mattsson , "Markku-Juhani O. Saarinen" CC: "secdispatch@ietf.org" Thread-Topic: [Secdispatch] Problem statement for post-quantum multi-algorithm PKI Thread-Index: AQHVpecLpHJHmOEnXEOYqj9f1Ns8IaeqqQ7w Date: Wed, 4 Dec 2019 23:35:51 +0000 Message-ID: References: <84C6334F-BDB3-40F1-AEB1-6F4B4B4C06C5@ericsson.com> In-Reply-To: <84C6334F-BDB3-40F1-AEB1-6F4B4B4C06C5@ericsson.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: spf=none (sender IP is ) smtp.mailfrom=Mike.Ounsworth@entrustdatacard.com; x-originating-ip: [70.76.144.81] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: cccb7dd0-6535-41b5-0949-08d77912b33c x-ms-traffictypediagnostic: MN2PR11MB3773: x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:8882; x-forefront-prvs: 0241D5F98C x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(346002)(396003)(136003)(366004)(39860400002)(376002)(199004)(189003)(7696005)(76176011)(6306002)(33656002)(99286004)(4326008)(9686003)(54896002)(102836004)(6506007)(110136005)(316002)(6246003)(26005)(76116006)(478600001)(5660300002)(55016002)(66446008)(66556008)(66946007)(3846002)(6116002)(2906002)(6436002)(229853002)(790700001)(53546011)(52536014)(66476007)(64756008)(186003)(966005)(86362001)(14454004)(7736002)(74316002)(14444005)(81156014)(25786009)(8676002)(71200400001)(5024004)(81166006)(8936002)(71190400001)(11346002); DIR:OUT; SFP:1102; SCL:1; SRVR:MN2PR11MB3773; H:MN2PR11MB3710.namprd11.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1; x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: vlrMGIG/KpKT0Mx+lD6v4F0Ek/N5rFkmZ5OLeky/pN3CUgrEA+NhTPw63pz0osw/srVg/ZhctfX8ozrDzB4oV2v2qU70KTNvjRYc8Cz3MGzwWAVqywOyo80dFAZ8iLwR5MBzjUaK6ctjOaUZETnNljg6V1ww3cMfDOcV8Y7R8ZCoVCJ5BQfvMImYGFi0sY8lHyNDMpt+uKbwT31Q0tPgiBfDtreFR/NzxvXxQ2jge9bzk8xv7smVosxTnsJG+9+4Brq/TZiTWI8/lntKAjrvcynWiXVPtX9MrNwKzSx8AO6gV4KOgbpfyvLV8haHOgL7h5Cha1glBepE3hlR32R/Uamo/jWX+RvTUx6Mv3uI4liZxmw4uip1hx4y4QkT0Uxq15YiIW6D803aacOiq+8GPpgHcyDg/6KLCN45QJ2/U1ucMxAq1X/D+A7rjA0qtZfh5T2d5t+3hE2aU9E+mzOgT/rH1cVB/gHMvdf42sd9nFw= x-ms-exchange-transport-forked: True Content-Type: multipart/alternative; boundary="_000_MN2PR11MB37102B2DF33A10636791EDBA9B5D0MN2PR11MB3710namp_" MIME-Version: 1.0 X-MS-Exchange-CrossTenant-Network-Message-Id: cccb7dd0-6535-41b5-0949-08d77912b33c X-MS-Exchange-CrossTenant-originalarrivaltime: 04 Dec 2019 23:35:51.8273 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: f46cf439-27ef-4acf-a800-15072bb7ddc1 X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: yELDe77nDr+rVH36ZTibWR76SUkpOCZKVMoVaoPcU8EEH/u09nErTnqgCDFWFPZFJNzwdxX92VmOouGxLWA7UU5gSIGp72Ft8UeoAb/ORr9ZnaZtDta/B4nlNzv1xrKf X-MS-Exchange-Transport-CrossTenantHeadersStamped: MN2PR11MB3773 X-OriginatorOrg: entrustdatacard.com Archived-At: Subject: Re: [Secdispatch] Problem statement for post-quantum multi-algorithm PKI X-BeenThere: secdispatch@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Dispatch List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 04 Dec 2019 23:35:59 -0000 --_000_MN2PR11MB37102B2DF33A10636791EDBA9B5D0MN2PR11MB3710namp_ Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 QXMgYW4gYXV0aG9yIG9mIGEgY291cGxlIG9mIHRoZSDigJxoeWJyaWTigJ0gY2VydGlmaWNhdGUg ZHJhZnRzIHlvdSBtZW50aW9uLCBJIGNhbiBtYXliZSBhZGQgc29tZSBjb250ZXh0Lg0KDQpJbiB0 aGUgWC41MDkgY2VydGlmaWNhdGUgc3BhY2UsIHdlIGhhZCBiZWVuIHVzaW5nIHRoZSB3b3JkIOKA nGh5YnJpZCBjZXJ0aWZpY2F0ZeKAnSB0byByZWZlciB0byBkcmFmdC10cnVza292c2t5LWxhbXBz LXBxLWh5YnJpZC14NTA5LiBTaW5jZSB0aGlzIGlzIEEpIElQIG93bmVkIGJ5IElTQVJBLCBhbmQg QikgSVNBUkEgaGFzIG5vdyBicmFuZGVkIHRoaXMgYXMgYW4gSVNBUkEgQ2F0YWx5c3QgQWdpbGUg RGlnaXRhbCBDZXJ0aWZpY2F0ZSwgbWF5YmUgdGhhdCBzb2x2ZXMgdGhlIHByb2JsZW0gb2YgdGVy bS1vdmVybG9hZGluZy4NCmh0dHBzOi8vd3d3LmlzYXJhLmNvbS9jYXRhbHlzdC8NCg0KV2UgaGF2 ZSBiZWVuIHVzaW5nIHRoZSB0ZXJtIOKAnGNvbXBvc2l0ZSBjZXJ0aWZpY2F0ZSAvIHNpZ25hdHVy ZeKAnSB0byByZWZlciB0byBkcmFmdC1vdW5zd29ydGgtcHEtY29tcG9zaXRlLXNpZ3MuIElmIOKA nGNvbXBvc2l0ZeKAnSBpcyBnb2luZyB0byBiZWNvbWUgdGhlIG1vc3QgZ2VuZXJpYyB1bWJyZWxs YSB0ZXJtLCB0aGVuIHBlcmhhcHMgd2UgbmVlZCB0byB0aGluayBvZiBhIG5ldyBuYW1lIHRvIGF0 dGFjaCB0byB0aGlzIGRyYWZ0Pw0KDQotLS0NCk1pa2UgT3Vuc3dvcnRoDQpTb2Z0d2FyZSBTZWN1 cml0eSBBcmNoaXRlY3QsIEVudHJ1c3QgRGF0YWNhcmQNCg0KRnJvbTogU2VjZGlzcGF0Y2ggPHNl Y2Rpc3BhdGNoLWJvdW5jZXNAaWV0Zi5vcmc+IE9uIEJlaGFsZiBPZiBKb2huIE1hdHRzc29uDQpT ZW50OiBUaHVyc2RheSwgTm92ZW1iZXIgMjgsIDIwMTkgNjoyNiBBTQ0KVG86IE1hcmtrdS1KdWhh bmkgTy4gU2FhcmluZW4gPG1qb3NAcHFzaGllbGQuY29tPg0KQ2M6IHNlY2Rpc3BhdGNoQGlldGYu b3JnDQpTdWJqZWN0OiBbRVhURVJOQUxdUmU6IFtTZWNkaXNwYXRjaF0gUHJvYmxlbSBzdGF0ZW1l bnQgZm9yIHBvc3QtcXVhbnR1bSBtdWx0aS1hbGdvcml0aG0gUEtJDQoNCldBUk5JTkc6IFRoaXMg ZW1haWwgb3JpZ2luYXRlZCBvdXRzaWRlIG9mIEVudHJ1c3QgRGF0YWNhcmQuDQpETyBOT1QgQ0xJ Q0sgbGlua3Mgb3IgYXR0YWNobWVudHMgdW5sZXNzIHlvdSB0cnVzdCB0aGUgc2VuZGVyIGFuZCBr bm93IHRoZSBjb250ZW50IGlzIHNhZmUuDQpfX19fX19fX19fX19fX19fX19fX19fX19fX19fX19f Xw0KSSB3b3VsZCBiZSBmaW5lIHdpdGggdGhlIHdvcmQg4oCcY29tcG9zaXRl4oCdIGZvciBib3Ro IGtleSBlc3RhYmxpc2htZW50IGFuZCBzaWduYXR1cmVzLg0KDQpBbm90aGVyIHJlYXNvbiDigJxk dWFs4oCdIGlzIG5vdCBhIGdvb2QgY2hvaWNlIGlzIHRoYXQgbWFueSBvZiB0aGUgc3VnZ2VzdGVk IHNvbHV0aW9ucyBhbGxvdyBtb3JlIHRoYW4gdHdvIGFsZ29yaXRobXMuDQoNCkhvcGVmdWxseSBO SVNUIGFncmVlcyBhbmQgaXMgaGFwcHkgdG8gYWxpZ24gb24gdGVybWlub2xvZ3kgdG9nZXRoZXIg d2l0aCBJRVRGLiBBcyB5b3UgcG9pbnQgb3V0IHRoZXkgYXJlIGFsc28gdXNpbmcgbXVsdGlwbGUg dGVybXMgbGlrZSDigJxkdWFs4oCdIGFuZCDigJxoeWJyaWTigJ0uDQoNCkNoZWVycywNCkpvaG4N Cg0KRnJvbTogIk1hcmtrdS1KdWhhbmkgTy4gU2FhcmluZW4iIDxtam9zQHBxc2hpZWxkLmNvbTxt YWlsdG86bWpvc0BwcXNoaWVsZC5jb20+Pg0KRGF0ZTogVGh1cnNkYXksIDI4IE5vdmVtYmVyIDIw MTkgYXQgMTI6MTgNClRvOiBKb2huIE1hdHRzc29uIDxqb2huLm1hdHRzc29uQGVyaWNzc29uLmNv bTxtYWlsdG86am9obi5tYXR0c3NvbkBlcmljc3Nvbi5jb20+Pg0KQ2M6ICJzZWNkaXNwYXRjaEBp ZXRmLm9yZzxtYWlsdG86c2VjZGlzcGF0Y2hAaWV0Zi5vcmc+IiA8c2VjZGlzcGF0Y2hAaWV0Zi5v cmc8bWFpbHRvOnNlY2Rpc3BhdGNoQGlldGYub3JnPj4NClN1YmplY3Q6IFJlOiBbU2VjZGlzcGF0 Y2hdIFByb2JsZW0gc3RhdGVtZW50IGZvciBwb3N0LXF1YW50dW0gbXVsdGktYWxnb3JpdGhtIFBL SQ0KDQpIaSwNCg0KQWdyZWUgdGhhdCBIeWJyaWQgc2hvdWxkIGJlIFBLRS9LRU0gKyBERU0uIFRo YXQncyB3aGF0IEkgbGVhcm5lZCBpbiBzY2hvb2wgYW5kIHRoYXQncyB3aGF0IGNyeXB0b2dyYXBo eSB0ZXh0Ym9va3MgaGF2ZSBzYWlkIGZvciBkZWNhZGVzIChhbHRob3VnaCB0aGUgY3VycmVudCBL RU0vREVNIHRlcm1pbm9sb2d5IGlzIG5ld2VyKS4NCg0KTm90ZSB0aGF0IHRvIGFkZCB0byB0aGUg Y29uZnVzaW9uLCBOSVNUIGRpc2N1c3NlcyAiZHVhbCBzaWduYXR1cmVzIiAobm90IHRvIGJlIGNv bmZ1c2VkIHdpdGggMTk5MCdzIFNFVCAiZHVhbCBzaWduYXR1cmVzIikgaW4gdGhlaXIgcHJvcG9z ZWQgYW1lbmRtZW50IHRvIHRoZSBOSVNUIFBRQyBGQVEuDQoNCkR1c3RpbiBNb29keSAoTklTVCks IE9jdG9iZXIgMzA6ICJJcyBpdCBwb3NzaWJsZSBmb3IgYSBkdWFsIHNpZ25hdHVyZSB0byBiZSB2 YWxpZGF0ZWQgYWNjb3JkaW5nIHRvIEZJUFMgMTQwPyIgaHR0cHM6Ly9ncm91cHMuZ29vZ2xlLmNv bS9hL2xpc3QubmlzdC5nb3YvZC9tc2cvcHFjLWZvcnVtL3FSUDYzdWNXSWdzL3JZNVNyXzUyQUFB SjxodHRwczovL3Byb3RlY3QyLmZpcmVleWUuY29tL3YxL3VybD9rPThmZTIwMDk3LWQzNjhjYTQ5 LThmZTI0MDBjLTg2ODIzZTI3MGE2Mi04NWMwMjg3Y2YwYTFkNzIxJnE9MSZlPTMxMTcyNjE4LTFl NTMtNDAxOC04Zjg4LWUxZDA2NGViZTBmOCZ1PWh0dHBzJTNBJTJGJTJGZ3JvdXBzLmdvb2dsZS5j b20lMkZhJTJGbGlzdC5uaXN0LmdvdiUyRmQlMkZtc2clMkZwcWMtZm9ydW0lMkZxUlA2M3VjV0ln cyUyRnJZNVNyXzUyQUFBSj4NCg0KU2FkbHkgaGlzIGtleS1lc3RhYmxpc2htZW50IGlzIHN0aWxs ICJoeWJyaWQiLiBIb3BlZnVsbHkgd2UgY2FuIGNoYW5nZSB0aGlzLg0KDQpBIHF1aWNrIHBvbGwg aW4gdGhpcyBwYXJ0aWN1bGFyIG9mZmljZSBzZWVtcyB0byBmYXZvdXIgdGhlIHdvcmQgImNvbXBv c2l0ZSIgZm9yIGJvdGgga2V5IGVzdGFibGlzaG1lbnQgYW5kIHNpZ25hdHVyZXMuDQoNCkNoZWVy cywNCi0gbWFya2t1DQoNCkRyLiBNYXJra3UtSnVoYW5pIE8uIFNhYXJpbmVuIDxtam9zQHBxc2hp ZWxkLmNvbTxtYWlsdG86bWpvc0BwcXNoaWVsZC5jb20+PiBQUVNoaWVsZCwgT3hmb3JkIFVLLg0K DQoNCk9uIFRodSwgTm92IDI4LCAyMDE5IGF0IDEwOjQxIEFNIEpvaG4gTWF0dHNzb24gPGpvaG4u bWF0dHNzb249NDBlcmljc3Nvbi5jb21AZG1hcmMuaWV0Zi5vcmc8bWFpbHRvOjQwZXJpY3Nzb24u Y29tQGRtYXJjLmlldGYub3JnPj4gd3JvdGU6DQpIaSwNCg0KVGhlcmUgYXJlIG5vdyB0d28gdmVy eSBkaWZmZXJlbnQgdXNlIGNhc2VzIG9mIHRoZSB3b3JkICdoeWJyaWQnIGJlaW5nIGRpc2N1c3Nl ZCBpbiBJUlRGL0lFVEYuDQoNCkNvbWJpbmF0aW9uIG9mIEtFTSArIERFTToNCg0KaHR0cHM6Ly90 b29scy5pZXRmLm9yZy9odG1sL2RyYWZ0LWlydGYtY2ZyZy1ocGtlDQoNCkNvbWJpbmF0aW9uIG9m IG11bHRpcGxlIGFsZ29yaXRobXMgb2YgdGhlIHNhbWUgdHlwZSAoS0VNIG9yIFNpZ25hdHVyZSkN Cg0KaHR0cHM6Ly90b29scy5pZXRmLm9yZy9odG1sL2RyYWZ0LXRqaGFpLWlwc2VjbWUtaHlicmlk LXFza2UtaWtldjINCmh0dHBzOi8vdG9vbHMuaWV0Zi5vcmcvaHRtbC9kcmFmdC1zdGViaWxhLXRs cy1oeWJyaWQtZGVzaWduDQpodHRwczovL3Rvb2xzLmlldGYub3JnL2h0bWwvZHJhZnQtY2FtcGFn bmEtdGxzLWJpa2Utc2lrZS1oeWJyaWQNCmh0dHBzOi8vdG9vbHMuaWV0Zi5vcmcvaHRtbC9kcmFm dC1wcS1wa2l4LXByb2JsZW0tc3RhdGVtZW50DQpodHRwczovL3Rvb2xzLmlldGYub3JnL2h0bWwv ZHJhZnQtdHJ1c2tvdnNreS1sYW1wcy1wcS1oeWJyaWQteDUwOQ0KaHR0cHM6Ly90b29scy5pZXRm Lm9yZy9odG1sL2RyYWZ0LW91bnN3b3J0aC1wcS1jb21wb3NpdGUtc2lncw0KDQpJIHdvdWxkIHN1 Z2dlc3QgdGhhdCBJUlRGL0lFVEYgZG8gbm90IHVzZSB0aGUgd29yZCAnaHlicmlkJyBmb3IgYm90 aCBvZiB0aGVzZSBkaWZmZXJlbnQgbWVhbmluZ3MuIEdpdmVuIHRoYXQgJ2h5YnJpZCcgaXMgcXVp dGUgZXN0YWJsaXNoZWQgZm9yIHRoZSBjb21iaW5hdGlvbiBvZiBLRU0gKyBERU0NCg0KaHR0cHM6 Ly9lbi53aWtpcGVkaWEub3JnL3dpa2kvSHlicmlkX2NyeXB0b3N5c3RlbQ0KDQphbmQgdGhlIHVz ZSBvZiAnaHlicmlkJyBmb3IgUFFDIGlzIHF1aXRlIG5ldyBhbmQgbm90IHlldCB0aGF0IGVzdGFi bGlzaGVkLCBJIHdvdWxkIHN1Z2dlc3QgdGhhdCBJUlRGL0lFVEYgdXNlICdoeWJyaWQnIGZvciBL RU0gKyBERU0gYW5kIGFncmVlIG9uIGFub3RoZXIgdGVybSBmb3IgdGhlIFBRQyB1c2UgY2FzZXMu ICdtdWx0aXBsZS1hbGdvcml0aG1zJyBhbmQgJ2NvbXBvc2l0ZScgaGFzIGJlZW4gbWVudGlvbmVk IGluIGRvY3VtZW50cyBhbmQgZGlzY3Vzc2lvbnMuIEkgd291bGQgYmUgZmluZSB3aXRoIGJvdGgg b2YgdGhlc2UuICdNdWx0aXBsZSBlbmNyeXB0aW9uJyBzZWVtIHRvIGJlIHRoZSBtb3N0IGNvbW1v biB0ZXJtIGZvciBlbmNyeXB0aW5nIHdpdGggc2V2ZXJhbCBhbGdvcml0aG1zLg0KDQpodHRwczov L2VuLndpa2lwZWRpYS5vcmcvd2lraS9NdWx0aXBsZV9lbmNyeXB0aW9uDQoNCkNoZWVycywNCkpv aG4NCg0KDQpfX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fXw0K U2VjZGlzcGF0Y2ggbWFpbGluZyBsaXN0DQpTZWNkaXNwYXRjaEBpZXRmLm9yZzxtYWlsdG86U2Vj ZGlzcGF0Y2hAaWV0Zi5vcmc+DQpodHRwczovL3d3dy5pZXRmLm9yZy9tYWlsbWFuL2xpc3RpbmZv L3NlY2Rpc3BhdGNoDQo= --_000_MN2PR11MB37102B2DF33A10636791EDBA9B5D0MN2PR11MB3710namp_ Content-Type: text/html; charset="utf-8" Content-Transfer-Encoding: base64 PGh0bWwgeG1sbnM6dj0idXJuOnNjaGVtYXMtbWljcm9zb2Z0LWNvbTp2bWwiIHhtbG5zOm89InVy bjpzY2hlbWFzLW1pY3Jvc29mdC1jb206b2ZmaWNlOm9mZmljZSIgeG1sbnM6dz0idXJuOnNjaGVt YXMtbWljcm9zb2Z0LWNvbTpvZmZpY2U6d29yZCIgeG1sbnM6bT0iaHR0cDovL3NjaGVtYXMubWlj cm9zb2Z0LmNvbS9vZmZpY2UvMjAwNC8xMi9vbW1sIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv VFIvUkVDLWh0bWw0MCI+DQo8aGVhZD4NCjxtZXRhIGh0dHAtZXF1aXY9IkNvbnRlbnQtVHlwZSIg Y29udGVudD0idGV4dC9odG1sOyBjaGFyc2V0PXV0Zi04Ij4NCjxtZXRhIG5hbWU9IkdlbmVyYXRv ciIgY29udGVudD0iTWljcm9zb2Z0IFdvcmQgMTUgKGZpbHRlcmVkIG1lZGl1bSkiPg0KPCEtLVtp ZiAhbXNvXT48c3R5bGU+dlw6KiB7YmVoYXZpb3I6dXJsKCNkZWZhdWx0I1ZNTCk7fQ0Kb1w6KiB7 YmVoYXZpb3I6dXJsKCNkZWZhdWx0I1ZNTCk7fQ0Kd1w6KiB7YmVoYXZpb3I6dXJsKCNkZWZhdWx0 I1ZNTCk7fQ0KLnNoYXBlIHtiZWhhdmlvcjp1cmwoI2RlZmF1bHQjVk1MKTt9DQo8L3N0eWxlPjwh W2VuZGlmXS0tPjxzdHlsZT48IS0tDQovKiBGb250IERlZmluaXRpb25zICovDQpAZm9udC1mYWNl DQoJe2ZvbnQtZmFtaWx5OiJDYW1icmlhIE1hdGgiOw0KCXBhbm9zZS0xOjIgNCA1IDMgNSA0IDYg MyAyIDQ7fQ0KQGZvbnQtZmFjZQ0KCXtmb250LWZhbWlseTpDYWxpYnJpOw0KCXBhbm9zZS0xOjIg MTUgNSAyIDIgMiA0IDMgMiA0O30NCi8qIFN0eWxlIERlZmluaXRpb25zICovDQpwLk1zb05vcm1h bCwgbGkuTXNvTm9ybWFsLCBkaXYuTXNvTm9ybWFsDQoJe21hcmdpbjowaW47DQoJbWFyZ2luLWJv dHRvbTouMDAwMXB0Ow0KCWZvbnQtc2l6ZToxMS4wcHQ7DQoJZm9udC1mYW1pbHk6IkNhbGlicmki LHNhbnMtc2VyaWY7fQ0KYTpsaW5rLCBzcGFuLk1zb0h5cGVybGluaw0KCXttc28tc3R5bGUtcHJp b3JpdHk6OTk7DQoJY29sb3I6Ymx1ZTsNCgl0ZXh0LWRlY29yYXRpb246dW5kZXJsaW5lO30NCmE6 dmlzaXRlZCwgc3Bhbi5Nc29IeXBlcmxpbmtGb2xsb3dlZA0KCXttc28tc3R5bGUtcHJpb3JpdHk6 OTk7DQoJY29sb3I6cHVycGxlOw0KCXRleHQtZGVjb3JhdGlvbjp1bmRlcmxpbmU7fQ0KcC5tc29u b3JtYWwwLCBsaS5tc29ub3JtYWwwLCBkaXYubXNvbm9ybWFsMA0KCXttc28tc3R5bGUtbmFtZTpt c29ub3JtYWw7DQoJbXNvLW1hcmdpbi10b3AtYWx0OmF1dG87DQoJbWFyZ2luLXJpZ2h0OjBpbjsN Cgltc28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0bzsNCgltYXJnaW4tbGVmdDowaW47DQoJZm9udC1z aXplOjExLjBwdDsNCglmb250LWZhbWlseToiQ2FsaWJyaSIsc2Fucy1zZXJpZjt9DQpzcGFuLkVt YWlsU3R5bGUxOA0KCXttc28tc3R5bGUtdHlwZTpwZXJzb25hbDsNCglmb250LWZhbWlseToiQ2Fs aWJyaSIsc2Fucy1zZXJpZjsNCgljb2xvcjp3aW5kb3d0ZXh0O30NCnNwYW4uRW1haWxTdHlsZTIx DQoJe21zby1zdHlsZS10eXBlOnBlcnNvbmFsOw0KCWZvbnQtZmFtaWx5OiJDYWxpYnJpIixzYW5z LXNlcmlmOw0KCWNvbG9yOiM3MDMwQTA7DQoJZm9udC13ZWlnaHQ6bm9ybWFsOw0KCWZvbnQtc3R5 bGU6bm9ybWFsOw0KCXRleHQtZGVjb3JhdGlvbjpub25lIG5vbmU7fQ0Kc3Bhbi5FbWFpbFN0eWxl MjINCgl7bXNvLXN0eWxlLXR5cGU6cGVyc29uYWwtY29tcG9zZTsNCglmb250LWZhbWlseToiQ2Fs aWJyaSIsc2Fucy1zZXJpZjsNCgljb2xvcjp3aW5kb3d0ZXh0O30NCi5Nc29DaHBEZWZhdWx0DQoJ e21zby1zdHlsZS10eXBlOmV4cG9ydC1vbmx5Ow0KCWZvbnQtc2l6ZToxMC4wcHQ7fQ0KQHBhZ2Ug V29yZFNlY3Rpb24xDQoJe3NpemU6OC41aW4gMTEuMGluOw0KCW1hcmdpbjo3MC44NXB0IDcwLjg1 cHQgNzAuODVwdCA3MC44NXB0O30NCmRpdi5Xb3JkU2VjdGlvbjENCgl7cGFnZTpXb3JkU2VjdGlv bjE7fQ0KLS0+PC9zdHlsZT48IS0tW2lmIGd0ZSBtc28gOV0+PHhtbD4NCjxvOnNoYXBlZGVmYXVs dHMgdjpleHQ9ImVkaXQiIHNwaWRtYXg9IjEwMjYiIC8+DQo8L3htbD48IVtlbmRpZl0tLT48IS0t W2lmIGd0ZSBtc28gOV0+PHhtbD4NCjxvOnNoYXBlbGF5b3V0IHY6ZXh0PSJlZGl0Ij4NCjxvOmlk bWFwIHY6ZXh0PSJlZGl0IiBkYXRhPSIxIiAvPg0KPC9vOnNoYXBlbGF5b3V0PjwveG1sPjwhW2Vu ZGlmXS0tPg0KPC9oZWFkPg0KPGJvZHkgbGFuZz0iRU4tVVMiIGxpbms9ImJsdWUiIHZsaW5rPSJw dXJwbGUiPg0KPGRpdiBjbGFzcz0iV29yZFNlY3Rpb24xIj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwi PjxzcGFuIHN0eWxlPSJjb2xvcjojNzAzMEEwIj5BcyBhbiBhdXRob3Igb2YgYSBjb3VwbGUgb2Yg dGhlIOKAnGh5YnJpZOKAnSBjZXJ0aWZpY2F0ZSBkcmFmdHMgeW91IG1lbnRpb24sIEkgY2FuIG1h eWJlIGFkZCBzb21lIGNvbnRleHQuPG86cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1z b05vcm1hbCI+PHNwYW4gc3R5bGU9ImNvbG9yOiM3MDMwQTAiPjxvOnA+Jm5ic3A7PC9vOnA+PC9z cGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJjb2xvcjojNzAzMEEw Ij5JbiB0aGUgWC41MDkgY2VydGlmaWNhdGUgc3BhY2UsIHdlIGhhZCBiZWVuIHVzaW5nIHRoZSB3 b3JkIOKAnGh5YnJpZCBjZXJ0aWZpY2F0ZeKAnSB0byByZWZlciB0byBkcmFmdC10cnVza292c2t5 LWxhbXBzLXBxLWh5YnJpZC14NTA5LiBTaW5jZSB0aGlzIGlzIEEpIElQIG93bmVkIGJ5IElTQVJB LCBhbmQgQikgSVNBUkEgaGFzIG5vdyBicmFuZGVkIHRoaXMgYXMgYW4gSVNBUkENCiBDYXRhbHlz dCBBZ2lsZSBEaWdpdGFsIENlcnRpZmljYXRlLCBtYXliZSB0aGF0IHNvbHZlcyB0aGUgcHJvYmxl bSBvZiB0ZXJtLW92ZXJsb2FkaW5nLjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJN c29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJjb2xvcjojNzAzMEEwIj5odHRwczovL3d3dy5pc2FyYS5j b20vY2F0YWx5c3QvPGJyPg0KPGJyPg0KPG86cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9 Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImNvbG9yOiM3MDMwQTAiPldlIGhhdmUgYmVlbiB1c2lu ZyB0aGUgdGVybSDigJxjb21wb3NpdGUgY2VydGlmaWNhdGUgLyBzaWduYXR1cmXigJ0gdG8gcmVm ZXIgdG8gZHJhZnQtb3Vuc3dvcnRoLXBxLWNvbXBvc2l0ZS1zaWdzLiBJZiDigJxjb21wb3NpdGXi gJ0gaXMgZ29pbmcgdG8gYmVjb21lIHRoZSBtb3N0IGdlbmVyaWMgdW1icmVsbGEgdGVybSwgdGhl biBwZXJoYXBzIHdlIG5lZWQgdG8gdGhpbmsgb2YNCiBhIG5ldyBuYW1lIHRvIGF0dGFjaCB0byB0 aGlzIGRyYWZ0PzxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxz cGFuIHN0eWxlPSJjb2xvcjojNzAzMEEwIj48bzpwPiZuYnNwOzwvbzpwPjwvc3Bhbj48L3A+DQo8 ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+LS0tPGJyPg0KTWlrZSBPdW5zd29ydGg8YnI+DQpT b2Z0d2FyZSBTZWN1cml0eSBBcmNoaXRlY3QsIEVudHJ1c3QgRGF0YWNhcmQ8bzpwPjwvbzpwPjwv cD4NCjwvZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImNvbG9yOiM3MDMw QTAiPjxvOnA+Jm5ic3A7PC9vOnA+PC9zcGFuPjwvcD4NCjxkaXY+DQo8ZGl2IHN0eWxlPSJib3Jk ZXI6bm9uZTtib3JkZXItdG9wOnNvbGlkICNFMUUxRTEgMS4wcHQ7cGFkZGluZzozLjBwdCAwaW4g MGluIDBpbiI+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48Yj5Gcm9tOjwvYj4gU2VjZGlzcGF0Y2gg Jmx0O3NlY2Rpc3BhdGNoLWJvdW5jZXNAaWV0Zi5vcmcmZ3Q7IDxiPk9uIEJlaGFsZiBPZg0KPC9i PkpvaG4gTWF0dHNzb248YnI+DQo8Yj5TZW50OjwvYj4gVGh1cnNkYXksIE5vdmVtYmVyIDI4LCAy MDE5IDY6MjYgQU08YnI+DQo8Yj5Ubzo8L2I+IE1hcmtrdS1KdWhhbmkgTy4gU2FhcmluZW4gJmx0 O21qb3NAcHFzaGllbGQuY29tJmd0Ozxicj4NCjxiPkNjOjwvYj4gc2VjZGlzcGF0Y2hAaWV0Zi5v cmc8YnI+DQo8Yj5TdWJqZWN0OjwvYj4gW0VYVEVSTkFMXVJlOiBbU2VjZGlzcGF0Y2hdIFByb2Js ZW0gc3RhdGVtZW50IGZvciBwb3N0LXF1YW50dW0gbXVsdGktYWxnb3JpdGhtIFBLSTxvOnA+PC9v OnA+PC9wPg0KPC9kaXY+DQo8L2Rpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxvOnA+Jm5ic3A7 PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHN0cm9uZz48c3BhbiBsYW5nPSJTViIg c3R5bGU9ImZvbnQtZmFtaWx5OiZxdW90O0NhbGlicmkmcXVvdDssc2Fucy1zZXJpZjtjb2xvcjpy ZWQiPldBUk5JTkc6PC9zcGFuPjwvc3Ryb25nPjxzcGFuIGxhbmc9IlNWIj4gVGhpcyBlbWFpbCBv cmlnaW5hdGVkIG91dHNpZGUgb2YgRW50cnVzdCBEYXRhY2FyZC48YnI+DQo8c3Ryb25nPjxzcGFu IHN0eWxlPSJmb250LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1b3Q7LHNhbnMtc2VyaWY7Y29sb3I6 cmVkIj5ETyBOT1QgQ0xJQ0s8L3NwYW4+PC9zdHJvbmc+IGxpbmtzIG9yIGF0dGFjaG1lbnRzIHVu bGVzcyB5b3UgdHJ1c3QgdGhlIHNlbmRlciBhbmQga25vdyB0aGUgY29udGVudCBpcyBzYWZlLjxv OnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxkaXYgY2xhc3M9Ik1zb05vcm1hbCIgYWxpZ249ImNlbnRl ciIgc3R5bGU9InRleHQtYWxpZ246Y2VudGVyIj48c3BhbiBsYW5nPSJTViI+DQo8aHIgc2l6ZT0i MyIgd2lkdGg9IjEwMCUiIGFsaWduPSJjZW50ZXIiPg0KPC9zcGFuPjwvZGl2Pg0KPHAgY2xhc3M9 Ik1zb05vcm1hbCI+PHNwYW4gbGFuZz0iRU4tR0IiPkkgd291bGQgYmUgZmluZSB3aXRoIHRoZSB3 b3JkIOKAnGNvbXBvc2l0ZeKAnSBmb3IgYm90aCBrZXkgZXN0YWJsaXNobWVudCBhbmQgc2lnbmF0 dXJlcy48bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBs YW5nPSJFTi1HQiI+PG86cD4mbmJzcDs8L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05v cm1hbCI+PHNwYW4gbGFuZz0iRU4tR0IiPkFub3RoZXIgcmVhc29uIOKAnGR1YWzigJ0gaXMgbm90 IGEgZ29vZCBjaG9pY2UgaXMgdGhhdCBtYW55IG9mIHRoZSBzdWdnZXN0ZWQgc29sdXRpb25zIGFs bG93IG1vcmUgdGhhbiB0d28gYWxnb3JpdGhtcy48bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBj bGFzcz0iTXNvTm9ybWFsIj48c3BhbiBsYW5nPSJFTi1HQiI+PG86cD4mbmJzcDs8L286cD48L3Nw YW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gbGFuZz0iRU4tR0IiPkhvcGVmdWxs eSBOSVNUIGFncmVlcyBhbmQgaXMgaGFwcHkgdG8gYWxpZ24gb24gdGVybWlub2xvZ3kgdG9nZXRo ZXIgd2l0aCBJRVRGLiBBcyB5b3UgcG9pbnQgb3V0IHRoZXkgYXJlIGFsc28gdXNpbmcgbXVsdGlw bGUgdGVybXMgbGlrZSDigJxkdWFs4oCdIGFuZCDigJxoeWJyaWTigJ0uPG86cD48L286cD48L3Nw YW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gbGFuZz0iRU4tR0IiPjxvOnA+Jm5i c3A7PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIGxhbmc9IkVO LUdCIj5DaGVlcnMsPG86cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+ PHNwYW4gbGFuZz0iRU4tR0IiPkpvaG48bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0i TXNvTm9ybWFsIj48c3BhbiBsYW5nPSJFTi1HQiI+PG86cD4mbmJzcDs8L286cD48L3NwYW4+PC9w Pg0KPGRpdiBzdHlsZT0iYm9yZGVyOm5vbmU7Ym9yZGVyLXRvcDpzb2xpZCAjQjVDNERGIDEuMHB0 O3BhZGRpbmc6My4wcHQgMGluIDBpbiAwaW4iPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9 Im1hcmdpbi1sZWZ0Oi41aW4iPjxiPjxzcGFuIGxhbmc9IlNWIiBzdHlsZT0iZm9udC1zaXplOjEy LjBwdDtjb2xvcjpibGFjayI+RnJvbToNCjwvc3Bhbj48L2I+PHNwYW4gbGFuZz0iU1YiIHN0eWxl PSJmb250LXNpemU6MTIuMHB0O2NvbG9yOmJsYWNrIj4mcXVvdDtNYXJra3UtSnVoYW5pIE8uIFNh YXJpbmVuJnF1b3Q7ICZsdDs8YSBocmVmPSJtYWlsdG86bWpvc0BwcXNoaWVsZC5jb20iPm1qb3NA cHFzaGllbGQuY29tPC9hPiZndDs8YnI+DQo8Yj5EYXRlOiA8L2I+VGh1cnNkYXksIDI4IE5vdmVt YmVyIDIwMTkgYXQgMTI6MTg8YnI+DQo8Yj5UbzogPC9iPkpvaG4gTWF0dHNzb24gJmx0OzxhIGhy ZWY9Im1haWx0bzpqb2huLm1hdHRzc29uQGVyaWNzc29uLmNvbSI+am9obi5tYXR0c3NvbkBlcmlj c3Nvbi5jb208L2E+Jmd0Ozxicj4NCjxiPkNjOiA8L2I+JnF1b3Q7PGEgaHJlZj0ibWFpbHRvOnNl Y2Rpc3BhdGNoQGlldGYub3JnIj5zZWNkaXNwYXRjaEBpZXRmLm9yZzwvYT4mcXVvdDsgJmx0Ozxh IGhyZWY9Im1haWx0bzpzZWNkaXNwYXRjaEBpZXRmLm9yZyI+c2VjZGlzcGF0Y2hAaWV0Zi5vcmc8 L2E+Jmd0Ozxicj4NCjxiPlN1YmplY3Q6IDwvYj5SZTogW1NlY2Rpc3BhdGNoXSBQcm9ibGVtIHN0 YXRlbWVudCBmb3IgcG9zdC1xdWFudHVtIG11bHRpLWFsZ29yaXRobSBQS0k8bzpwPjwvbzpwPjwv c3Bhbj48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibWFy Z2luLWxlZnQ6LjVpbiI+PHNwYW4gbGFuZz0iU1YiPjxvOnA+Jm5ic3A7PC9vOnA+PC9zcGFuPjwv cD4NCjwvZGl2Pg0KPGRpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibWFy Z2luLWxlZnQ6LjVpbiI+PHNwYW4gbGFuZz0iU1YiPkhpLCA8bzpwPjwvbzpwPjwvc3Bhbj48L3A+ DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1hcmdpbi1sZWZ0Oi41aW4iPjxz cGFuIGxhbmc9IlNWIj48bzpwPiZuYnNwOzwvbzpwPjwvc3Bhbj48L3A+DQo8L2Rpdj4NCjxkaXY+ DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibWFyZ2luLWxlZnQ6LjVpbiI+PHNwYW4gbGFu Zz0iU1YiPkFncmVlIHRoYXQgSHlicmlkIHNob3VsZCBiZSBQS0UvS0VNJm5ic3A7JiM0MzsgREVN LiBUaGF0J3Mgd2hhdCBJIGxlYXJuZWQgaW4gc2Nob29sIGFuZCB0aGF0J3Mgd2hhdCBjcnlwdG9n cmFwaHkgdGV4dGJvb2tzIGhhdmUgc2FpZCBmb3IgZGVjYWRlcyAoYWx0aG91Z2ggdGhlIGN1cnJl bnQgS0VNL0RFTSB0ZXJtaW5vbG9neSBpcyBuZXdlcikuJm5ic3A7PG86cD48L286cD48L3NwYW4+ PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1hcmdpbi1s ZWZ0Oi41aW4iPjxzcGFuIGxhbmc9IlNWIj48bzpwPiZuYnNwOzwvbzpwPjwvc3Bhbj48L3A+DQo8 L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibWFyZ2luLWxlZnQ6LjVp biI+PHNwYW4gbGFuZz0iU1YiPk5vdGUgdGhhdCB0byBhZGQgdG8gdGhlIGNvbmZ1c2lvbiwgTklT VCBkaXNjdXNzZXMgJnF1b3Q7ZHVhbCBzaWduYXR1cmVzJnF1b3Q7IChub3QgdG8gYmUgY29uZnVz ZWQgd2l0aCAxOTkwJ3MgU0VUICZxdW90O2R1YWwgc2lnbmF0dXJlcyZxdW90OykgaW4gdGhlaXIg cHJvcG9zZWQgYW1lbmRtZW50IHRvIHRoZSBOSVNUIFBRQyBGQVEuJm5ic3A7PG86cD48L286cD48 L3NwYW4+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1h cmdpbi1sZWZ0Oi41aW4iPjxzcGFuIGxhbmc9IlNWIj48bzpwPiZuYnNwOzwvbzpwPjwvc3Bhbj48 L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibWFyZ2luLWxl ZnQ6LjVpbiI+PHNwYW4gbGFuZz0iU1YiPkR1c3RpbiBNb29keSAoTklTVCksIE9jdG9iZXIgMzA6 Jm5ic3A7JnF1b3Q7SXMgaXQgcG9zc2libGUgZm9yIGEgZHVhbCBzaWduYXR1cmUgdG8gYmUgdmFs aWRhdGVkIGFjY29yZGluZyB0byBGSVBTIDE0MD8mcXVvdDsmbmJzcDs8YSBocmVmPSJodHRwczov L3Byb3RlY3QyLmZpcmVleWUuY29tL3YxL3VybD9rPThmZTIwMDk3LWQzNjhjYTQ5LThmZTI0MDBj LTg2ODIzZTI3MGE2Mi04NWMwMjg3Y2YwYTFkNzIxJmFtcDtxPTEmYW1wO2U9MzExNzI2MTgtMWU1 My00MDE4LThmODgtZTFkMDY0ZWJlMGY4JmFtcDt1PWh0dHBzJTNBJTJGJTJGZ3JvdXBzLmdvb2ds ZS5jb20lMkZhJTJGbGlzdC5uaXN0LmdvdiUyRmQlMkZtc2clMkZwcWMtZm9ydW0lMkZxUlA2M3Vj V0lncyUyRnJZNVNyXzUyQUFBSiI+aHR0cHM6Ly9ncm91cHMuZ29vZ2xlLmNvbS9hL2xpc3Qubmlz dC5nb3YvZC9tc2cvcHFjLWZvcnVtL3FSUDYzdWNXSWdzL3JZNVNyXzUyQUFBSjwvYT48bzpwPjwv bzpwPjwvc3Bhbj48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHls ZT0ibWFyZ2luLWxlZnQ6LjVpbiI+PHNwYW4gbGFuZz0iU1YiPjxvOnA+Jm5ic3A7PC9vOnA+PC9z cGFuPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtYXJn aW4tbGVmdDouNWluIj48c3BhbiBsYW5nPSJTViI+U2FkbHkgaGlzIGtleS1lc3RhYmxpc2htZW50 IGlzIHN0aWxsICZxdW90O2h5YnJpZCZxdW90Oy4gSG9wZWZ1bGx5IHdlIGNhbiBjaGFuZ2UgdGhp cy48bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9y bWFsIiBzdHlsZT0ibWFyZ2luLWxlZnQ6LjVpbiI+PHNwYW4gbGFuZz0iU1YiPjxvOnA+Jm5ic3A7 PC9vOnA+PC9zcGFuPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0 eWxlPSJtYXJnaW4tbGVmdDouNWluIj48c3BhbiBsYW5nPSJTViI+QSBxdWljayBwb2xsIGluIHRo aXMgcGFydGljdWxhciBvZmZpY2Ugc2VlbXMgdG8gZmF2b3VyIHRoZSB3b3JkICZxdW90O2NvbXBv c2l0ZSZxdW90OyBmb3IgYm90aCBrZXkgZXN0YWJsaXNobWVudCBhbmQgc2lnbmF0dXJlcy4mbmJz cDs8bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9y bWFsIiBzdHlsZT0ibWFyZ2luLWxlZnQ6LjVpbiI+PHNwYW4gbGFuZz0iU1YiPjxvOnA+Jm5ic3A7 PC9vOnA+PC9zcGFuPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0 eWxlPSJtYXJnaW4tbGVmdDouNWluIj48c3BhbiBsYW5nPSJTViI+Q2hlZXJzLDxvOnA+PC9vOnA+ PC9zcGFuPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJt YXJnaW4tbGVmdDouNWluIj48c3BhbiBsYW5nPSJTViI+LSBtYXJra3U8bzpwPjwvbzpwPjwvc3Bh bj48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibWFyZ2lu LWxlZnQ6LjVpbiI+PHNwYW4gbGFuZz0iU1YiPjxiciBjbGVhcj0iYWxsIj4NCjxvOnA+PC9vOnA+ PC9zcGFuPjwvcD4NCjxkaXY+DQo8ZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0 eWxlPSJtYXJnaW4tbGVmdDouNWluIj48c3BhbiBsYW5nPSJTViI+RHIuIE1hcmtrdS1KdWhhbmkg Ty4gU2FhcmluZW4gJmx0OzxhIGhyZWY9Im1haWx0bzptam9zQHBxc2hpZWxkLmNvbSIgdGFyZ2V0 PSJfYmxhbmsiPm1qb3NAcHFzaGllbGQuY29tPC9hPiZndDsgUFFTaGllbGQsIE94Zm9yZCBVSy48 bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8L2Rpdj4NCjwvZGl2Pg0KPC9kaXY+DQo8cCBjbGFzcz0i TXNvTm9ybWFsIiBzdHlsZT0ibWFyZ2luLWxlZnQ6LjVpbiI+PHNwYW4gbGFuZz0iU1YiPjxvOnA+ Jm5ic3A7PC9vOnA+PC9zcGFuPjwvcD4NCjwvZGl2Pg0KPC9kaXY+DQo8cCBjbGFzcz0iTXNvTm9y bWFsIiBzdHlsZT0ibWFyZ2luLWxlZnQ6LjVpbiI+PHNwYW4gbGFuZz0iU1YiPjxvOnA+Jm5ic3A7 PC9vOnA+PC9zcGFuPjwvcD4NCjxkaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5 bGU9Im1hcmdpbi1sZWZ0Oi41aW4iPjxzcGFuIGxhbmc9IlNWIj5PbiBUaHUsIE5vdiAyOCwgMjAx OSBhdCAxMDo0MSBBTSBKb2huIE1hdHRzc29uICZsdDtqb2huLm1hdHRzc29uPTxhIGhyZWY9Im1h aWx0bzo0MGVyaWNzc29uLmNvbUBkbWFyYy5pZXRmLm9yZyI+NDBlcmljc3Nvbi5jb21AZG1hcmMu aWV0Zi5vcmc8L2E+Jmd0OyB3cm90ZTo8bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8L2Rpdj4NCjxi bG9ja3F1b3RlIHN0eWxlPSJib3JkZXI6bm9uZTtib3JkZXItbGVmdDpzb2xpZCAjQ0NDQ0NDIDEu MHB0O3BhZGRpbmc6MGluIDBpbiAwaW4gNi4wcHQ7bWFyZ2luLWxlZnQ6NC44cHQ7bWFyZ2luLXRv cDo1LjBwdDttYXJnaW4tcmlnaHQ6MGluO21hcmdpbi1ib3R0b206NS4wcHQiPg0KPHAgY2xhc3M9 Ik1zb05vcm1hbCIgc3R5bGU9Im1hcmdpbi1sZWZ0Oi41aW4iPjxzcGFuIGxhbmc9IlNWIj5IaSw8 YnI+DQo8YnI+DQpUaGVyZSBhcmUgbm93IHR3byB2ZXJ5IGRpZmZlcmVudCB1c2UgY2FzZXMgb2Yg dGhlIHdvcmQgJ2h5YnJpZCcgYmVpbmcgZGlzY3Vzc2VkIGluIElSVEYvSUVURi4NCjxicj4NCjxi cj4NCkNvbWJpbmF0aW9uIG9mIEtFTSAmIzQzOyBERU06PGJyPg0KPGJyPg0KPGEgaHJlZj0iaHR0 cHM6Ly90b29scy5pZXRmLm9yZy9odG1sL2RyYWZ0LWlydGYtY2ZyZy1ocGtlIiB0YXJnZXQ9Il9i bGFuayI+aHR0cHM6Ly90b29scy5pZXRmLm9yZy9odG1sL2RyYWZ0LWlydGYtY2ZyZy1ocGtlPC9h Pjxicj4NCjxicj4NCkNvbWJpbmF0aW9uIG9mIG11bHRpcGxlIGFsZ29yaXRobXMgb2YgdGhlIHNh bWUgdHlwZSAoS0VNIG9yIFNpZ25hdHVyZSk8YnI+DQo8YnI+DQo8YSBocmVmPSJodHRwczovL3Rv b2xzLmlldGYub3JnL2h0bWwvZHJhZnQtdGpoYWktaXBzZWNtZS1oeWJyaWQtcXNrZS1pa2V2MiIg dGFyZ2V0PSJfYmxhbmsiPmh0dHBzOi8vdG9vbHMuaWV0Zi5vcmcvaHRtbC9kcmFmdC10amhhaS1p cHNlY21lLWh5YnJpZC1xc2tlLWlrZXYyPC9hPjxicj4NCjxhIGhyZWY9Imh0dHBzOi8vdG9vbHMu aWV0Zi5vcmcvaHRtbC9kcmFmdC1zdGViaWxhLXRscy1oeWJyaWQtZGVzaWduIiB0YXJnZXQ9Il9i bGFuayI+aHR0cHM6Ly90b29scy5pZXRmLm9yZy9odG1sL2RyYWZ0LXN0ZWJpbGEtdGxzLWh5YnJp ZC1kZXNpZ248L2E+PGJyPg0KPGEgaHJlZj0iaHR0cHM6Ly90b29scy5pZXRmLm9yZy9odG1sL2Ry YWZ0LWNhbXBhZ25hLXRscy1iaWtlLXNpa2UtaHlicmlkIiB0YXJnZXQ9Il9ibGFuayI+aHR0cHM6 Ly90b29scy5pZXRmLm9yZy9odG1sL2RyYWZ0LWNhbXBhZ25hLXRscy1iaWtlLXNpa2UtaHlicmlk PC9hPjxicj4NCjxhIGhyZWY9Imh0dHBzOi8vdG9vbHMuaWV0Zi5vcmcvaHRtbC9kcmFmdC1wcS1w a2l4LXByb2JsZW0tc3RhdGVtZW50IiB0YXJnZXQ9Il9ibGFuayI+aHR0cHM6Ly90b29scy5pZXRm Lm9yZy9odG1sL2RyYWZ0LXBxLXBraXgtcHJvYmxlbS1zdGF0ZW1lbnQ8L2E+PGJyPg0KPGEgaHJl Zj0iaHR0cHM6Ly90b29scy5pZXRmLm9yZy9odG1sL2RyYWZ0LXRydXNrb3Zza3ktbGFtcHMtcHEt aHlicmlkLXg1MDkiIHRhcmdldD0iX2JsYW5rIj5odHRwczovL3Rvb2xzLmlldGYub3JnL2h0bWwv ZHJhZnQtdHJ1c2tvdnNreS1sYW1wcy1wcS1oeWJyaWQteDUwOTwvYT48YnI+DQo8YSBocmVmPSJo dHRwczovL3Rvb2xzLmlldGYub3JnL2h0bWwvZHJhZnQtb3Vuc3dvcnRoLXBxLWNvbXBvc2l0ZS1z aWdzIiB0YXJnZXQ9Il9ibGFuayI+aHR0cHM6Ly90b29scy5pZXRmLm9yZy9odG1sL2RyYWZ0LW91 bnN3b3J0aC1wcS1jb21wb3NpdGUtc2lnczwvYT48YnI+DQo8YnI+DQpJIHdvdWxkIHN1Z2dlc3Qg dGhhdCBJUlRGL0lFVEYgZG8gbm90IHVzZSB0aGUgd29yZCAnaHlicmlkJyBmb3IgYm90aCBvZiB0 aGVzZSBkaWZmZXJlbnQgbWVhbmluZ3MuIEdpdmVuIHRoYXQgJ2h5YnJpZCcgaXMgcXVpdGUgZXN0 YWJsaXNoZWQgZm9yIHRoZSBjb21iaW5hdGlvbiBvZiBLRU0gJiM0MzsgREVNPGJyPg0KPGJyPg0K PGEgaHJlZj0iaHR0cHM6Ly9lbi53aWtpcGVkaWEub3JnL3dpa2kvSHlicmlkX2NyeXB0b3N5c3Rl bSIgdGFyZ2V0PSJfYmxhbmsiPmh0dHBzOi8vZW4ud2lraXBlZGlhLm9yZy93aWtpL0h5YnJpZF9j cnlwdG9zeXN0ZW08L2E+PGJyPg0KPGJyPg0KYW5kIHRoZSB1c2Ugb2YgJ2h5YnJpZCcgZm9yIFBR QyBpcyBxdWl0ZSBuZXcgYW5kIG5vdCB5ZXQgdGhhdCBlc3RhYmxpc2hlZCwgSSB3b3VsZCBzdWdn ZXN0IHRoYXQgSVJURi9JRVRGIHVzZSAnaHlicmlkJyBmb3IgS0VNICYjNDM7IERFTSBhbmQgYWdy ZWUgb24gYW5vdGhlciB0ZXJtIGZvciB0aGUgUFFDIHVzZSBjYXNlcy4gJ211bHRpcGxlLWFsZ29y aXRobXMnIGFuZCAnY29tcG9zaXRlJyBoYXMgYmVlbiBtZW50aW9uZWQgaW4gZG9jdW1lbnRzIGFu ZCBkaXNjdXNzaW9ucy4NCiBJIHdvdWxkIGJlIGZpbmUgd2l0aCBib3RoIG9mIHRoZXNlLiAnTXVs dGlwbGUgZW5jcnlwdGlvbicgc2VlbSB0byBiZSB0aGUgbW9zdCBjb21tb24gdGVybSBmb3IgZW5j cnlwdGluZyB3aXRoIHNldmVyYWwgYWxnb3JpdGhtcy48YnI+DQo8YnI+DQo8YSBocmVmPSJodHRw czovL2VuLndpa2lwZWRpYS5vcmcvd2lraS9NdWx0aXBsZV9lbmNyeXB0aW9uIiB0YXJnZXQ9Il9i bGFuayI+aHR0cHM6Ly9lbi53aWtpcGVkaWEub3JnL3dpa2kvTXVsdGlwbGVfZW5jcnlwdGlvbjwv YT48YnI+DQo8YnI+DQpDaGVlcnMsPGJyPg0KSm9objxicj4NCjxicj4NCjxicj4NCl9fX19fX19f X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fPGJyPg0KU2VjZGlzcGF0Y2gg bWFpbGluZyBsaXN0PGJyPg0KPGEgaHJlZj0ibWFpbHRvOlNlY2Rpc3BhdGNoQGlldGYub3JnIiB0 YXJnZXQ9Il9ibGFuayI+U2VjZGlzcGF0Y2hAaWV0Zi5vcmc8L2E+PGJyPg0KPGEgaHJlZj0iaHR0 cHM6Ly93d3cuaWV0Zi5vcmcvbWFpbG1hbi9saXN0aW5mby9zZWNkaXNwYXRjaCIgdGFyZ2V0PSJf YmxhbmsiPmh0dHBzOi8vd3d3LmlldGYub3JnL21haWxtYW4vbGlzdGluZm8vc2VjZGlzcGF0Y2g8 L2E+PG86cD48L286cD48L3NwYW4+PC9wPg0KPC9ibG9ja3F1b3RlPg0KPC9kaXY+DQo8L2Rpdj4N CjwvZGl2Pg0KPC9ib2R5Pg0KPC9odG1sPg0K --_000_MN2PR11MB37102B2DF33A10636791EDBA9B5D0MN2PR11MB3710namp_-- From nobody Sun Dec 8 17:46:14 2019 Return-Path: X-Original-To: secdispatch@ietfa.amsl.com Delivered-To: secdispatch@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 024601200CD for ; Sun, 8 Dec 2019 17:46:13 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.899 X-Spam-Level: X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=entrustdatacardcorp.onmicrosoft.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XwPpGKbf11-X for ; Sun, 8 Dec 2019 17:46:10 -0800 (PST) Received: from mx1.entrustdatacard.com (mx1.entrustdatacard.com [204.124.80.220]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5F53912007C for ; Sun, 8 Dec 2019 17:46:09 -0800 (PST) IronPort-SDR: it4+DoEqySBJBVZVgYvma0/8YaKrL8Vd0//gbXbgeolMwlGzn5eGhKteSvqxityB90TK/r7eXQ h5NIU4YMWIeg== X-fn: image001.png X-IronPort-AV: E=Sophos;i="5.69,293,1571720400"; d="png'150?scan'150,208,217,150";a="63324045" Received: from pmspex04.corporate.datacard.com (HELO owa.entrustdatacard.com) ([192.168.211.51]) by pmspesa03inside.corporate.datacard.com with ESMTP/TLS/ECDHE-RSA-AES256-SHA384; 08 Dec 2019 19:46:08 -0600 Received: from PMSPEX04.corporate.datacard.com (192.168.211.51) by PMSPEX04.corporate.datacard.com (192.168.211.51) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Sun, 8 Dec 2019 19:46:08 -0600 Received: from NAM04-CO1-obe.outbound.protection.outlook.com (172.28.1.8) by PMSPEX04.corporate.datacard.com (192.168.211.51) with Microsoft SMTP Server (TLS) id 15.0.1497.2 via Frontend Transport; Sun, 8 Dec 2019 19:46:08 -0600 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=g7mjd5XpaIAkh2LoB0lVTh0fsktZcjESEOc4q9dGYXfHukkEwe+5th8yg4A3kfq54898DJyXVddvFxw8UxGwq6/u10eCUi4NGsaUctsPluNNuMVMiQIk5wAJq0PKeBy3UMJhCsA5j+yuQTR+rpreEdcPR3WyN1fSTab7zOM3ZHwqlcPuqUoHVmAWBLmHUcbgKTl4xL7Fn18bL6aOoKvI6aB/y1agmIOzrOQzk55H2n38f2ISey72pckZyWP3c2D5qY8uWN87KkH1Vfw2HZHF9KqIJa3hvxwUjUZhBbw0b2e/cnruVmfddHLAbfxpCAFgE3yADve1UBT1WN5hht/isw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=KLz0yRLT3tt5NFLyFn0pjWWERq5tjL1IjHelXV51Z0w=; b=Aoa5RngOozypYoGH6mduIAi3zbubvykk7k157Wm3E3OFVy8Yp79beiERVDgqmhyVOLx9OS7aZSd1a1RNvG4VtqaAOtX+y1eoLTs7nYXUf2SjcwT4crDU3GRrjFLYopSztR0AVJhA0b8FW6ULV55eF22b/ynNvtaHt96cjMD1yMR84Vnsj3tCkkfmRrOrTJLbn1jzqHXb/dc9aF8R8H8DvwK5ANNd10nmJUZ78iNYQAxv65IZ2yfBA1Fq/l2Q7L1Wa/oYrnUGv9ItD2X8dZOkLM10EMFowWHLuzNDAvrgE4IugBRqdxsHYIZY7THOVfYWdSYTkgXqexZzyZ/x2yBWpw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=entrustdatacard.com; dmarc=pass action=none header.from=entrustdatacard.com; dkim=pass header.d=entrustdatacard.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=entrustdatacardcorp.onmicrosoft.com; s=selector1-entrustdatacardcorp-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=KLz0yRLT3tt5NFLyFn0pjWWERq5tjL1IjHelXV51Z0w=; b=PZgN4EzOb1jeSvKzzy8RgP/5+4oXmQ4gHiY2J08n+Q9k6FYzP/jTJgQMCouFtzfdEfWbz7n1vwzsnvAdrnvb6aU4OpZVL914aMqb+R7hXsjOeiCchqaDG6BWXC2pDN7CwBy+fa81Gio6a48sOUIZC3UkbcxBvQeKb7jI5ORL6t8= Received: from MN2PR11MB3710.namprd11.prod.outlook.com (20.178.252.147) by MN2PR11MB4445.namprd11.prod.outlook.com (52.135.37.87) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2516.14; Mon, 9 Dec 2019 01:46:07 +0000 Received: from MN2PR11MB3710.namprd11.prod.outlook.com ([fe80::6525:fc5b:ffbb:acd]) by MN2PR11MB3710.namprd11.prod.outlook.com ([fe80::6525:fc5b:ffbb:acd%3]) with mapi id 15.20.2516.018; Mon, 9 Dec 2019 01:46:07 +0000 From: Mike Ounsworth To: Eric Rescorla , "Dr. Pala" CC: IETF SecDispatch , Stephen Farrell Thread-Topic: [EXTERNAL]Re: [Secdispatch] Clarification Question for the Comment from Eric Rescorla ( Thread-Index: AQHVnyMsoa9rw3Ho8k+R4BlhE/oAB6eTRrIAgABhhwCAAAHuAIAVC4WQ Date: Mon, 9 Dec 2019 01:46:06 +0000 Message-ID: References: <12eed4ff-edd2-7f70-9460-fc86dcbab927@openca.org> <7999ebac-c9c1-eb4f-d9f7-2ba814a3b331@cs.tcd.ie> <78997490-c5ae-c856-6e26-0f79c7733ca3@openca.org> In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: yes X-MS-TNEF-Correlator: authentication-results: spf=none (sender IP is ) smtp.mailfrom=Mike.Ounsworth@entrustdatacard.com; x-originating-ip: [23.233.26.137] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 95f2860b-a826-4525-0bf9-08d77c498f08 x-ms-traffictypediagnostic: MN2PR11MB4445: x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:10000; x-forefront-prvs: 02462830BE x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(396003)(346002)(366004)(39840400004)(136003)(376002)(199004)(189003)(51444003)(4326008)(2906002)(102836004)(8936002)(26005)(8676002)(9686003)(76176011)(54896002)(74316002)(33656002)(6506007)(229853002)(5660300002)(186003)(71200400001)(71190400001)(790700001)(53546011)(81166006)(81156014)(66446008)(64756008)(110136005)(7696005)(316002)(66476007)(54906003)(66574012)(99286004)(76116006)(52536014)(66946007)(66616009)(86362001)(66556008)(478600001)(55016002); DIR:OUT; SFP:1102; SCL:1; SRVR:MN2PR11MB4445; H:MN2PR11MB3710.namprd11.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1; x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: WF3K8/Omo1NsmPtt9bEFI37R2Qp/nXbBnV1wjOPvPIOMmhd3Ki+lg4WMc+bx6zlP4DuFNW8n/qlf21u2Bn8FkxMILCzzGJ4CX7J3mErbcFPbLfH+8yrt58hYvbeu7BGiNFzWNHZ6hnGPDcFNCFsn5xyBVLzJn+iYDsGqVPBGZQ3b3+dMuuk0aOX+ItCszC7UBQn70ji3yJYo34PXal2jpFT0m+J4Ey7izZ/cHMcT3squtn0Wi/7V0UYwgdg2kODUcT5TLgUh5jsP/etPuOuCL6L0dMpa0ddHEW2iZSjdOatd4k6t8XcJodwp0mVb4ZM84rP6g8F+ZbMYX3CW7p1n2LE/3BD1BtdLI/g00udzv7euYFFoXX7IPYkwa8JiugAmw5mRJbh/Y7yWEsWlxi8G4hNpZH1MYRf+W+xhb+iR0ZqZUA7b5rkevOJhf6sjP8kVNtOckrw1PcPqvry7ncPhXYjrFTaxw4sT94+3ci4WE/2PzPWxVh0IIULlvyBEC6yb x-ms-exchange-transport-forked: True Content-Type: multipart/related; boundary="_004_MN2PR11MB3710195708AAA808B3D08EC29B580MN2PR11MB3710namp_"; type="multipart/alternative" MIME-Version: 1.0 X-MS-Exchange-CrossTenant-Network-Message-Id: 95f2860b-a826-4525-0bf9-08d77c498f08 X-MS-Exchange-CrossTenant-originalarrivaltime: 09 Dec 2019 01:46:06.7562 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: f46cf439-27ef-4acf-a800-15072bb7ddc1 X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: NOz8ZugNKPS189RgRflqN0BPkNtLAj05VELvzWkqQBt7XcbqDnDVIsT8Bk7o1LUhxQleQSTe3ammxOuPiyx9xjiD0jtNnps3yBS6R/lcO29XbfVPGfNaxbLx7/eu9T7f X-MS-Exchange-Transport-CrossTenantHeadersStamped: MN2PR11MB4445 X-OriginatorOrg: entrustdatacard.com Archived-At: Subject: Re: [Secdispatch] [EXTERNAL]Re: Clarification Question for the Comment from Eric Rescorla ( X-BeenThere: secdispatch@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Dispatch List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 09 Dec 2019 01:46:13 -0000 --_004_MN2PR11MB3710195708AAA808B3D08EC29B580MN2PR11MB3710namp_ Content-Type: multipart/alternative; boundary="_000_MN2PR11MB3710195708AAA808B3D08EC29B580MN2PR11MB3710namp_" --_000_MN2PR11MB3710195708AAA808B3D08EC29B580MN2PR11MB3710namp_ Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 SGkgRWtyLCBNYXgsIFN0ZXBoZW4sDQoNCldlIHRyaWVkIHRvIGRlc2lnbiB0aGUgcHJvcG9zZWQg Q29tcG9zaXRlQ3J5cHRvIHNvbHV0aW9uIHRvIGJlIGFzIGdlbmVyaWMgYW5kIGdlbmVyYWwgYXMg cG9zc2libGUuIER1cmluZyBkZXNpZ24sIHdlIHdhbnRlZCBzb21ldGhpbmcgdGhhdCB3b3VsZCB3 b3JrIOKAnGdlbmVyaWNhbGx5IHdlbGzigJ0gYWNyb3NzIGFsbCBBU04uMS1iYXNlZCB1c2UtY2Fz ZXM6IFBLSVggKFguNTA5LCBDUkwsIENNUCwgQ01TIFMvTUlNRSksIE9DU1AgLCBQS0NTIz8sIFBJ ViBzbWFydCBjYXJkcywgY29kZS1zaWduaW5nLCBldGMuDQoNCkFzIE1heCBzYWlkLCBpdOKAmXMg Y2VydGFpbmx5IHBvc3NpYmx5IHRvIGRlc2lnbiBhIG1vcmUgZWxlZ2FudCBzb2x1dGlvbiBieSB0 YWlsb3JpbmcgaXQgdG8gb25lIHVzZS1jYXNlIChmb3IgZXhhbXBsZSBieSBjb25zaWRlcmluZyBt ZWNoYW5pc21zIGF2YWlsYWJsZSBpbiBhIG5lZ290aWF0ZWQgcHJvdG9jb2wpLiBIb3dldmVyLCBh cyBjb21wYW5pZXMgd2hvIGltcGxlbWVudCBnZW5lcmFsLXB1cnBvc2UgQ2VydGlmaWNhdGUgQXV0 aG9yaXRpZXMsIHdl4oCZcmUgbG9va2luZyBmb3IgYSBtb3JlIG9uZS1zaXplLWZpdHMtbW9zdCBz b2x1dGlvbi4NCg0KSWYgV2ViUEtJIGFuZCBDQS9CIEZvcnVtIHdhbnRzIHRvIHRha2UgbW9yZSB0 aW1lIC0tIHBvc3NpYmx5IGV2ZW4gd2FpdGluZyBvdXQgdGhpcyBwcm9ibGVtIOKAkyBJIGhvcGUg dGhhdCBkb2VzbuKAmXQgcHJlY2x1ZGUgYSBwdXNoIGZvciBhIG1vcmUgaW1tZWRpYXRlIHNvbHV0 aW9uLg0KDQoNCkFzIGZvciDigJx3aHkgbm934oCdOiBNYXggaGFzIHNwb2tlbiBhdCBsZW5ndGgg YWJvdXQgRE9DU0lTIGNhYmxlIG1vZGVtcyB3aG8gd2FudCB0byBiZWdpbiBkZXBsb3lpbmcgbXVs dGktYWxnb3JpdGhtLWNhcGFibGUgZGV2aWNlcywgbGlrZSBub3cuIFRoZXJlIGFyZSBhbHNvIG90 aGVyIGNsb3NlZCBQS0kgZW52aXJvbm1lbnRzICh0aGluayBoZXRlcm9nZW5vdXMgY29ycG9yYXRl IFBLSXMgcHJvdmlkaW5nIGNlcnRzIGZvciBlbWFpbCwgcGh5c2ljYWwgYnVpbGRpbmcgYWNjZXNz LCBXaW5kb3dzIHNtYXJ0LWNhcmQgbG9naW4sIGV0Yykgd2hlcmUgdGhlIGN1c3RvbWVyLWRlbWFu ZGVkIHRpbWVsaW5lcyBmb3IgY2xhc3NpY2FsK1BRIHNvbHV0aW9ucyBhcmUgdG9vIHNob3J0IHRv IHdhaXQgZm9yIGVhY2ggcHJvYmxlbSBkb21haW4gdG8gc3RhbmRhcmRpemUgYW4gb3B0aW1pemVk IG11bHRpLWFsZyBjZXJ0IHN0YW5kYXJkIChwbHVzIHRoaW5rIG9mIHRoZSBoZWFkYWNoZSBpZiB3 ZSBmcmFjdHVyZSBpbnRvIGRvemVucyBvZiBkaWZmZXJlbnQgY2VydCBmb3JtYXRzISkuDQoNCkFz IHlvdSBzYXkgRWtyLCBtYXliZSB0aGUgc29sdXRpb24gaXMgdG8gdXNlIGhhc2gtYmFzZWQgdW50 aWwgd2XigJlyZSByZWFkeSB0byBtaWdyYXRlIHdob2xlc2FsZSB0byBhIHNpbmdsZSBOSVNULWNy b3duZWQgYWxnb3JpdGhtLCBidXQgdGhpcyBpcyBub3QgdGhlIG9waW5pb24gdGhhdCBJ4oCZbSBo ZWFyaW5nIGZyb20gdGhlIGNvbW11bml0eSBhcm91bmQgdGhlIE5JU1QgUFFDLCBub3IgZnJvbSBt eSBjdXN0b21lcnMgd2hvIHdhbnQgZ3JlYXRlciBhZ2lsaXR5LCBub3QgbW9yZSByZXN0cmljdGlv bnMuIEhlbmNlIHRoaXMgZ2VuZXJpYyBhbmQgZmxleGlibGUgQ29tcG9zaXRlQ3J5cHRvIGRyYWZ0 Lg0KDQoNClRMO0RSOiBDb21wb3NpdGVDcnlwdG8gbWF5IG5vdCBiZSB0aGUgZm9yZXZlciBzb2x1 dGlvbiBmb3IgYWxsIHVzZS1jYXNlcywgYnV0IGl0IHdvdWxkIGdpdmUgdXMgc29tZXRoaW5nIHdl IGNhbiBzdGFydCB1c2luZyBzb29uIGFzIGEgdHJhbnNpdGlvbiBtZWNoYW5pc20sIHRoYXQgd2Ug aGF2ZSBjb25maWRlbmNlIHdpbGwgYmUgcmVsYXRpdmVseSBwcm9ibGVtLWZyZWUgYWNyb3NzIHRo ZSBicmVhZHRoIG9mIFBLSSBwcm9ibGVtIHNwYWNlcy4NCg0KLSAtIC0NCk1pa2UgT3Vuc3dvcnRo DQoNCkZyb206IFNlY2Rpc3BhdGNoIDxzZWNkaXNwYXRjaC1ib3VuY2VzQGlldGYub3JnPiBPbiBC ZWhhbGYgT2YgRXJpYyBSZXNjb3JsYQ0KU2VudDogV2VkbmVzZGF5LCBOb3ZlbWJlciAyMCwgMjAx OSAxOjI5IEFNDQpUbzogRHIuIFBhbGEgPG1hZHdvbGZAb3BlbmNhLm9yZz4NCkNjOiBJRVRGIFNl Y0Rpc3BhdGNoIDxzZWNkaXNwYXRjaEBpZXRmLm9yZz47IFN0ZXBoZW4gRmFycmVsbCA8c3RlcGhl bi5mYXJyZWxsQGNzLnRjZC5pZT4NClN1YmplY3Q6IFtFWFRFUk5BTF1SZTogW1NlY2Rpc3BhdGNo XSBDbGFyaWZpY2F0aW9uIFF1ZXN0aW9uIGZvciB0aGUgQ29tbWVudCBmcm9tIEVyaWMgUmVzY29y bGEgKA0KDQpXQVJOSU5HOiBUaGlzIGVtYWlsIG9yaWdpbmF0ZWQgb3V0c2lkZSBvZiBFbnRydXN0 IERhdGFjYXJkLg0KRE8gTk9UIENMSUNLIGxpbmtzIG9yIGF0dGFjaG1lbnRzIHVubGVzcyB5b3Ug dHJ1c3QgdGhlIHNlbmRlciBhbmQga25vdyB0aGUgY29udGVudCBpcyBzYWZlLg0KX19fX19fX19f X19fX19fX19fX19fX19fX19fX19fX18NCkhpIE1heCwNCg0KSSdtIG5vdCBwcmVzZW50bHkgdGFr aW5nIGEgcG9zaXRpb24gb24gd2hldGhlciB0aGlzIHdvcmsgc2hvdWxkIHByb2NlZWQgaW4gYSBn ZW5lcmFsIG1hdHRlcjsgSSBoYXZlbid0IHRob3VnaHQgaXQgdGhyb3VnaCBlbm91Z2ggdG8gaGF2 ZSBhbiBvcGluaW9uLg0KDQpXaGF0IEkgd2FzIHRyeWluZyB0byBzYXkgaW4gdGhlIG1lZXRpbmcg aXMgdGhhdCBJIGRvbid0IHRoaW5rIHRoaXMgaXMgcHJvYmFibHkgdG8gYmUgb2YgbXVjaCB1c2Ug aW4gdGhlIFdlYlBLSSBhdCB0aGlzIHRpbWUuDQoNCi1Fa3INCg0KDQpPbiBUdWUsIE5vdiAxOSwg MjAxOSBhdCAxMToyMiBQTSBEci4gUGFsYSA8bWFkd29sZkBvcGVuY2Eub3JnPG1haWx0bzptYWR3 b2xmQG9wZW5jYS5vcmc+PiB3cm90ZToNCg0KSGkgU3RlcGhlbiwgYWxsLA0KDQpJIGp1c3Qgd2Fu dCB0byBhZGQgYSBxdWljayBjb25zaWRlcmF0aW9uIGhlcmUuIFdlIHdvcmsgd2l0aCBoYXJkd2Fy ZSB0aGF0IGlzIGRlcGxveWVkIGF0IHRoZSBjdXN0b21lcidzIGhvbWVzLCBvZmZpY2VzLCBldGMu IFdoZW4gcGxhbm5pbmcgZm9yIG91ciBpbm5vdmF0aW9uIHRvIGhpdCB0aGUgbmV0d29ya3MsIHdl IG5lZWQgdG8gcGxhbiB5ZWFycyBpbiBhZHZhbmNlIC0gdGhpcyBpcyBub3Qgc29tZXRoaW5nIHdl IGRlYWwgd2l0aCBpbiB1bml2ZXJzaXRpZXMsIGJ1dCwgSSBhc3N1cmUgeW91LCBpdCByZXF1aXJl cyBhIGxvdCBtb3JlIHBsYW5uaW5nIHRoYW4geW91IG1pZ2h0IGJlIHVzZWQgdG8uDQoNCkkgZG8g ZGlzYWdyZWUgd2l0aCB0aGUgZmFjdCB0aGF0IHdoYXQgd2UgYXJlIGRvaW5nIGRvZXNuJ3QgcmVh bGx5IGhlbHAgdGhhdCBtdWNoLiBUaGUgcHJvcG9zZWQgYXBwcm9hY2ggZG9lcyBwcm92aWRlIGEg c29sdXRpb24gdGhhdCwgYWx0aG91Z2ggaXQgbWlnaHQgbm90IGJlIG9wdGltaXplZCwgaXQgd29y a3MuDQoNCk90aGVyIHNvbHV0aW9ucyBtaWdodCBjb21lIGFmdGVyd2FyZHMgdGhhdCBwcm92aWRl IChwcm9iYWJseSBtb3JlIGNvbXBsZXgpIG9wdGltaXplZCBwYXRocyAobWF5YmUgVExTIDIuMCB3 aWxsIGJlIHF1aXRlIGRpZmZlcmVudCBiZWNhdXNlIGl0cyBkZXNpZ24gd2lsbCBjb3ZlciB0aGUg bmV3IGRlc2lnbiByZXF1aXJlbWVudHMpLiBBbm90aGVyIHBvc3NpYmlsaXR5IGlzIHRoYXQgYXBw bGljYXRpb24gc3BlY2lmaWMgd291bGQgZGVmaW5lIHRoZWlyIG93biBjb2RlIHBvaW50czogdGhl ICJDb21wb3NpdENyeXB0byIgYWxnb3JpdGhtIE9JRCB3aWxsIGFsbG93IHRvIGNvbWJpbmUgYW55 IGFsZ29yaXRobXMuIEFwcGxpY2F0aW9ucyBjYW4gdGhlbiBkZWZpbmUgdGhlaXIgb3duIGNvZGUt cG9pbnRzIHRoYXQgdGhleSBhY2NlcHQgYnkgc2ltcGx5IGRlZmluaW5nIHRoZSBhcHByb3ByaWF0 ZSBPSUQgZm9yIHRoZSBhbGdvcml0aG0gaWRlbnRpZmVyLiBGb3IgZXhhbXBsZSwgd2hlbiBhbmQg aWYgVExTLCBmb3IgZXhhbXBsZSwgd291bGQgbGlrZSB0byBkZWZpbmUgaXRzIG93biBjb21iaW5h dGlvbiBvZiBhbGdvcml0aG1zLCBhIHNldCBvZiBzcGVjaWZpYyBjb2RlLXBvaW50cyBjYW4gYmUg ZGVmaW5lZCBmb3IgdGhhdC4NCg0KQ29taW5nIGJhY2sgdG8gZGVsYXlpbmcgdGhlIHdvcmsgLSBJ IHRoaW5rIGl0IGlzIHdyb25nIGFuZCBJIHdvdWxkIGxpa2UgdG8gdW5kZXJzdGFuZCB3aHkgeW91 IHRoaW5rIGl0IGlzIGEgZ29vZCBpZGVhLg0KDQogICogICBXZSBoYXZlIHRoZSBpbnRlcmVzdCBv ZiBhbiBpbmR1c3RyeSBzZWN0b3INCiAgKiAgIFBsdXMsIHRoZXJlIGhhcyBiZWVuIHN1cHBvcnQg b24gdGhlIE1McyBmb3Igbm90IGRlbGF5aW5nIHRoZSB3b3JrIGFueSBmdXJ0aGVyDQogICogICBQ bHVzLCB0aGlzIHdvcmsgaXMgcHJlc2VudGVkIGJ5IGEgY29tbWl0dGVkIHNldCBvZiBDb21wYW5p ZXMgdGhhdCBoYXZlIHJlYWwgaW50ZXJlc3QgaW4gdXNpbmcgdGhpcyB0ZWNobm9sb2d5IHRvIHBy b3RlY3QgdGhlIFBLSXMgdGhhdCBzZWN1cmUgdGhlIGludGVybmV0IGNvbm5lY3Rpdml0eSBmb3Ig aHVuZHJlZHMgb2YgbWlsbGlvbnMgb2YgdXNlcnMuDQogICogICBQbHVzLCB0aGUgcHJvYmxlbSBo YXMgYmVlbiBhbHJlYWR5IGFkZHJlc3NlZCBpbiBvdGhlciBpbnN0aXR1dGlvbnMgKElUVS1UKSAt IHRodXMgaW5kaWNhdGluZyB0aGF0IElFVEYgaXMgZmFsbGluZyBiZWhpbmQgb24gdGhpcyB0b3Bp Yy4NCiAgKiAgIFBsdXMsIHdlIGFyZSBpbiBjb250YWN0IHdpdGggTklTVCB0byBwb3NzaWJseSBj b2xsYWJvcmF0ZSBvbiByZWFsLXdvcmxkIGRlcGxveW1lbnQgb2YgUVJDIGJ5IHVzaW5nIENvbXBv c2l0ZSBDcnlwdG8uDQoNCkkgdGhpbmsgdGhhdCBibG9ja2luZyBvciBzdGFsbGluZyB0aGlzIHdv cmsgd2l0aGluIHRoZSBJRVRGIGRvZXMgbm90IG1ha2UgYW55IHNlbnNlLiBJZiB0aGVyZSBhcmUg b3RoZXIgY29tcGV0aW5nL2NvbXBlbGxpbmcgcHJvcG9zYWxzLCBwbGVhc2UgbGV0J3MgdGFsayBh Ym91dCB0aGF0IGFuZCBmaW5kIGEgY29tbW9uIHNvbHV0aW9uIHdlIHN0YW5kYXJkaXplLiBJIHBl cnNvbmFsbHkgZG8gbm90IHRoaW5rIHRoYXQgIlNvbWV0aW1lcyB3YWl0aW5nIGlzIGEgbGl0dGxl IGJldHRlciIgaXMgYSB2YWxpZCBhcmd1bWVudC4NCg0KSWYgeW91IGhhdmUgdGVjaG5pY2FsIHJl YXNvbnMgYXMgdG8gd2h5IHRoaXMgd29yayBzaGFsbCBub3QgcHJvY2VlZCwgcGxlYXNlIGxldCB1 cyBrbm93LCB3ZSB3YW50IHRvIGRlcGxveSB0aGUgYmVzdCBzb2x1dGlvbiBwb3NzaWJsZS4NCg0K VGhhbmtzLA0KTWF4DQoNCg0KT24gMTEvMjAvMTkgOTozMyBBTSwgU3RlcGhlbiBGYXJyZWxsIHdy b3RlOg0KDQpPbiAxOS8xMS8yMDE5IDIxOjQ4LCBFcmljIFJlc2NvcmxhIHdyb3RlOg0KDQpCdXQg dW50aWwgd2UgYXJlIHByZXBhcmVkIHRvIGRvIHRoYXQsIHRoZW4gZGVmaW5pbmcgdGhlDQoNCnBy b3RvY29sIHN5bnRheCBkb2Vzbid0IHJlYWxseSBoZWxwIHRoYXQgbXVjaC4NCg0KKzENCg0KDQoN ClNvbWV0aW1lcyB3YWl0aW5nIGEgYml0IGlzIGJldHRlcjotKQ0KDQoNCg0KUy4NCi0tDQpCZXN0 IFJlZ2FyZHMsDQpNYXNzaW1pbGlhbm8gUGFsYSwgUGguRC4NCk9wZW5DQSBMYWJzIERpcmVjdG9y DQpbT3BlbkNBIExvZ29dDQo= --_000_MN2PR11MB3710195708AAA808B3D08EC29B580MN2PR11MB3710namp_ Content-Type: text/html; charset="utf-8" Content-Transfer-Encoding: base64 PGh0bWwgeG1sbnM6dj0idXJuOnNjaGVtYXMtbWljcm9zb2Z0LWNvbTp2bWwiIHhtbG5zOm89InVy bjpzY2hlbWFzLW1pY3Jvc29mdC1jb206b2ZmaWNlOm9mZmljZSIgeG1sbnM6dz0idXJuOnNjaGVt YXMtbWljcm9zb2Z0LWNvbTpvZmZpY2U6d29yZCIgeG1sbnM6bT0iaHR0cDovL3NjaGVtYXMubWlj cm9zb2Z0LmNvbS9vZmZpY2UvMjAwNC8xMi9vbW1sIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv VFIvUkVDLWh0bWw0MCI+DQo8aGVhZD4NCjxtZXRhIGh0dHAtZXF1aXY9IkNvbnRlbnQtVHlwZSIg Y29udGVudD0idGV4dC9odG1sOyBjaGFyc2V0PXV0Zi04Ij4NCjxtZXRhIG5hbWU9IkdlbmVyYXRv ciIgY29udGVudD0iTWljcm9zb2Z0IFdvcmQgMTUgKGZpbHRlcmVkIG1lZGl1bSkiPg0KPCEtLVtp ZiAhbXNvXT48c3R5bGU+dlw6KiB7YmVoYXZpb3I6dXJsKCNkZWZhdWx0I1ZNTCk7fQ0Kb1w6KiB7 YmVoYXZpb3I6dXJsKCNkZWZhdWx0I1ZNTCk7fQ0Kd1w6KiB7YmVoYXZpb3I6dXJsKCNkZWZhdWx0 I1ZNTCk7fQ0KLnNoYXBlIHtiZWhhdmlvcjp1cmwoI2RlZmF1bHQjVk1MKTt9DQo8L3N0eWxlPjwh W2VuZGlmXS0tPjxzdHlsZT48IS0tDQovKiBGb250IERlZmluaXRpb25zICovDQpAZm9udC1mYWNl DQoJe2ZvbnQtZmFtaWx5OldpbmdkaW5nczsNCglwYW5vc2UtMTo1IDAgMCAwIDAgMCAwIDAgMCAw O30NCkBmb250LWZhY2UNCgl7Zm9udC1mYW1pbHk6U2ltU3VuOw0KCXBhbm9zZS0xOjIgMSA2IDAg MyAxIDEgMSAxIDE7fQ0KQGZvbnQtZmFjZQ0KCXtmb250LWZhbWlseToiQ2FtYnJpYSBNYXRoIjsN CglwYW5vc2UtMToyIDQgNSAzIDUgNCA2IDMgMiA0O30NCkBmb250LWZhY2UNCgl7Zm9udC1mYW1p bHk6Q2FsaWJyaTsNCglwYW5vc2UtMToyIDE1IDUgMiAyIDIgNCAzIDIgNDt9DQpAZm9udC1mYWNl DQoJe2ZvbnQtZmFtaWx5OkNvbnNvbGFzOw0KCXBhbm9zZS0xOjIgMTEgNiA5IDIgMiA0IDMgMiA0 O30NCkBmb250LWZhY2UNCgl7Zm9udC1mYW1pbHk6IlxAU2ltU3VuIjsNCglwYW5vc2UtMToyIDEg NiAwIDMgMSAxIDEgMSAxO30NCi8qIFN0eWxlIERlZmluaXRpb25zICovDQpwLk1zb05vcm1hbCwg bGkuTXNvTm9ybWFsLCBkaXYuTXNvTm9ybWFsDQoJe21hcmdpbjowY207DQoJbWFyZ2luLWJvdHRv bTouMDAwMXB0Ow0KCWZvbnQtc2l6ZToxMS4wcHQ7DQoJZm9udC1mYW1pbHk6IkNhbGlicmkiLHNh bnMtc2VyaWY7fQ0KYTpsaW5rLCBzcGFuLk1zb0h5cGVybGluaw0KCXttc28tc3R5bGUtcHJpb3Jp dHk6OTk7DQoJY29sb3I6Ymx1ZTsNCgl0ZXh0LWRlY29yYXRpb246dW5kZXJsaW5lO30NCmE6dmlz aXRlZCwgc3Bhbi5Nc29IeXBlcmxpbmtGb2xsb3dlZA0KCXttc28tc3R5bGUtcHJpb3JpdHk6OTk7 DQoJY29sb3I6cHVycGxlOw0KCXRleHQtZGVjb3JhdGlvbjp1bmRlcmxpbmU7fQ0KcHJlDQoJe21z by1zdHlsZS1wcmlvcml0eTo5OTsNCgltc28tc3R5bGUtbGluazoiSFRNTCBQcmVmb3JtYXR0ZWQg Q2hhciI7DQoJbWFyZ2luOjBjbTsNCgltYXJnaW4tYm90dG9tOi4wMDAxcHQ7DQoJZm9udC1zaXpl OjEwLjBwdDsNCglmb250LWZhbWlseToiQ291cmllciBOZXciO30NCnNwYW4uSFRNTFByZWZvcm1h dHRlZENoYXINCgl7bXNvLXN0eWxlLW5hbWU6IkhUTUwgUHJlZm9ybWF0dGVkIENoYXIiOw0KCW1z by1zdHlsZS1wcmlvcml0eTo5OTsNCgltc28tc3R5bGUtbGluazoiSFRNTCBQcmVmb3JtYXR0ZWQi Ow0KCWZvbnQtZmFtaWx5OkNvbnNvbGFzO30NCnAubXNvbm9ybWFsMCwgbGkubXNvbm9ybWFsMCwg ZGl2Lm1zb25vcm1hbDANCgl7bXNvLXN0eWxlLW5hbWU6bXNvbm9ybWFsOw0KCW1zby1tYXJnaW4t dG9wLWFsdDphdXRvOw0KCW1hcmdpbi1yaWdodDowY207DQoJbXNvLW1hcmdpbi1ib3R0b20tYWx0 OmF1dG87DQoJbWFyZ2luLWxlZnQ6MGNtOw0KCWZvbnQtc2l6ZToxMS4wcHQ7DQoJZm9udC1mYW1p bHk6IkNhbGlicmkiLHNhbnMtc2VyaWY7fQ0Kc3Bhbi5FbWFpbFN0eWxlMjANCgl7bXNvLXN0eWxl LXR5cGU6cGVyc29uYWw7DQoJZm9udC1mYW1pbHk6IkNhbGlicmkiLHNhbnMtc2VyaWY7DQoJY29s b3I6IzcwMzBBMDsNCglmb250LXdlaWdodDpub3JtYWw7DQoJZm9udC1zdHlsZTpub3JtYWw7DQoJ dGV4dC1kZWNvcmF0aW9uOm5vbmUgbm9uZTt9DQpzcGFuLkVtYWlsU3R5bGUyMQ0KCXttc28tc3R5 bGUtdHlwZTpwZXJzb25hbC1jb21wb3NlOw0KCWZvbnQtZmFtaWx5OiJDYWxpYnJpIixzYW5zLXNl cmlmOw0KCWNvbG9yOndpbmRvd3RleHQ7fQ0KLk1zb0NocERlZmF1bHQNCgl7bXNvLXN0eWxlLXR5 cGU6ZXhwb3J0LW9ubHk7DQoJZm9udC1zaXplOjEwLjBwdDsNCglmb250LWZhbWlseToiQ2FsaWJy aSIsc2Fucy1zZXJpZjt9DQpAcGFnZSBXb3JkU2VjdGlvbjENCgl7c2l6ZTo2MTIuMHB0IDc5Mi4w cHQ7DQoJbWFyZ2luOjcyLjBwdCA3Mi4wcHQgNzIuMHB0IDcyLjBwdDt9DQpkaXYuV29yZFNlY3Rp b24xDQoJe3BhZ2U6V29yZFNlY3Rpb24xO30NCi8qIExpc3QgRGVmaW5pdGlvbnMgKi8NCkBsaXN0 IGwwDQoJe21zby1saXN0LWlkOjg4MTYzODczOw0KCW1zby1saXN0LXRlbXBsYXRlLWlkczo2MzA3 NTA5NDg7fQ0KQGxpc3QgbDA6bGV2ZWwxDQoJe21zby1sZXZlbC1udW1iZXItZm9ybWF0OmJ1bGxl dDsNCgltc28tbGV2ZWwtdGV4dDrvgrc7DQoJbXNvLWxldmVsLXRhYi1zdG9wOjM2LjBwdDsNCglt c28tbGV2ZWwtbnVtYmVyLXBvc2l0aW9uOmxlZnQ7DQoJdGV4dC1pbmRlbnQ6LTE4LjBwdDsNCglt c28tYW5zaS1mb250LXNpemU6MTAuMHB0Ow0KCWZvbnQtZmFtaWx5OlN5bWJvbDt9DQpAbGlzdCBs MDpsZXZlbDINCgl7bXNvLWxldmVsLW51bWJlci1mb3JtYXQ6YnVsbGV0Ow0KCW1zby1sZXZlbC10 ZXh0Om87DQoJbXNvLWxldmVsLXRhYi1zdG9wOjcyLjBwdDsNCgltc28tbGV2ZWwtbnVtYmVyLXBv c2l0aW9uOmxlZnQ7DQoJdGV4dC1pbmRlbnQ6LTE4LjBwdDsNCgltc28tYW5zaS1mb250LXNpemU6 MTAuMHB0Ow0KCWZvbnQtZmFtaWx5OiJDb3VyaWVyIE5ldyI7DQoJbXNvLWJpZGktZm9udC1mYW1p bHk6IlRpbWVzIE5ldyBSb21hbiI7fQ0KQGxpc3QgbDA6bGV2ZWwzDQoJe21zby1sZXZlbC1udW1i ZXItZm9ybWF0OmJ1bGxldDsNCgltc28tbGV2ZWwtdGV4dDrvgqc7DQoJbXNvLWxldmVsLXRhYi1z dG9wOjEwOC4wcHQ7DQoJbXNvLWxldmVsLW51bWJlci1wb3NpdGlvbjpsZWZ0Ow0KCXRleHQtaW5k ZW50Oi0xOC4wcHQ7DQoJbXNvLWFuc2ktZm9udC1zaXplOjEwLjBwdDsNCglmb250LWZhbWlseTpX aW5nZGluZ3M7fQ0KQGxpc3QgbDA6bGV2ZWw0DQoJe21zby1sZXZlbC1udW1iZXItZm9ybWF0OmJ1 bGxldDsNCgltc28tbGV2ZWwtdGV4dDrvgqc7DQoJbXNvLWxldmVsLXRhYi1zdG9wOjE0NC4wcHQ7 DQoJbXNvLWxldmVsLW51bWJlci1wb3NpdGlvbjpsZWZ0Ow0KCXRleHQtaW5kZW50Oi0xOC4wcHQ7 DQoJbXNvLWFuc2ktZm9udC1zaXplOjEwLjBwdDsNCglmb250LWZhbWlseTpXaW5nZGluZ3M7fQ0K QGxpc3QgbDA6bGV2ZWw1DQoJe21zby1sZXZlbC1udW1iZXItZm9ybWF0OmJ1bGxldDsNCgltc28t bGV2ZWwtdGV4dDrvgqc7DQoJbXNvLWxldmVsLXRhYi1zdG9wOjE4MC4wcHQ7DQoJbXNvLWxldmVs LW51bWJlci1wb3NpdGlvbjpsZWZ0Ow0KCXRleHQtaW5kZW50Oi0xOC4wcHQ7DQoJbXNvLWFuc2kt Zm9udC1zaXplOjEwLjBwdDsNCglmb250LWZhbWlseTpXaW5nZGluZ3M7fQ0KQGxpc3QgbDA6bGV2 ZWw2DQoJe21zby1sZXZlbC1udW1iZXItZm9ybWF0OmJ1bGxldDsNCgltc28tbGV2ZWwtdGV4dDrv gqc7DQoJbXNvLWxldmVsLXRhYi1zdG9wOjIxNi4wcHQ7DQoJbXNvLWxldmVsLW51bWJlci1wb3Np dGlvbjpsZWZ0Ow0KCXRleHQtaW5kZW50Oi0xOC4wcHQ7DQoJbXNvLWFuc2ktZm9udC1zaXplOjEw LjBwdDsNCglmb250LWZhbWlseTpXaW5nZGluZ3M7fQ0KQGxpc3QgbDA6bGV2ZWw3DQoJe21zby1s ZXZlbC1udW1iZXItZm9ybWF0OmJ1bGxldDsNCgltc28tbGV2ZWwtdGV4dDrvgqc7DQoJbXNvLWxl dmVsLXRhYi1zdG9wOjI1Mi4wcHQ7DQoJbXNvLWxldmVsLW51bWJlci1wb3NpdGlvbjpsZWZ0Ow0K CXRleHQtaW5kZW50Oi0xOC4wcHQ7DQoJbXNvLWFuc2ktZm9udC1zaXplOjEwLjBwdDsNCglmb250 LWZhbWlseTpXaW5nZGluZ3M7fQ0KQGxpc3QgbDA6bGV2ZWw4DQoJe21zby1sZXZlbC1udW1iZXIt Zm9ybWF0OmJ1bGxldDsNCgltc28tbGV2ZWwtdGV4dDrvgqc7DQoJbXNvLWxldmVsLXRhYi1zdG9w OjI4OC4wcHQ7DQoJbXNvLWxldmVsLW51bWJlci1wb3NpdGlvbjpsZWZ0Ow0KCXRleHQtaW5kZW50 Oi0xOC4wcHQ7DQoJbXNvLWFuc2ktZm9udC1zaXplOjEwLjBwdDsNCglmb250LWZhbWlseTpXaW5n ZGluZ3M7fQ0KQGxpc3QgbDA6bGV2ZWw5DQoJe21zby1sZXZlbC1udW1iZXItZm9ybWF0OmJ1bGxl dDsNCgltc28tbGV2ZWwtdGV4dDrvgqc7DQoJbXNvLWxldmVsLXRhYi1zdG9wOjMyNC4wcHQ7DQoJ bXNvLWxldmVsLW51bWJlci1wb3NpdGlvbjpsZWZ0Ow0KCXRleHQtaW5kZW50Oi0xOC4wcHQ7DQoJ bXNvLWFuc2ktZm9udC1zaXplOjEwLjBwdDsNCglmb250LWZhbWlseTpXaW5nZGluZ3M7fQ0KQGxp c3QgbDENCgl7bXNvLWxpc3QtaWQ6MjA4MDM5NTM3NDsNCgltc28tbGlzdC10ZW1wbGF0ZS1pZHM6 LTE1NjQwMTcwODI7fQ0KQGxpc3QgbDE6bGV2ZWwxDQoJe21zby1sZXZlbC1udW1iZXItZm9ybWF0 OmJ1bGxldDsNCgltc28tbGV2ZWwtdGV4dDrvgrc7DQoJbXNvLWxldmVsLXRhYi1zdG9wOjM2LjBw dDsNCgltc28tbGV2ZWwtbnVtYmVyLXBvc2l0aW9uOmxlZnQ7DQoJdGV4dC1pbmRlbnQ6LTE4LjBw dDsNCgltc28tYW5zaS1mb250LXNpemU6MTAuMHB0Ow0KCWZvbnQtZmFtaWx5OlN5bWJvbDt9DQpA bGlzdCBsMTpsZXZlbDINCgl7bXNvLWxldmVsLW51bWJlci1mb3JtYXQ6YnVsbGV0Ow0KCW1zby1s ZXZlbC10ZXh0Ou+CtzsNCgltc28tbGV2ZWwtdGFiLXN0b3A6NzIuMHB0Ow0KCW1zby1sZXZlbC1u dW1iZXItcG9zaXRpb246bGVmdDsNCgl0ZXh0LWluZGVudDotMTguMHB0Ow0KCW1zby1hbnNpLWZv bnQtc2l6ZToxMC4wcHQ7DQoJZm9udC1mYW1pbHk6U3ltYm9sO30NCkBsaXN0IGwxOmxldmVsMw0K CXttc28tbGV2ZWwtbnVtYmVyLWZvcm1hdDpidWxsZXQ7DQoJbXNvLWxldmVsLXRleHQ674K3Ow0K CW1zby1sZXZlbC10YWItc3RvcDoxMDguMHB0Ow0KCW1zby1sZXZlbC1udW1iZXItcG9zaXRpb246 bGVmdDsNCgl0ZXh0LWluZGVudDotMTguMHB0Ow0KCW1zby1hbnNpLWZvbnQtc2l6ZToxMC4wcHQ7 DQoJZm9udC1mYW1pbHk6U3ltYm9sO30NCkBsaXN0IGwxOmxldmVsNA0KCXttc28tbGV2ZWwtbnVt YmVyLWZvcm1hdDpidWxsZXQ7DQoJbXNvLWxldmVsLXRleHQ674K3Ow0KCW1zby1sZXZlbC10YWIt c3RvcDoxNDQuMHB0Ow0KCW1zby1sZXZlbC1udW1iZXItcG9zaXRpb246bGVmdDsNCgl0ZXh0LWlu ZGVudDotMTguMHB0Ow0KCW1zby1hbnNpLWZvbnQtc2l6ZToxMC4wcHQ7DQoJZm9udC1mYW1pbHk6 U3ltYm9sO30NCkBsaXN0IGwxOmxldmVsNQ0KCXttc28tbGV2ZWwtbnVtYmVyLWZvcm1hdDpidWxs ZXQ7DQoJbXNvLWxldmVsLXRleHQ674K3Ow0KCW1zby1sZXZlbC10YWItc3RvcDoxODAuMHB0Ow0K CW1zby1sZXZlbC1udW1iZXItcG9zaXRpb246bGVmdDsNCgl0ZXh0LWluZGVudDotMTguMHB0Ow0K CW1zby1hbnNpLWZvbnQtc2l6ZToxMC4wcHQ7DQoJZm9udC1mYW1pbHk6U3ltYm9sO30NCkBsaXN0 IGwxOmxldmVsNg0KCXttc28tbGV2ZWwtbnVtYmVyLWZvcm1hdDpidWxsZXQ7DQoJbXNvLWxldmVs LXRleHQ674K3Ow0KCW1zby1sZXZlbC10YWItc3RvcDoyMTYuMHB0Ow0KCW1zby1sZXZlbC1udW1i ZXItcG9zaXRpb246bGVmdDsNCgl0ZXh0LWluZGVudDotMTguMHB0Ow0KCW1zby1hbnNpLWZvbnQt c2l6ZToxMC4wcHQ7DQoJZm9udC1mYW1pbHk6U3ltYm9sO30NCkBsaXN0IGwxOmxldmVsNw0KCXtt c28tbGV2ZWwtbnVtYmVyLWZvcm1hdDpidWxsZXQ7DQoJbXNvLWxldmVsLXRleHQ674K3Ow0KCW1z by1sZXZlbC10YWItc3RvcDoyNTIuMHB0Ow0KCW1zby1sZXZlbC1udW1iZXItcG9zaXRpb246bGVm dDsNCgl0ZXh0LWluZGVudDotMTguMHB0Ow0KCW1zby1hbnNpLWZvbnQtc2l6ZToxMC4wcHQ7DQoJ Zm9udC1mYW1pbHk6U3ltYm9sO30NCkBsaXN0IGwxOmxldmVsOA0KCXttc28tbGV2ZWwtbnVtYmVy LWZvcm1hdDpidWxsZXQ7DQoJbXNvLWxldmVsLXRleHQ674K3Ow0KCW1zby1sZXZlbC10YWItc3Rv cDoyODguMHB0Ow0KCW1zby1sZXZlbC1udW1iZXItcG9zaXRpb246bGVmdDsNCgl0ZXh0LWluZGVu dDotMTguMHB0Ow0KCW1zby1hbnNpLWZvbnQtc2l6ZToxMC4wcHQ7DQoJZm9udC1mYW1pbHk6U3lt Ym9sO30NCkBsaXN0IGwxOmxldmVsOQ0KCXttc28tbGV2ZWwtbnVtYmVyLWZvcm1hdDpidWxsZXQ7 DQoJbXNvLWxldmVsLXRleHQ674K3Ow0KCW1zby1sZXZlbC10YWItc3RvcDozMjQuMHB0Ow0KCW1z by1sZXZlbC1udW1iZXItcG9zaXRpb246bGVmdDsNCgl0ZXh0LWluZGVudDotMTguMHB0Ow0KCW1z by1hbnNpLWZvbnQtc2l6ZToxMC4wcHQ7DQoJZm9udC1mYW1pbHk6U3ltYm9sO30NCm9sDQoJe21h cmdpbi1ib3R0b206MGNtO30NCnVsDQoJe21hcmdpbi1ib3R0b206MGNtO30NCi0tPjwvc3R5bGU+ PCEtLVtpZiBndGUgbXNvIDldPjx4bWw+DQo8bzpzaGFwZWRlZmF1bHRzIHY6ZXh0PSJlZGl0IiBz cGlkbWF4PSIxMDI2IiAvPg0KPC94bWw+PCFbZW5kaWZdLS0+PCEtLVtpZiBndGUgbXNvIDldPjx4 bWw+DQo8bzpzaGFwZWxheW91dCB2OmV4dD0iZWRpdCI+DQo8bzppZG1hcCB2OmV4dD0iZWRpdCIg ZGF0YT0iMSIgLz4NCjwvbzpzaGFwZWxheW91dD48L3htbD48IVtlbmRpZl0tLT4NCjwvaGVhZD4N Cjxib2R5IGxhbmc9IkVOLVVTIiBsaW5rPSJibHVlIiB2bGluaz0icHVycGxlIj4NCjxkaXYgY2xh c3M9IldvcmRTZWN0aW9uMSI+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iY29s b3I6IzcwMzBBMCI+SGkgRWtyLCBNYXgsIFN0ZXBoZW4sPG86cD48L286cD48L3NwYW4+PC9wPg0K PHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImNvbG9yOiM3MDMwQTAiPjxvOnA+Jm5i c3A7PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJj b2xvcjojNzAzMEEwIj5XZSB0cmllZCB0byBkZXNpZ24gdGhlIHByb3Bvc2VkIENvbXBvc2l0ZUNy eXB0byBzb2x1dGlvbiB0byBiZSBhcyBnZW5lcmljIGFuZCBnZW5lcmFsIGFzIHBvc3NpYmxlLiBE dXJpbmcgZGVzaWduLCB3ZSB3YW50ZWQgc29tZXRoaW5nIHRoYXQgd291bGQgd29yayDigJxnZW5l cmljYWxseSB3ZWxs4oCdIGFjcm9zcyBhbGwgQVNOLjEtYmFzZWQgdXNlLWNhc2VzOiBQS0lYDQog KFguNTA5LCBDUkwsIENNUCwgQ01TIFMvTUlNRSksIE9DU1AgLCBQS0NTIz8sIFBJViBzbWFydCBj YXJkcywgY29kZS1zaWduaW5nLCBldGMuPG86cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9 Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImNvbG9yOiM3MDMwQTAiPjxvOnA+Jm5ic3A7PC9vOnA+ PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJjb2xvcjojNzAz MEEwIj5BcyBNYXggc2FpZCwgaXTigJlzIGNlcnRhaW5seSBwb3NzaWJseSB0byBkZXNpZ24gYSBt b3JlIGVsZWdhbnQgc29sdXRpb24gYnkgdGFpbG9yaW5nIGl0IHRvIG9uZSB1c2UtY2FzZSAoZm9y IGV4YW1wbGUgYnkgY29uc2lkZXJpbmcgbWVjaGFuaXNtcyBhdmFpbGFibGUgaW4gYSBuZWdvdGlh dGVkIHByb3RvY29sKS4gSG93ZXZlciwgYXMgY29tcGFuaWVzIHdobyBpbXBsZW1lbnQNCiBnZW5l cmFsLXB1cnBvc2UgQ2VydGlmaWNhdGUgQXV0aG9yaXRpZXMsIHdl4oCZcmUgbG9va2luZyBmb3Ig YSBtb3JlIG9uZS1zaXplLWZpdHMtbW9zdCBzb2x1dGlvbi48bzpwPjwvbzpwPjwvc3Bhbj48L3A+ DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iY29sb3I6IzcwMzBBMCI+PG86cD4m bmJzcDs8L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9 ImNvbG9yOiM3MDMwQTAiPklmIFdlYlBLSSBhbmQgQ0EvQiBGb3J1bSB3YW50cyB0byB0YWtlIG1v cmUgdGltZSAtLSBwb3NzaWJseSBldmVuIHdhaXRpbmcgb3V0IHRoaXMgcHJvYmxlbSDigJMgSSBo b3BlIHRoYXQgZG9lc27igJl0IHByZWNsdWRlIGEgcHVzaCBmb3IgYSBtb3JlIGltbWVkaWF0ZSBz b2x1dGlvbi48bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3Bh biBzdHlsZT0iY29sb3I6IzcwMzBBMCI+PG86cD4mbmJzcDs8L286cD48L3NwYW4+PC9wPg0KPHAg Y2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImNvbG9yOiM3MDMwQTAiPjxvOnA+Jm5ic3A7 PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJjb2xv cjojNzAzMEEwIj5BcyBmb3Ig4oCcd2h5IG5vd+KAnTogTWF4IGhhcyBzcG9rZW4gYXQgbGVuZ3Ro IGFib3V0IERPQ1NJUyBjYWJsZSBtb2RlbXMgd2hvIHdhbnQgdG8gYmVnaW4gZGVwbG95aW5nIG11 bHRpLWFsZ29yaXRobS1jYXBhYmxlIGRldmljZXMsIGxpa2Ugbm93LiBUaGVyZSBhcmUgYWxzbyBv dGhlciBjbG9zZWQgUEtJIGVudmlyb25tZW50cyAodGhpbmsgaGV0ZXJvZ2Vub3VzIGNvcnBvcmF0 ZQ0KIFBLSXMgcHJvdmlkaW5nIGNlcnRzIGZvciBlbWFpbCwgcGh5c2ljYWwgYnVpbGRpbmcgYWNj ZXNzLCBXaW5kb3dzIHNtYXJ0LWNhcmQgbG9naW4sIGV0Yykgd2hlcmUgdGhlIGN1c3RvbWVyLWRl bWFuZGVkIHRpbWVsaW5lcyBmb3IgY2xhc3NpY2FsJiM0MztQUSBzb2x1dGlvbnMgYXJlIHRvbyBz aG9ydCB0byB3YWl0IGZvciBlYWNoIHByb2JsZW0gZG9tYWluIHRvIHN0YW5kYXJkaXplIGFuIG9w dGltaXplZCBtdWx0aS1hbGcgY2VydCBzdGFuZGFyZCAocGx1cw0KIHRoaW5rIG9mIHRoZSBoZWFk YWNoZSBpZiB3ZSBmcmFjdHVyZSBpbnRvIGRvemVucyBvZiBkaWZmZXJlbnQgY2VydCBmb3JtYXRz ISkuPG86cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5 bGU9ImNvbG9yOiM3MDMwQTAiPjxvOnA+Jm5ic3A7PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNz PSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJjb2xvcjojNzAzMEEwIj5BcyB5b3Ugc2F5IEVrciwg bWF5YmUgdGhlIHNvbHV0aW9uIGlzIHRvIHVzZSBoYXNoLWJhc2VkIHVudGlsIHdl4oCZcmUgcmVh ZHkgdG8gbWlncmF0ZSB3aG9sZXNhbGUgdG8gYSBzaW5nbGUgTklTVC1jcm93bmVkIGFsZ29yaXRo bSwgYnV0IHRoaXMgaXMgbm90IHRoZSBvcGluaW9uIHRoYXQgSeKAmW0gaGVhcmluZyBmcm9tIHRo ZSBjb21tdW5pdHkgYXJvdW5kIHRoZSBOSVNUDQogUFFDLCBub3IgZnJvbSBteSBjdXN0b21lcnMg d2hvIHdhbnQgZ3JlYXRlciBhZ2lsaXR5LCBub3QgbW9yZSByZXN0cmljdGlvbnMuIEhlbmNlIHRo aXMgZ2VuZXJpYyBhbmQgZmxleGlibGUgQ29tcG9zaXRlQ3J5cHRvIGRyYWZ0LjxvOnA+PC9vOnA+ PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJjb2xvcjojNzAz MEEwIj48bzpwPiZuYnNwOzwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48 c3BhbiBzdHlsZT0iY29sb3I6IzcwMzBBMCI+PG86cD4mbmJzcDs8L286cD48L3NwYW4+PC9wPg0K PHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImNvbG9yOiM3MDMwQTAiPlRMO0RSOiBD b21wb3NpdGVDcnlwdG8gbWF5IG5vdCBiZSB0aGUgZm9yZXZlciBzb2x1dGlvbiBmb3IgYWxsIHVz ZS1jYXNlcywgYnV0IGl0IHdvdWxkIGdpdmUgdXMgc29tZXRoaW5nIHdlIGNhbiBzdGFydCB1c2lu ZyBzb29uIGFzIGEgdHJhbnNpdGlvbiBtZWNoYW5pc20sIHRoYXQgd2UgaGF2ZSBjb25maWRlbmNl IHdpbGwgYmUgcmVsYXRpdmVseSBwcm9ibGVtLWZyZWUNCiBhY3Jvc3MgdGhlIGJyZWFkdGggb2Yg UEtJIHByb2JsZW0gc3BhY2VzLiA8bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNv Tm9ybWFsIj48c3BhbiBzdHlsZT0iY29sb3I6IzcwMzBBMCI+PG86cD4mbmJzcDs8L286cD48L3Nw YW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImNvbG9yOiM3MDMwQTAi Pi0gLSAtPG86cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PGI+PHNw YW4gc3R5bGU9ImZvbnQtc2l6ZTo5LjBwdDtmb250LWZhbWlseTomcXVvdDtBcmlhbCZxdW90Oyxz YW5zLXNlcmlmO2NvbG9yOiM3MDMwQTAiPk1pa2U8L3NwYW4+PC9iPjxzcGFuIHN0eWxlPSJmb250 LXNpemU6OS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7QXJpYWwmcXVvdDssc2Fucy1zZXJpZjtjb2xv cjojNzAzMEEwIj4gT3Vuc3dvcnRoPC9zcGFuPjxzcGFuIHN0eWxlPSJjb2xvcjojNzAzMEEwIj48 bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0i Y29sb3I6IzcwMzBBMCI+PG86cD4mbmJzcDs8L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1z b05vcm1hbCI+PGI+RnJvbTo8L2I+IFNlY2Rpc3BhdGNoICZsdDtzZWNkaXNwYXRjaC1ib3VuY2Vz QGlldGYub3JnJmd0OyA8Yj5PbiBCZWhhbGYgT2YNCjwvYj5FcmljIFJlc2NvcmxhPGJyPg0KPGI+ U2VudDo8L2I+IFdlZG5lc2RheSwgTm92ZW1iZXIgMjAsIDIwMTkgMToyOSBBTTxicj4NCjxiPlRv OjwvYj4gRHIuIFBhbGEgJmx0O21hZHdvbGZAb3BlbmNhLm9yZyZndDs8YnI+DQo8Yj5DYzo8L2I+ IElFVEYgU2VjRGlzcGF0Y2ggJmx0O3NlY2Rpc3BhdGNoQGlldGYub3JnJmd0OzsgU3RlcGhlbiBG YXJyZWxsICZsdDtzdGVwaGVuLmZhcnJlbGxAY3MudGNkLmllJmd0Ozxicj4NCjxiPlN1YmplY3Q6 PC9iPiBbRVhURVJOQUxdUmU6IFtTZWNkaXNwYXRjaF0gQ2xhcmlmaWNhdGlvbiBRdWVzdGlvbiBm b3IgdGhlIENvbW1lbnQgZnJvbSBFcmljIFJlc2NvcmxhICg8bzpwPjwvbzpwPjwvcD4NCjxwIGNs YXNzPSJNc29Ob3JtYWwiPjxvOnA+Jm5ic3A7PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1h bCI+PHN0cm9uZz48c3BhbiBzdHlsZT0iZm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZxdW90Oyxz YW5zLXNlcmlmO2NvbG9yOnJlZCI+V0FSTklORzo8L3NwYW4+PC9zdHJvbmc+IFRoaXMgZW1haWwg b3JpZ2luYXRlZCBvdXRzaWRlIG9mIEVudHJ1c3QgRGF0YWNhcmQuPGJyPg0KPHN0cm9uZz48c3Bh biBzdHlsZT0iZm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZxdW90OyxzYW5zLXNlcmlmO2NvbG9y OnJlZCI+RE8gTk9UIENMSUNLPC9zcGFuPjwvc3Ryb25nPiBsaW5rcyBvciBhdHRhY2htZW50cyB1 bmxlc3MgeW91IHRydXN0IHRoZSBzZW5kZXIgYW5kIGtub3cgdGhlIGNvbnRlbnQgaXMgc2FmZS48 bzpwPjwvbzpwPjwvcD4NCjxkaXYgY2xhc3M9Ik1zb05vcm1hbCIgYWxpZ249ImNlbnRlciIgc3R5 bGU9InRleHQtYWxpZ246Y2VudGVyIj4NCjxociBzaXplPSIzIiB3aWR0aD0iMTAwJSIgYWxpZ249 ImNlbnRlciI+DQo8L2Rpdj4NCjxkaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+SGkg TWF4LDxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+ PG86cD4mbmJzcDs8L286cD48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFs Ij5JJ20gbm90IHByZXNlbnRseSB0YWtpbmcgYSBwb3NpdGlvbiBvbiB3aGV0aGVyIHRoaXMgd29y ayBzaG91bGQgcHJvY2VlZCBpbiBhIGdlbmVyYWwgbWF0dGVyOyBJIGhhdmVuJ3QgdGhvdWdodCBp dCB0aHJvdWdoIGVub3VnaCB0byBoYXZlIGFuIG9waW5pb24uPG86cD48L286cD48L3A+DQo8L2Rp dj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48bzpwPiZuYnNwOzwvbzpwPjwvcD4NCjwv ZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPldoYXQgSSB3YXMgdHJ5aW5nIHRvIHNh eSBpbiB0aGUgbWVldGluZyBpcyB0aGF0IEkgZG9uJ3QgdGhpbmsgdGhpcyBpcyBwcm9iYWJseSB0 byBiZSBvZiBtdWNoIHVzZSBpbiB0aGUgV2ViUEtJIGF0IHRoaXMgdGltZS48bzpwPjwvbzpwPjwv cD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxvOnA+Jm5ic3A7PC9vOnA+ PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+LUVrcjxvOnA+PC9vOnA+ PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PG86cD4mbmJzcDs8L286 cD48L3A+DQo8L2Rpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxvOnA+Jm5ic3A7PC9vOnA+PC9w Pg0KPGRpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj5PbiBUdWUsIE5vdiAxOSwgMjAx OSBhdCAxMToyMiBQTSBEci4gUGFsYSAmbHQ7PGEgaHJlZj0ibWFpbHRvOm1hZHdvbGZAb3BlbmNh Lm9yZyIgdGFyZ2V0PSJfYmxhbmsiPm1hZHdvbGZAb3BlbmNhLm9yZzwvYT4mZ3Q7IHdyb3RlOjxv OnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8YmxvY2txdW90ZSBzdHlsZT0iYm9yZGVyOm5vbmU7Ym9y ZGVyLWxlZnQ6c29saWQgI0NDQ0NDQyAxLjBwdDtwYWRkaW5nOjBjbSAwY20gMGNtIDYuMHB0O21h cmdpbi1sZWZ0OjQuOHB0O21hcmdpbi10b3A6NS4wcHQ7bWFyZ2luLXJpZ2h0OjBjbTttYXJnaW4t Ym90dG9tOjUuMHB0Ij4NCjxkaXY+DQo8cD5IaSBTdGVwaGVuLCBhbGwsPG86cD48L286cD48L3A+ DQo8cD5JIGp1c3Qgd2FudCB0byBhZGQgYSBxdWljayBjb25zaWRlcmF0aW9uIGhlcmUuIFdlIHdv cmsgd2l0aCBoYXJkd2FyZSB0aGF0IGlzIGRlcGxveWVkIGF0IHRoZSBjdXN0b21lcidzIGhvbWVz LCBvZmZpY2VzLCBldGMuIFdoZW4gcGxhbm5pbmcgZm9yIG91ciBpbm5vdmF0aW9uIHRvIGhpdCB0 aGUgbmV0d29ya3MsIHdlIG5lZWQgdG8gcGxhbiB5ZWFycyBpbiBhZHZhbmNlIC0gdGhpcyBpcyBu b3Qgc29tZXRoaW5nIHdlIGRlYWwgd2l0aCBpbiB1bml2ZXJzaXRpZXMsDQogYnV0LCBJIGFzc3Vy ZSB5b3UsIGl0IHJlcXVpcmVzIGEgbG90IG1vcmUgcGxhbm5pbmcgdGhhbiB5b3UgbWlnaHQgYmUg dXNlZCB0by48bzpwPjwvbzpwPjwvcD4NCjxwPkkgZG8gZGlzYWdyZWUgd2l0aCB0aGUgZmFjdCB0 aGF0IHdoYXQgd2UgYXJlIGRvaW5nIGRvZXNuJ3QgcmVhbGx5IGhlbHAgdGhhdCBtdWNoLiBUaGUg cHJvcG9zZWQgYXBwcm9hY2ggZG9lcyBwcm92aWRlIGEgc29sdXRpb24gdGhhdCwgYWx0aG91Z2gg aXQgbWlnaHQgbm90IGJlIG9wdGltaXplZCwgaXQgd29ya3MuPG86cD48L286cD48L3A+DQo8cD5P dGhlciBzb2x1dGlvbnMgbWlnaHQgY29tZSBhZnRlcndhcmRzIHRoYXQgcHJvdmlkZSAocHJvYmFi bHkgbW9yZSBjb21wbGV4KSBvcHRpbWl6ZWQgcGF0aHMgKG1heWJlIFRMUyAyLjAgd2lsbCBiZSBx dWl0ZSBkaWZmZXJlbnQgYmVjYXVzZSBpdHMgZGVzaWduIHdpbGwgY292ZXIgdGhlIG5ldyBkZXNp Z24gcmVxdWlyZW1lbnRzKS4gQW5vdGhlciBwb3NzaWJpbGl0eSBpcyB0aGF0IGFwcGxpY2F0aW9u IHNwZWNpZmljIHdvdWxkIGRlZmluZSB0aGVpcg0KIG93biBjb2RlIHBvaW50czogdGhlICZxdW90 O0NvbXBvc2l0Q3J5cHRvJnF1b3Q7IGFsZ29yaXRobSBPSUQgd2lsbCBhbGxvdyB0byBjb21iaW5l IGFueSBhbGdvcml0aG1zLiBBcHBsaWNhdGlvbnMgY2FuIHRoZW4gZGVmaW5lIHRoZWlyIG93biBj b2RlLXBvaW50cyB0aGF0IHRoZXkgYWNjZXB0IGJ5IHNpbXBseSBkZWZpbmluZyB0aGUgYXBwcm9w cmlhdGUgT0lEIGZvciB0aGUgYWxnb3JpdGhtIGlkZW50aWZlci4gRm9yIGV4YW1wbGUsIHdoZW4g YW5kIGlmIFRMUywNCiBmb3IgZXhhbXBsZSwgd291bGQgbGlrZSB0byBkZWZpbmUgaXRzIG93biBj b21iaW5hdGlvbiBvZiBhbGdvcml0aG1zLCBhIHNldCBvZiBzcGVjaWZpYyBjb2RlLXBvaW50cyBj YW4gYmUgZGVmaW5lZCBmb3IgdGhhdC48bzpwPjwvbzpwPjwvcD4NCjxwPkNvbWluZyBiYWNrIHRv IGRlbGF5aW5nIHRoZSB3b3JrIC0gSSB0aGluayBpdCBpcyB3cm9uZyBhbmQgSSB3b3VsZCBsaWtl IHRvIHVuZGVyc3RhbmQgd2h5IHlvdSB0aGluayBpdCBpcyBhIGdvb2QgaWRlYS48bzpwPjwvbzpw PjwvcD4NCjx1bCB0eXBlPSJkaXNjIj4NCjxsaSBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNv LW1hcmdpbi10b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG87bXNvLWxpc3Q6 bDAgbGV2ZWwxIGxmbzMiPg0KV2UgaGF2ZSB0aGUgaW50ZXJlc3Qgb2YgYW4gaW5kdXN0cnkgc2Vj dG9yPG86cD48L286cD48L2xpPjxsaSBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdp bi10b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG87bXNvLWxpc3Q6bDAgbGV2 ZWwxIGxmbzMiPg0KUGx1cywgdGhlcmUgaGFzIGJlZW4gc3VwcG9ydCBvbiB0aGUgTUxzIGZvciBu b3QgZGVsYXlpbmcgdGhlIHdvcmsgYW55IGZ1cnRoZXI8bzpwPjwvbzpwPjwvbGk+PGxpIGNsYXNz PSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6YXV0bzttc28tbWFyZ2luLWJv dHRvbS1hbHQ6YXV0bzttc28tbGlzdDpsMCBsZXZlbDEgbGZvMyI+DQpQbHVzLCB0aGlzIHdvcmsg aXMgcHJlc2VudGVkIGJ5IGEgPGI+PGk+PHU+Y29tbWl0dGVkIHNldCBvZiBDb21wYW5pZXMgdGhh dCBoYXZlIHJlYWwgaW50ZXJlc3QgaW4gdXNpbmcgdGhpcyB0ZWNobm9sb2d5PC91PjwvaT48L2I+ IHRvIHByb3RlY3QgdGhlIFBLSXMgdGhhdCBzZWN1cmUgdGhlIGludGVybmV0IGNvbm5lY3Rpdml0 eSBmb3IgaHVuZHJlZHMgb2YgbWlsbGlvbnMgb2YgdXNlcnMuPG86cD48L286cD48L2xpPjxsaSBj bGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1dG87bXNvLW1hcmdp bi1ib3R0b20tYWx0OmF1dG87bXNvLWxpc3Q6bDAgbGV2ZWwxIGxmbzMiPg0KUGx1cywgdGhlIHBy b2JsZW0gaGFzIGJlZW4gYWxyZWFkeSBhZGRyZXNzZWQgaW4gb3RoZXIgaW5zdGl0dXRpb25zIChJ VFUtVCkgLSB0aHVzIGluZGljYXRpbmcgdGhhdCBJRVRGIGlzIGZhbGxpbmcgYmVoaW5kIG9uIHRo aXMgdG9waWMuPG86cD48L286cD48L2xpPjxsaSBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNv LW1hcmdpbi10b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG87bXNvLWxpc3Q6 bDAgbGV2ZWwxIGxmbzMiPg0KUGx1cywgd2UgYXJlIGluIGNvbnRhY3Qgd2l0aCBOSVNUIHRvIHBv c3NpYmx5IGNvbGxhYm9yYXRlIG9uIHJlYWwtd29ybGQgZGVwbG95bWVudCBvZiBRUkMgYnkgdXNp bmcgQ29tcG9zaXRlIENyeXB0by48bzpwPjwvbzpwPjwvbGk+PC91bD4NCjxwPkkgdGhpbmsgdGhh dCBibG9ja2luZyBvciBzdGFsbGluZyB0aGlzIHdvcmsgd2l0aGluIHRoZSBJRVRGIGRvZXMgbm90 IG1ha2UgYW55IHNlbnNlLiBJZiB0aGVyZSBhcmUgb3RoZXIgY29tcGV0aW5nL2NvbXBlbGxpbmcg cHJvcG9zYWxzLCBwbGVhc2UgbGV0J3MgdGFsayBhYm91dCB0aGF0IGFuZCBmaW5kIGEgY29tbW9u IHNvbHV0aW9uIHdlIHN0YW5kYXJkaXplLiBJIHBlcnNvbmFsbHkgZG8gbm90IHRoaW5rIHRoYXQg JnF1b3Q7U29tZXRpbWVzIHdhaXRpbmcNCiBpcyBhIGxpdHRsZSBiZXR0ZXImcXVvdDsgaXMgYSB2 YWxpZCBhcmd1bWVudC4gPG86cD48L286cD48L3A+DQo8cD5JZiB5b3UgaGF2ZSB0ZWNobmljYWwg cmVhc29ucyBhcyB0byB3aHkgdGhpcyB3b3JrIHNoYWxsIG5vdCBwcm9jZWVkLCBwbGVhc2UgbGV0 IHVzIGtub3csIHdlIHdhbnQgdG8gZGVwbG95IHRoZSBiZXN0IHNvbHV0aW9uIHBvc3NpYmxlLjxv OnA+PC9vOnA+PC9wPg0KPHA+VGhhbmtzLDxicj4NCk1heDxvOnA+PC9vOnA+PC9wPg0KPHA+PG86 cD4mbmJzcDs8L286cD48L3A+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+T24gMTEvMjAv MTkgOTozMyBBTSwgU3RlcGhlbiBGYXJyZWxsIHdyb3RlOjxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+ DQo8YmxvY2txdW90ZSBzdHlsZT0ibWFyZ2luLXRvcDo1LjBwdDttYXJnaW4tYm90dG9tOjUuMHB0 Ij4NCjxwcmU+T24gMTkvMTEvMjAxOSAyMTo0OCwgRXJpYyBSZXNjb3JsYSB3cm90ZTo8bzpwPjwv bzpwPjwvcHJlPg0KPGJsb2NrcXVvdGUgc3R5bGU9Im1hcmdpbi10b3A6NS4wcHQ7bWFyZ2luLWJv dHRvbTo1LjBwdCI+DQo8cHJlPkJ1dCB1bnRpbCB3ZSBhcmUgcHJlcGFyZWQgdG8gZG8gdGhhdCwg dGhlbiBkZWZpbmluZyB0aGU8bzpwPjwvbzpwPjwvcHJlPg0KPHByZT5wcm90b2NvbCBzeW50YXgg ZG9lc24ndCByZWFsbHkgaGVscCB0aGF0IG11Y2guPG86cD48L286cD48L3ByZT4NCjwvYmxvY2tx dW90ZT4NCjxwcmU+JiM0MzsxPG86cD48L286cD48L3ByZT4NCjxwcmU+PG86cD4mbmJzcDs8L286 cD48L3ByZT4NCjxwcmU+U29tZXRpbWVzIHdhaXRpbmcgYSBiaXQgaXMgYmV0dGVyOi0pPG86cD48 L286cD48L3ByZT4NCjxwcmU+PG86cD4mbmJzcDs8L286cD48L3ByZT4NCjxwcmU+Uy48bzpwPjwv bzpwPjwvcHJlPg0KPC9ibG9ja3F1b3RlPg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPi0t IDxvOnA+PC9vOnA+PC9wPg0KPGRpdiBzdHlsZT0ibWFyZ2luLXRvcDo3LjVwdCI+DQo8cCBjbGFz cz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iY29sb3I6YmxhY2siPkJlc3QgUmVnYXJkcywgPG86 cD48L286cD48L3NwYW4+PC9wPg0KPGRpdiBzdHlsZT0ibWFyZ2luLXRvcDozLjc1cHQiPg0KPHAg Y2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImNvbG9yOmJsYWNrIj5NYXNzaW1pbGlhbm8g UGFsYSwgUGguRC48YnI+DQpPcGVuQ0EgTGFicyBEaXJlY3RvcjxvOnA+PC9vOnA+PC9zcGFuPjwv cD4NCjwvZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImNvbG9yOmJsYWNr Ij48aW1nIGJvcmRlcj0iMCIgd2lkdGg9IjEwMCIgaGVpZ2h0PSI1NCIgc3R5bGU9IndpZHRoOjEu MDQxNmluO2hlaWdodDouNTYyNWluIiBpZD0iUGljdHVyZV94MDAyMF8yIiBzcmM9ImNpZDppbWFn ZTAwMS5wbmdAMDFENUE5QzguMzg2RjlERDAiIGFsdD0iT3BlbkNBIExvZ28iPjwvc3Bhbj48c3Bh biBzdHlsZT0iY29sb3I6YmxhY2siPjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjwvZGl2Pg0KPC9k aXY+DQo8L2Rpdj4NCjwvYmxvY2txdW90ZT4NCjwvZGl2Pg0KPC9kaXY+DQo8L2Rpdj4NCjwvYm9k eT4NCjwvaHRtbD4NCg== --_000_MN2PR11MB3710195708AAA808B3D08EC29B580MN2PR11MB3710namp_-- --_004_MN2PR11MB3710195708AAA808B3D08EC29B580MN2PR11MB3710namp_ Content-Type: image/png; name="image001.png" Content-Description: image001.png Content-Disposition: inline; filename="image001.png"; size=3146; creation-date="Tue, 03 Dec 2019 16:55:51 GMT"; modification-date="Tue, 03 Dec 2019 16:55:51 GMT" Content-ID: Content-Transfer-Encoding: base64 iVBORw0KGgoAAAANSUhEUgAAAGQAAAA2CAMAAAAGesyaAAADAFBMVEUsJiEAAQAKAwMABwoXBwES CQAqDgEkEQItFQESGykaGh0WGyE1FwE9GwJHHwElJiY4JBQmKDE1KCAfLUQ8KygoMEAqMjpXKgs/ MilMMR0pOFEyOUo4OTo1OkRqMgpjOBlpNxUwQV1DPz48QExdOyM4QVV+OQRRQzo1SGdDR0lDSFJf RDFASVyaPwF+RRpNT1I9UXlwSi8+UnNDUm6hQgCPRhBdUEZTUlBKVGlPVF27PgCaSANtUT57VBer SQOMUgxHW4KMUiepTwmJVDh6WT6KVjGCWDpRYH21TwFiYF57YgJXYXaeVR+lVRZrYld1ZiB7YEuS YQBgZW+8VAlkZWjBVQCfXiqqXwG1WhPLVgedYDazXiDZVgCWZEDVWQJ1blapYjbXWgDRXACMaU6W bgCiZjnIXw9mcIixZC6pZjJ/cUeLbFdycmZ4cGnnWwNwc3WqaS6BcGeobwndXwzkXwLgYgDaYwyM eCq/bQHJaBi9ajDMagWVegvRZxzVaAvXaQDLainqZAuvcEPrZQDQaSyockrFbSvmZwnabQLvZwDp aQB0fpPkaxGld1d+f3/3aACfeV6RfG2JfnLebSF7gYy2fQmugQCigxW8d0K3eEr1bQXaciTicRqK gnzNewHuchbUdzKYiDzrdwKah1erjAvOfEXleSq5g1qYjGikiHO2kADigwC2hmSZjIGGj6aHkJzQ iwCximixim/EkAORkZGVkYrOh0rPiVL5giTvhDKkk4LMjF23mR+zmTrhikrviDzsi0TAlHDCnwvK lGqpnJLdlF2boKy+m324nImkoZ+eo6XKpgrloATwl1WypZPOn3zfqQjYrgLBrVDdo3nGq5mysa/S rI7dq4bqqXTOrpWttL+6s6uwtbe/t4rhvALetpjQuqnuwwe9v8LAv7vauqD3xA68w9XBw83rvJfR wbXFyMvbxbPNyMP8zgTczMDr0mb91xLM1ODQ1NfS1c7p0sD70bPd19PX4qj83cje4+Xr4tv54NLp 7/Hy9PHw9fj6/v3YktvJAAAAAXRSTlMAQObYZgAAAAFiS0dEAIgFHUgAAAjrSURBVFjDtVcNWFPX GT6E+l9BZ0EFsTKEIQaUAIrTZdYqxqG0I3UjIuiDM0ipoyO5l0rFh2PE472EoIJKL9hQV2OxqM+U SgFL4r9gEaIoQxgqKBZBR+nGGhXYdwNro0Kfkcp3ntzce/7e8/2e70PoJVDl3bMlZyurUSsaKnqE SrMplYrByozCjUOEUZORodMRVsViTjJc8GbLUGCUUstLv1SyLCGch8DGRiDPe/kY5/2HCQQTxZEE y4fb2gDI8KjjLxsjfyyc3lZgM3KixwgeY4TEzk7+kjHODbeb6u0xAhiw8XgFMOxolpP6J75UjLZf p6dzHIcBYCQbIBB4sCxDOLK6eMAVT39it57+e09ysCnDUtnrJ0vS5ZMW0PBFWDbd40G/85sH2KeX vj94u/flX8/2J6kYQkhkHbzWbkdH0N0UDN8sURS8uMd9dMzPL7BxIIjOayuWLBIf70RPUPjxLouB EgVhMaYuWXQlMjwsN+eFTR4cDZ4werRDYOoAIFkrptm/Ni0gthOt9Q4yWQxcAwyWTbacW0sTDGoJ en4P002/2S7LjgV6BpY1N6OO5g5eeiZTY/P9b1FzRwfKWuk9p/72ct+NpuKpq32qLVaexOCCJB91 aezt5y6zt7fXILSdJZjlVr1w0mCR66x6FL3QOXiUQ2a0k/sFlDlq1LzUMQ4uxxycjl0LWO1bBsY6 yXR3wSTJGxqLhdsJHDsS9cwF47XlvcQGQiXhRbih/HkQv4XOcajZb6GDu7PTFEdPkVu0k4vQyd3J c/SUwNnB+RJ/XsI9ptZDIxMly3dbLNwGnGBJF+Id3cZM9ui8Gjq5P/TDiRCegbOFgSKRo5e7yNHV 2dnPdVb0bHfHQCevNIV/rxqrX48oFQdYcpKMtYRbjuxtfqRypNACK28+j3FsqcilAD0ADuIWCt0y Ra7zRNEOY2YELhW5CV2dXVKixH8BC+s8GDN9wWKxf94zpsRiJuWmBYjgndsKFmu5Bc+D3HQXCcu7 QTFTMl3HF0SLxruLvGa4zUqdMGFWqqfX3GSxN0y6NT154i+v75zvH2thXiWgY2YVElhwYl9NYxar lr0grlQn92DQt1vBUk+nUFeHGZmegUIvl1RXr1AnV/fx6zd4v3HptM/YaXbrzmYFePu2WpowYRlJ o+2PGLb2d9WE5bw1L4DcnOco9HIcH3o02HOecMqMJhQqdLPXpArHl2uEo+Na8qZPXxw0+bVx46bF zhw3eZylM2dgwkbWW3IyJp9lMDe9H2/raiqPCy5/fHSCu+M7mkffoQuzQhvRhWVlj1FcWTfq6dwd ElJmarxedr/u3P6CNn7Fk95ol8wRjIMsOLGJSwLm/OMGjlFHJ7hqelDuxdMlpbU16JvqlJTamivo BjrfUgNB69zfb6Fr1TWPKmtOw9xCdLayEFWvBlaSfmEBsk6LSdTMNnQaldTe7Qfj20yveddR2toV EevCi9/ffmntR7ErtvompmyICM9qyYpZsG3FhqwNYRH5KUtyW7eGRRxfH1OHDv0ZXH6ihbSyVYzS Y3FuBkVR9LaS2wPxUxyTFpu2eGverr+dezvi0ttpOy/tTKlL2ZkWs6p4VV1Kyq60nevS8iLyi1tW hfNWzMfhYT+ArAQ+5odRBENjlRW5F/vH6O7u7urpXtvR/bQbmX/dPd3w7Ok+2Ij4ry5o0N/dY1p7 qA21FodhFRc1ctjIsXZ2Y18VcwCixNgcWlgVbUiue3b3J33te7497vv/oT1Bj5/7br1RgrYlfrRe SqmwPDyK0GqOUHKWj/RwP0J0ZlmsK3o2HP+7Qt9HBr3BYH5aNL3FG/+ul8sjKcxHdRJFGJkhfKxg mM2rUoaSg5h4GAwXJsF00dRGq+/21k2EF7o50oNswrNfsYUQKRBIZWIFh3luaLNe1F++bjXGyWyz ZiGoYFYLx5Ys4v0R3GWRdBHNErBiSiqVRhHMyeaYrMQ4SENWCvEcfhCmGIzpqKlm27KTSWUcAX1g oBw5oATctDb33aLTYV5SWoaXP5+gyqlFdnZ23nB+plcnREv0RWJCBVkrrBJ1BewMmlVpgRUQF7wp ItMJTcsJ34GBRVaFdQZaqoqxFmSb3qDQgu1A2GI4YAnODkQYIOhklDKzo2C1IV2sijzdhjorqwef NdL6ihxzegU7SynexHgBMXy+xWFG8qvdf91D8WpRi41qKFl02YaswYNkULTeLC9CFFK4bDHDMmZb hnuXSOdAsnN1LxgfVu7ZvG8LpSJUlO/gnaWQFwYvJpZeKdUaSC8ApuhIShYQYp5yWQ0oPgVXPtkc Hz/fx5rqqzosHSSlBYHIxKSolJcUsIIpnzkhmt4b7Z/tOzBRQWaA6uNCNdet0nxLkL8CgzeQKIlC XaHjXR9MlqQn9Y1fNd5RE0zF/ryKwVR/JMnsI3S8Umcw6NRYxRuUKqk3lfnKeGcTySAx5hy+7Wfg ZOv4uLLl0w8wUah71QLBpJeXq/eMVVivV8jz6lB2ofWF6i1dEYRZfMJ4piE+ZweNeb7A2VVyKEx6 vjt1z/ghMehVKiUpyt1VYBXCN6j0Q4Mazp7TvvndhIaGhqqvP1bwFk0YRYR5RoLR+PkWmlIpV/oE DQ6jB9Wc3Z6bm6zLTtLlgLC4LVWXz5Q1ffbV5oZ24wmsV/NeKTlirmg+u/q7w7/38PDdeKF8UBgX s2kV4WUC0YR/KOLvPby3L5O30yvG9vY/6vX8JSbb2je96coXX5QPznqfokKKEPWBAwd20ApaTWsP 7LnTfsd42at3+B+H7+zRUfwZZMutN6baHCX5+Ou9Zy4f3nuiKr7KaHxoNDbsSwhp6htvfyg3Zw90 1G+ttVlTJa34/E+fvrXmvY3713xy6tSZfadOJby7X1P/vwn/MeaYr0mF7IMEq690Gu95KwQq5L5K +f59qGUtaZMSciHMKjdVbY6zFqRC/pv3LgxY5tcW0pjIpGGJ7+89kxBnbXZSmjuz7CeyihyG8fbd XXYdrWlqQg+sZWTdzPqBB68VEdnkzDY0lHSjSD9/GRpaMt3OWqLpQENOTf/PpP8CK9ZVVe2a8XoA AAAASUVORK5CYII= --_004_MN2PR11MB3710195708AAA808B3D08EC29B580MN2PR11MB3710namp_-- From nobody Sun Dec 8 18:04:04 2019 Return-Path: X-Original-To: secdispatch@ietfa.amsl.com Delivered-To: secdispatch@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E4D3C1200CC for ; Sun, 8 Dec 2019 18:04:02 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.3 X-Spam-Level: X-Spam-Status: No, score=-4.3 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cs.tcd.ie Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bsGBZWY3DmQW for ; Sun, 8 Dec 2019 18:04:01 -0800 (PST) Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AAE5212007C for ; Sun, 8 Dec 2019 18:04:00 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id 1165FBE24; Mon, 9 Dec 2019 02:03:58 +0000 (GMT) X-Virus-Scanned: Debian amavisd-new at scss.tcd.ie Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id AbvQTF_Pncf3; Mon, 9 Dec 2019 02:03:56 +0000 (GMT) Received: from [10.244.2.119] (95-45-153-252-dynamic.agg2.phb.bdt-fng.eircom.net [95.45.153.252]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id 69EB1BDCF; Mon, 9 Dec 2019 02:03:56 +0000 (GMT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cs.tcd.ie; s=mail; t=1575857036; bh=G9GGmTEUxenWgYHJDnuSYmZC5l1QwNKHTlbD4gOuD7M=; h=Subject:To:Cc:References:From:Date:In-Reply-To:From; b=Uc0bN3gHLs9tkS+IqQKpa9KN6IAQHy/H8ul95CBwpvO4YRWyXlH+YOjWoIyXr6PqI lZH1uSoOMTYEkr+p2942Q0c5vHrbEm8Mc+UdU+ieC/nUr22AYI8zJh6m4tr72tzGAF 7IEYmyzk0Qwqc1ylCX9a/wTUsbEYg9q/3ykMAXB4= To: Mike Ounsworth , Eric Rescorla , "Dr. Pala" Cc: IETF SecDispatch References: <12eed4ff-edd2-7f70-9460-fc86dcbab927@openca.org> <7999ebac-c9c1-eb4f-d9f7-2ba814a3b331@cs.tcd.ie> <78997490-c5ae-c856-6e26-0f79c7733ca3@openca.org> From: Stephen Farrell Autocrypt: addr=stephen.farrell@cs.tcd.ie; prefer-encrypt=mutual; keydata= mQINBFo9UDIBEADUH4ZPcUnX5WWRWO4kEkHea5Y5eEvZjSwe/YA+G0nrTuOU9nemCP5PMvmh 5Cg8gBTyWyN4Z2+O25p9Tja5zUb+vPMWYvOtokRrp46yhFZOmiS5b6kTq0IqYzsEv5HI58S+ QtaFq978CRa4xH9Gi9u4yzUmT03QNIGDXE37honcAM4MOEtEgvw4fVhVWJuyy3w//0F2tzKr EMjmL5VGuD/Q9+G/7abuXiYNNd9ZFjv4625AUWwy+pAh4EKzS1FE7BOZp9daMu9MUQmDqtZU bUv0Q+DnQAB/4tNncejJPz0p2z3MWCp5iSwHiQvytYgatMp34a50l6CWqa13n6vY8VcPlIqO Vz+7L+WiVfxLbeVqBwV+4uL9to9zLF9IyUvl94lCxpscR2kgRgpM6A5LylRDkR6E0oudFnJg b097ZaNyuY1ETghVB5Uir1GCYChs8NUNumTHXiOkuzk+Gs4DAHx/a78YxBolKHi+esLH8r2k 4LyM2lp5FmBKjG7cGcpBGmWavACYEa7rwAadg4uBx9SHMV5i33vDXQUZcmW0vslQ2Is02NMK 7uB7E7HlVE1IM1zNkVTYYGkKreU8DVQu8qNOtPVE/CdaCJ/pbXoYeHz2B1Nvbl9tlyWxn5Xi HzFPJleXc0ksb9SkJokAfwTSZzTxeQPER8la5lsEEPbU/cDTcwARAQABtDJTdGVwaGVuIEZh cnJlbGwgKDIwMTcpIDxzdGVwaGVuLmZhcnJlbGxAY3MudGNkLmllPokCQAQTAQgAKgIbAwUJ CZQmAAULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgAUCWj6jdwIZAQAKCRBasvrxexcr6o7QD/9m x9DPJetmW794RXmNTrbTJ44zc/tJbcLdRBh0KBn9OW/EaAqjDmgNJeCMyJTKr1ywaps8HGUN hLEVkc14NUpgi4/Zkrbi3DmTp25OHj6wXBS5qVMyVynTMEIjOfeFFyxG+48od+Xn7qg6LT7G rHeNf+z/r0v9+8eZ1Ip63kshQDGhhpmRMKu4Ws9ZvTW2ACXkkTFaSGYJj3yIP4R6IgwBYGMz DXFX6nS4LA1s3pcPNxOgrvCyb60AiJZTLcOk/rRrpZtXB1XQc23ZZmrlTkl2HaThL6w3YKdi Ti1NbuMeOxZqtXcUshII45sANm4HuWNTiRh93Bn5bN6ddjgsaXEZBKUBuUaPBl7gQiQJcAlS 3MmGgVS4ZoX8+VaPGpXdQVFyBMRFlOKOC5XJESt7wY0RE2C8PFm+5eywSO/P1fkl9whkMgml 3OEuIQiP2ehRt/HVLMHkoM9CPQ7t6UwdrXrvX+vBZykav8x9U9M6KTgfsXytxUl6Vx5lPMLi 2/Jrsz6Mzh/IVZa3xjhq1OLFSI/tT2ji4FkJDQbO+yYUDhcuqfakDmtWLMxecZsY6O58A/95 8Qni6Xeq+Nh7zJ7wNcQOMoDGj+24di2TX1cKLzdDMWFaWzlNP5dB5VMwS9Wqj1Z6TzKjGjru q8soqohwb2CK9B3wzFg0Bs1iBI+2RuFnxLkCDQRaPVAyARAA+g3R0HzGr/Dl34Y07XqGqzq5 SU0nXIu9u8Ynsxj7gR5qb3HgUWYEWrHW2jHOByXnvkffucf5yzwrsvw8Q8iI8CFHiTYHPpey 4yPVn6R0w/FOMcY70eTIu/k6EEFDlDbs09DtKcrsT9bmN0XoRxITlXwWTufYqUnmS+YkAuk+ TLCtUin7OdaS2uU6Ata3PLQSeM2ZsUQMmYmHPwB9rmf+q2I005AJ9Q1SPQ2KNg/8xOGxo13S VuaSqYRQdpV93RuCOzg4vuXtR+gP0KQrus/P2ZCEPvU9cXF/2MIhXgOz207lv3iE2zGyNXld /n8spvWk+0bH5Zqd9Wcba/rGcBhmX9NKKDARZqjkv/zVEP1X97w1HsNYeUFNcg2lk9zQKb4v l1jx/Uz8ukzH2QNhU4R39dbF/4AwWuSVkGW6bTxHJqGs6YimbfdQqxTzmqFwz3JP0OtXX5q/ 6D4pHwcmJwEiDNzsBLl6skPSQ0Xyq3pua/qAP8MVm+YxCxJQITqZ8qjDLzoe7s9X6FLLC/DA L9kxl5saVSfDbuI3usH/emdtn0NA9/M7nfgih92zD92sl1yQXHT6BDa8xW1j+RU4P+E0wyd7 zgB2UeYgrp2IIcfG+xX2uFG5MJQ/nYfBoiALb0+dQHNHDtFnNGY3Oe8z1M9c5aDG3/s29QbJ +w7hEKKo9YMAEQEAAYkCJQQYAQgADwUCWj1QMgIbDAUJCZQmAAAKCRBasvrxexcr6qwvD/9b Rek3kfN8Q+jGrKl8qwY8HC5s4mhdDJZI/JP2FImf5J2+d5/e8UJ4fcsT79E0/FqX3Z9wZr6h sofPqLh1/YzDsYkZDHTYSGrlWGP/I5kXwUmFnBZHzM3WGrL3S7ZmCYMdudhykxXXjq7M6Do1 oxM8JofrXGtwBTLv5wfvvygJouVCVe87Ge7mCeY5vey1eUi4zSSF1zPpR6gg64w2g4TXM5qt SwkZVOv1g475LsGlYWRuJV8TA67yp1zJI7HkNqCo8KyHX0DPOh9c+Sd9ZX4aqKfqH9HIpnCL AYEgj7vofeix7gM3kQQmwynqq32bQGQBrKJEYp2vfeO30VsVx4dzuuiC5lyjUccVmw5D72J0 FlGrfEm0kw6D1qwyBg0SAMqamKN6XDdjhNAtXIaoA2UMZK/vZGGUKbqTgDdk0fnzOyb2zvXK CiPFKqIPAqKaDHg0JHdGI3KpQdRNLLzgx083EqEc6IAwWA6jSz+6lZDV6XDgF0lYqAYIkg3+ 6OUXUv6plMlwSHquiOc/MQXHfgUP5//Ra5JuiuyCj954FD+MBKIj8eWROfnzyEnBplVHGSDI ZLzL3pvV14dcsoajdeIH45i8DxnVm64BvEFHtLNlnliMrLOrk4shfmWyUqNlzilXN2BTFVFH 4MrnagFdcFnWYp1JPh96ZKjiqBwMv/H0kw== Message-ID: <2feb1778-7770-8a09-2066-a84663ff6b2e@cs.tcd.ie> Date: Mon, 9 Dec 2019 02:03:54 +0000 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.2.1 MIME-Version: 1.0 In-Reply-To: Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="QYtpBHxdb0NX2jxRAFgZdJRUsluYihY4b" Archived-At: Subject: Re: [Secdispatch] [EXTERNAL]Re: Clarification Question for the Comment from Eric Rescorla ( X-BeenThere: secdispatch@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Dispatch List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 09 Dec 2019 02:04:03 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --QYtpBHxdb0NX2jxRAFgZdJRUsluYihY4b Content-Type: multipart/mixed; boundary="Y5EjCAKV9P3QuDRIpPcHgJKB9H4Y7xeIQ"; protected-headers="v1" From: Stephen Farrell To: Mike Ounsworth , Eric Rescorla , "Dr. Pala" Cc: IETF SecDispatch Message-ID: <2feb1778-7770-8a09-2066-a84663ff6b2e@cs.tcd.ie> Subject: Re: [EXTERNAL]Re: [Secdispatch] Clarification Question for the Comment from Eric Rescorla ( References: <12eed4ff-edd2-7f70-9460-fc86dcbab927@openca.org> <7999ebac-c9c1-eb4f-d9f7-2ba814a3b331@cs.tcd.ie> <78997490-c5ae-c856-6e26-0f79c7733ca3@openca.org> In-Reply-To: --Y5EjCAKV9P3QuDRIpPcHgJKB9H4Y7xeIQ Content-Type: multipart/mixed; boundary="------------C758AD9A903D0B8FCA8978A8" Content-Language: en-US This is a multi-part message in MIME format. --------------C758AD9A903D0B8FCA8978A8 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Hiya, Cutting to the nub of my concern... On 09/12/2019 01:46, Mike Ounsworth wrote: > I hope that doesn=E2=80=99t preclude a push for a more immediate soluti= on. ISTM the "push" is less for a solution than for understandably attempting to corner a market. I don't think such attempts are "bad" things, but I do think following 'em is more likely unwise. Sorry if I've missed it, but who do we have that is calling for a post-quantum PKI solution to be developed now, but who is not promoting one such? Thanks, S. --------------C758AD9A903D0B8FCA8978A8 Content-Type: application/pgp-keys; name="0x5AB2FAF17B172BEA.asc" Content-Transfer-Encoding: quoted-printable Content-Disposition: attachment; filename="0x5AB2FAF17B172BEA.asc" -----BEGIN PGP PUBLIC KEY BLOCK----- mQINBFo9UDIBEADUH4ZPcUnX5WWRWO4kEkHea5Y5eEvZjSwe/YA+G0nrTuOU9nem CP5PMvmh5Cg8gBTyWyN4Z2+O25p9Tja5zUb+vPMWYvOtokRrp46yhFZOmiS5b6kT q0IqYzsEv5HI58S+QtaFq978CRa4xH9Gi9u4yzUmT03QNIGDXE37honcAM4MOEtE gvw4fVhVWJuyy3w//0F2tzKrEMjmL5VGuD/Q9+G/7abuXiYNNd9ZFjv4625AUWwy +pAh4EKzS1FE7BOZp9daMu9MUQmDqtZUbUv0Q+DnQAB/4tNncejJPz0p2z3MWCp5 iSwHiQvytYgatMp34a50l6CWqa13n6vY8VcPlIqOVz+7L+WiVfxLbeVqBwV+4uL9 to9zLF9IyUvl94lCxpscR2kgRgpM6A5LylRDkR6E0oudFnJgb097ZaNyuY1ETghV B5Uir1GCYChs8NUNumTHXiOkuzk+Gs4DAHx/a78YxBolKHi+esLH8r2k4LyM2lp5 FmBKjG7cGcpBGmWavACYEa7rwAadg4uBx9SHMV5i33vDXQUZcmW0vslQ2Is02NMK 7uB7E7HlVE1IM1zNkVTYYGkKreU8DVQu8qNOtPVE/CdaCJ/pbXoYeHz2B1Nvbl9t lyWxn5XiHzFPJleXc0ksb9SkJokAfwTSZzTxeQPER8la5lsEEPbU/cDTcwARAQAB tCFTdGVwaGVuIEZhcnJlbGwgPHN0ZXBoZW5AamVsbC5pZT6JAj0EEwEIACcFAlo9 UYwCGwMFCQmUJgAFCwkIBwIGFQgJCgsCBBYCAwECHgECF4AACgkQWrL68XsXK+qG CxAApYHWYgGOIL3G6/OpkejdAkQoCVQAK8LJUSf6vzwost4iVfxIKcKW/3RqKNKk rRl8beJ7j1CWXAz9+VXAOsE9+zNxXIDgGA7HlvJnhffl+qwibVgiHgUcJFhCSbBr sjC+1uULaTU8zYEyET//GOGPLF+X+degkE/sesh4zcEAjF7fGPnlncdCCH3tvPZZ sdTcjwOCRVonKsDgQzBTCMz/RPBfEFX44HZx4g1UQAcCA4xlucY8QkJEyCrSNGpG nvGK8DcGSmnstl1/a9fnlhpdFxieX3oY2phJ1WKkYTn6Advrek3UP71CKxpgtPmk d3iUUz/VZa0Cv6YxQXskspRDVEvdCMYSQBtJPQ4y2+5UxVR9GIQXenwYp9AP2niv Voh+ITsDWWeWnnvYMq07rSDjq0nGdj41MJkNX+Yb2PXVyXItcj5ybE3T2+y3pSBG FEZYJGuaL4NwtBJFMOdOtBmUOPbetS2971EL3Izxb7ibOZWDwexv+8R6SWYfP1wV N3p46RyBQuXqJV8ccE11m6vtZTGSYgnLUUFZMRQYH+0hwuYe0T3AA18xDdSYsa8v ovCCd3l5S4UNzIM2PMChqGrEzKapUpZg7+8ACcxRU3b9Ihd7WYjJ+pQPCoWYKozv tEvenbNpE/govO/ED3B14e+R2yevRPjRrsN7PJzSf15fQLuJARwEEAEIAAYFAlo9 UqAACgkQLzyHNoBfjaLrSwf+MIHbFRQ4O5cmLYR5sIByWelN3SuRN/gW8rpKo9Ok Cz6An8uV/iCXy5tNMLzzi0BFl8f22DwBcC5qy9qnlIAdogWam1qWoTAoAD8veEqm uKhYrqJsCcAyNrKYmK0hP3rpHxx1LySDmKYXmw/8qtBXKHTouMm+5tSsznhykRMT AAr2p7PSaHgo+hIVaW/rKSspHjDhhZS+G9mtOZad1IH29M6G1Q1NCO0Ywe8krKLQ IAQlFxtgvOqpPOZNzeKBa/+KbE8TGgMWrkOhC8OeEM5PVzdDhlhD9kPzB/pCKDF5 DofJ/ZRqnDpbKPQ0bsW38AOig3kOc0A27awiBEw3urqR1YkCMwQQAQgAHRYhBH4X CgRchM9GDit5oBDvedn9g1MSBQJbtyScAAoJEBDvedn9g1MSI/oP/0A9J9nrnBMq Zpm857lfYWw+rshLK+tyeP4OQeOqnDFvs9jePpcyJLG3DF2r6VbVKPQq+AE6Uf5h cJBDEN6BjEhRPSbLcqG3A1cz/nNwm8rPmNp+oKhmaBBQGxwciMLmzgynsDydnjPp MyEs04zvsbsl4vrp2095o105l8KcrrxQrioFjbwveGwHQK9bxJKhx9D+gIk+MouB ur45UDKTZkMZrr9FGrtkyXCGAxvKdcNC5Oa8z9sj1rcUJfG/OpVAMWhArdlZbFUQ yoX6pU2Zb1CR2qpWAVerGSfBhmfCyStjARqaKxlftjO+Bj3Jj73Cr5eqej3qB5+V 4BCsPjr4RLvVbYUCPsRdxWc+nBLlfVYkRURu21g1hFm5KFPjgUkyo1s4vjUOY8Dy I+xLGF7f/IhUBG6l+Vswhpwu7ydalZkeFiPx5xna5NfbEYxvsIf71DvipGvIOaHv X4egWoFgm8n/9c3rcMxJtpwHPSsUt5dgLsyu6VE0IbvOAc3dN7CWJ355DVFJq9Zg 2YVf0izSpyyzJeGsgkfjW6xpmdvZxuT2UcN4BTcm6vYqueASGrb3lfhzC5gpeVsc /MoSjTS65vNWbpzONZWMZuLEFraxWJzC0JrDK3NCd0VN3kstqGkVbUIiYOnUm8Vu 4zoVMLlGWzHLIGoPRG2nRezn1YyNfyb5iQGcBBABCgAGBQJbxcflAAoJEGo7ETk8 pK1gE7QL/ApC5P68W5DrI1787WJVZv1u4t/g39vTr7Xer3UMTVQg10vpa7pmqOGh jIDzDMg3Pe3K3M7fVzfAlUA1qw6ne4RCueVoRKpubeF4AlYbMr0K6hNCPjt5uAxm bBVuejKTc6pru5rv5gKL0nDbr+Snft5xt7juBLSSimw0/41sZnkjCxo9rF/RA/v6 +uWyK171RKmsEYu8fFtw1eqUNt/Xj792TUixE3pxXheNtQtZGk/9P3W83ChhG4Fh 5EQsn0pIh9wZIAbMRLpgRKyW87fWHZC8/YH8h7afarvn9Thl5pFUldCe22mNJj6K LChn2aEHQd+PdY1GBpZEcmNEUPuovwzatM0h64hCzTm41eDqRfihZVBT7TbfXQnv 8rywa42Mk756RGzzEZcQEhwQXZcMQUfxIQQ2VyJo0zG36VdZTQF7TF/4Lz7/3cJ5 6jOIm+dwPXtu+C2wAQuD4USOLt4JWPYpqzDfHYJIND/497P9Z9SuQeahr2ez3DRB g3qsHEjBV7QyU3RlcGhlbiBGYXJyZWxsICgyMDE3KSA8c3RlcGhlbi5mYXJyZWxs QGNzLnRjZC5pZT6JAkAEEwEIACoCGwMFCQmUJgAFCwkIBwIGFQgJCgsCBBYCAwEC HgECF4AFAlo+o3cCGQEACgkQWrL68XsXK+qO0A//ZsfQzyXrZlu/eEV5jU620yeO M3P7SW3C3UQYdCgZ/TlvxGgKow5oDSXgjMiUyq9csGqbPBxlDYSxFZHNeDVKYIuP 2ZK24tw5k6duTh4+sFwUualTMlcp0zBCIzn3hRcsRvuPKHfl5+6oOi0+xqx3jX/s /69L/fvHmdSKet5LIUAxoYaZkTCruFrPWb01tgAl5JExWkhmCY98iD+EeiIMAWBj Mw1xV+p0uCwNbN6XDzcToK7wsm+tAIiWUy3DpP60a6WbVwdV0HNt2WZq5U5Jdh2k 4S+sN2CnYk4tTW7jHjsWarV3FLISCOObADZuB7ljU4kYfdwZ+WzenXY4LGlxGQSl AblGjwZe4EIkCXAJUtzJhoFUuGaF/PlWjxqV3UFRcgTERZTijguVyREre8GNERNg vDxZvuXssEjvz9X5JfcIZDIJpdzhLiEIj9noUbfx1SzB5KDPQj0O7elMHa1671/r wWcpGr/MfVPTOik4H7F8rcVJelceZTzC4tvya7M+jM4fyFWWt8Y4atTixUiP7U9o 4uBZCQ0GzvsmFA4XLqn2pA5rVizMXnGbGOjufAP/efEJ4ul3qvjYe8ye8DXEDjKA xo/tuHYtk19XCi83QzFhWls5TT+XQeVTMEvVqo9Wek8yoxo67qvLKKqIcG9givQd 8MxYNAbNYgSPtkbhZ8SJARwEEAEIAAYFAlo9UqAACgkQLzyHNoBfjaLzHAgAlWT6 NXEGtw/r1miKNGcopzvzILQ9oB8rKI9U9EL6tOf/y2V5oYee/GyQDb3ZdoPxxYYc Jf+RyiH1nMoqUIZiZJaf3bJXinDZ5+AdfE++UR2NBvqaNyC6u3r24jo1B/sagKbY tWgsYtRqHLD4IWi37MZrVyjBuF7u14Q07+uhjq6mX2O/tHpCYw/Q82tbeTRPyUf1 WQOAfD1kfBpW9PvAva5Iw9FWeXpCXRzwxnCZhYfGfqtuSw6CPBYLdbikqML6FZ7E DuTBb/8um1wK7Y9bgeIQC+CYjhYB5RXa1tDJRab2Js4luCvSR0w/CgHw26293tlv e2Q6UTrmHxP5U22DlokCPQQTAQgAJwUCWj1QMgIbAwUJCZQmAAULCQgHAgYVCAkK CwIEFgIDAQIeAQIXgAAKCRBasvrxexcr6tJpD/4rrILH+meP07vrx8wW5eYuqCiP GYnh/CXxIF8eLrfbe5d4QRgtq+w6UeQPMyzKRIRiCoBXB2oJLBZHyxBPxZlg33dT MrEGn8QWKx2iNuz9rZMXyOSWFetuO01d/aUPd5BnbLbIyK5of8xCQlXM6KH8bc+9 gQ7edR9mfLTdvBf2FR522hg8BRBM1imKc3vO8v39+qIHHRjuiwxBBCAOhHtHRsZX ripS0uFA07dM46Oi/E8osjx6fQt/lH5z/PN+2adxYSrLSAXfr1oD3RxYNhuWgyGF L64/VCQb1YGjf0Z5MBPnWm9jgUoOY5K9eNSS0L83WeJjlF5+Q/WOgB+rb49Prm2D Feo9+S9f2V53Llz1WIspXJg6f+n9lmHE94MfQj1GAHCzI0FeL19lvM+LhD8jJSCb hrC3+yobyy/AUOs5Z3E+njjX1FF/VCVAs6iOa6i+XG+Y1hh3ir2y1kckJ5auT10M SU8GEZu9ayU4M3o3N9yxOjaoP0NuQ4MMLL/n/u4u94AeZaHPNBXn/hVfVRRmpRXt GKvJtFAEppGEYezB+bLKIm6XlpPkhnwYzleLZ7AMEco2C6QM8QPB3g3JpS3sqRhA 5rEP4lL16BmijmF+CHoPE/zwgKZbKpyVDqvIW5IDgvfIC2X4pbZDRvGIUKaGSB4+ ksZgUUnNyvfQr2p7jokCMwQQAQgAHRYhBH4XCgRchM9GDit5oBDvedn9g1MSBQJb tySbAAoJEBDvedn9g1MSeKkQAJm44jt1kwHgQgeDBKdjdvl0AjE0xVEQxriZ6lP/ l//34YT0auFfzsYIrChSpQXAEtobBAr4Ohw1Us+BZe+H5P8vm6LRuPwozC3SjwfX 4Iec8+9ot6tIVg4sbedDSgb/CCFVjsmIGcQ1P73JLJTBJ6mxYCV/gn3QC6bwDOFo 7kD9FDHCjRN8XfhHQ4Q9cYyt06uF31qG/aumgWYC9geCGgAwiHgwxNYb9GoJ0iZj CROwbYvLTcQgsVUW2bTmsVR13UVKDsdl02sRV7qcVYW6R0a3Ra8KudX+nt25H5DR Gd382KZ5W8pydsy/viTvD9z6v0ulChBYxAedIvGIClrhbxlLEPmIg4ImVOLGqsUg Vm32J95WOjEkk4PEZ12xSDBtwhSJqmJNboWlfmw43KdIbY8zNhffIO3N6O7FsdGx mqyHeLoTpqY+ySVUPpbuyW8ujnI/J//+6hdTZ9dQsEJQlWngKuWOQ5ma58MPSN88 zllsqhZAFQjNxqnkSzL6ZQ+v/jvuRRe16B80AeO55DsmbWsMv/YLLD1mSi7+Khy2 EtMBhgojWwrGMvdLN6X3mnzNJEscYyLxM9tSk+iySP2sLthK0BVgpAzBSdaf/ezI z60P+neHDzteNFf8Mn7lmgYk1amvZoJ29s5+n2HwxyRL5dVMyMdyQmntubbctfqr Z0tIiQGcBBABCgAGBQJbxcflAAoJEGo7ETk8pK1gnCYMAJY4FeIYjlIXGghFWzsB 4fYwK1+iaFpU3fSto5qcrqVtVPjXpwqczqBWeXGyQxiB0kan4OVAXydIeaP8EAuF CA7paP3s9STLJBO3KurkwyRkPW5zo0X7xVqaVToRsX2Ul98KVJoHYQD1KdezEtwl vpNwiiBr42AYR751Vm6JBVAbQXuFpB3c8bUV0OkkRxNFtL8/2PieHar58n5dntGk bPlPkztahsFqktgacIgXHX5vaT+7YeeZ1DWLOYjGO0wNhkOSeroCmxwJUikU7joB p823L7r5KfpqWTPpSCzVstQKZUGmmoE1qCswY/Ud5wvp9SccpIILkRXj0rZRtfnE 5MpL3hjmtNzfDd9qIsJtBJlSB2hZwAsVm1l+EWN9hG3tqyA43niUMy2n6q690of3 berSiQ+kvY/aC9Hx8I+bKzOV9/J2VUTqfaPZa4Uy2rVX5Q2p69n/PMj7mEer0rCL 3j9V16J9c+s0BSkXoKdtYdB0TWVhBgUybd9qtYcwHWvhP7QuU3RlcGhlbiBGYXJy ZWxsIDxzdGVwaGVuQHRvbGVyYW50bmV0d29ya3MuY29tPokCPQQTAQgAJwUCWj1R WgIbAwUJCZQmAAULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgAAKCRBasvrxexcr6jsc EADEcB0WQEZn2AkrzDs1RhL0Lp6cZi0BigofkbcGfdhJyMSs19C0dhvncrAFClVI 6/Udw3yFtDyYtOCf2W3M3A1K6/RfEizCLzTsdFIhni9gOJLlUpXViQtgrlstjk7h qVV3Ooz4BlCqS4cG7rfqf4LQQPpTAuFUEV9I28FBUB2irqC+v4gTysIgpMw0bA1y BU9sX5jE/tRkzqnuzZrkwiobDtRFJ9qp+7O2JtcY4EsVtLAsaodJKc5cF8R4OvB1 n66vxxcgg9Eh4JNWZ47xsaCmAGo1Bcb2jIY35OtgAL7gCGLRSMKTtAaPy1/fEgIq hCljJ9x40Fkn/3r2BX21WC9HFSPFTBz2RluLRzxdgxOrkYK8EiHUPoE5b1AEzZKw 2AbeXfr57f5zYsN3IqfbQLUjMYtUN1wK3Pjb+idD972wyXMWt8uOzlI7b9Ocu+nY m2whBfJv9Pmp3QYTmPz+LB9lH65VNVUSxSXVr5iWXO3qx1HtEiGEqkporMQCTh3T 5Ud3PvMSRBFFKNs9WhJ/Lxz+SV30WLwG6dr5mQqlzAhb4Phc/zekZyXRdS/oDKrB LUucS36O//49JeyRi1QvOfxnfmIqRIAf/k3PoYJmTo5E82//r5Qj3YGlRu78ba0H Arxs+ACD6AnEHHcbswpbtVEKYzlSu0Ar0Dc7vRWM/IyQdIkBHAQQAQgABgUCWj1S oAAKCRAvPIc2gF+NosIsB/9f/29FNla3BJfGIEIDnhrqGD0i9bSa89SqBd++uG06 TQgW5wsqtNcrwn81yZTq6XE6i9VtD4GKfqC0d4KZJr9bnbeD81cI64VOdL8zJWJs 0vj5EIXCobKyX74Kb4uePUyZqwT2Q74I116u/HwA9/FXsPo5isbh4ZqD4t0VHpWk mfq1FPT9a/JPyX46qKqB2Fce/7Qy+SQP1NfkuUlbhUH/JG9aSSYvk3lznNiH41x9 M+FDlL106itXOubrl3oi2fT3fsSedq7uzt+IV0DQEeNaoQAUuwEhdB8IWOMqN2wo DjGVKJftfsSWY9ilZrnDBNDrp0vRqcx33LUMkIw4d7iBiQIzBBABCAAdFiEEfhcK BFyEz0YOK3mgEO952f2DUxIFAlu3JJwACgkQEO952f2DUxJjuw/6ApHSsVTWD4a0 H6FJ23A9Ftpy+aXZ4vYlzkSrfsn2ECrEfK3lXQh/uzwjJUDYZeB1/BQsFZtcYNQO JSSHbQ49BFRLwb1J/wBZG4bbmrkLxnNbKDKQvzxEpclkMW0Dj0J6o7kGrmzIGGrh B+JJN99AcineHRug8ZSFIERRCmigxdhAKU0BFD7P+5HNHltSL3DF1c2fFOf2JrgB KVoE+9RhMZjWNbYetFFLCkjXb5Rpay9zeMm1DxfSTGAnuOwUXW6qq4hnl5+VC/48 ceDZElLLfu7RQUZv44pkSTOWZs+iQoJiHMFHk9wPqyB2Vok1yJ2a2j27WhXrJlPw nZbgJO5RyWDG3p/eVmpl5Uuc2dsfIpR17KnAuWpghK6V+cyFncDoGCl/YG2Mvool sW08FiZh3Ej4dnJjj25TZkeFG74JJDXLvMYpJfSBGnmETv4Dhcm2xPqVMuFuL1qJ lMbVLrMo2GXeo03OzNyvbs+u8WLIaGm5hC7N1CXY8wZs4jo6OJ/expvnc07dEuws 4zT3AiWv3nIouWReRStZy9QkavDocqbyPmilcdPCYk4BsOlzpwwO74hNG7iyl0Kd AlwTxGQ7y0rJou6HYa1TmRhIEr3vKvlW+JfUUrqtjXgsuacTXo4+Ira2JUErL2cY zQMq1j4r1ZyhFnuz93s7Rsx/Nw0+0YuJAZwEEAEKAAYFAlvFx+UACgkQajsROTyk rWCJqwv+NLVPE4sD4sDA2/6Ek7UsRIUkg+S39fhqWsLc4rtw/mDunv8Un61I3K04 fZ2Ry4nF9hZM0a710UvXFbStvrzRJO3EAAcdJR9LTCd19e8UeruQbIee3YT91U4N kC9JMpecfq62/teOAU2e5P3fWYaLs5ZX7zCLwWuBcW2l3SyoljQczM85HhJ3XHm+ FnwQ6D9xRle+lvWTcuC9d1yAyUb8IOospcL2lJTmy8e3r79R24hPlSB4LDe0wEN8 AXbagrcAQZjwyaHyWxjJbTwZ0b43WGdfIqZ1ElOeoffbketPGRmWvx5xUvb2ALFB BdETzV270gs5XDJgJ1SIIKOyDADxwvroTe2jD8C/841eEql5QSow3s/U3zRqk3mt tto8Qw/DN71aeh6dmYSsvd2UjsHw/vofOPRBGxZLEkKTEvMnhmMW9hiKPkPia+Qg evYE020qpKSxLEdWA8nprHwxmGiDNesCfXSC6vm1qfyj5g8HzxSckq9ZaMhKMCo7 vxflUEDuuQINBFo9UDIBEAD6DdHQfMav8OXfhjTteoarOrlJTSdci727xiezGPuB HmpvceBRZgRasdbaMc4HJee+R9+5x/nLPCuy/DxDyIjwIUeJNgc+l7LjI9WfpHTD 8U4xxjvR5Mi7+ToQQUOUNuzT0O0pyuxP1uY3RehHEhOVfBZO59ipSeZL5iQC6T5M sK1SKfs51pLa5ToC1rc8tBJ4zZmxRAyZiYc/AH2uZ/6rYjTTkAn1DVI9DYo2D/zE 4bGjXdJW5pKphFB2lX3dG4I7ODi+5e1H6A/QpCu6z8/ZkIQ+9T1xcX/YwiFeA7Pb TuW/eITbMbI1eV3+fyym9aT7Rsflmp31Zxtr+sZwGGZf00ooMBFmqOS//NUQ/Vf3 vDUew1h5QU1yDaWT3NApvi+XWPH9TPy6TMfZA2FThHf11sX/gDBa5JWQZbptPEcm oazpiKZt91CrFPOaoXDPck/Q61dfmr/oPikfByYnASIM3OwEuXqyQ9JDRfKrem5r +oA/wxWb5jELElAhOpnyqMMvOh7uz1foUssL8MAv2TGXmxpVJ8Nu4je6wf96Z22f Q0D38zud+CKH3bMP3ayXXJBcdPoENrzFbWP5FTg/4TTDJ3vOAHZR5iCunYghx8b7 Ffa4UbkwlD+dh8GiIAtvT51Ac0cO0Wc0Zjc57zPUz1zloMbf+zb1Bsn7DuEQoqj1 gwARAQABiQIlBBgBCAAPBQJaPVAyAhsMBQkJlCYAAAoJEFqy+vF7FyvqrC8P/1tF 6TeR83xD6MasqXyrBjwcLmziaF0Mlkj8k/YUiZ/knb53n97xQnh9yxPv0TT8Wpfd n3BmvqGyh8+ouHX9jMOxiRkMdNhIauVYY/8jmRfBSYWcFkfMzdYasvdLtmYJgx25 2HKTFdeOrszoOjWjEzwmh+tca3AFMu/nB++/KAmi5UJV7zsZ7uYJ5jm97LV5SLjN JIXXM+lHqCDrjDaDhNczmq1LCRlU6/WDjvkuwaVhZG4lXxMDrvKnXMkjseQ2oKjw rIdfQM86H1z5J31lfhqop+of0cimcIsBgSCPu+h96LHuAzeRBCbDKeqrfZtAZAGs okRina9947fRWxXHh3O66ILmXKNRxxWbDkPvYnQWUat8SbSTDoPWrDIGDRIAypqY o3pcN2OE0C1chqgDZQxkr+9kYZQpupOAN2TR+fM7JvbO9coKI8Uqog8CopoMeDQk d0YjcqlB1E0svODHTzcSoRzogDBYDqNLP7qVkNXpcOAXSVioBgiSDf7o5RdS/qmU yXBIeq6I5z8xBcd+BQ/n/9Frkm6K7IKP3ngUP4wEoiPx5ZE5+fPIScGmVUcZIMhk vMvem9XXh1yyhqN14gfjmLwPGdWbrgG8QUe0s2WeWIyss6uTiyF+ZbJSo2XOKVc3 YFMVUUfgyudqAV1wWdZinUk+H3pkqOKoHAy/8fST =3DYzQY -----END PGP PUBLIC KEY BLOCK----- --------------C758AD9A903D0B8FCA8978A8-- --Y5EjCAKV9P3QuDRIpPcHgJKB9H4Y7xeIQ-- --QYtpBHxdb0NX2jxRAFgZdJRUsluYihY4b Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEW7Wm6ldl0sWGPK4nWrL68XsXK+oFAl3tq4oACgkQWrL68XsX K+pVchAAmFt85gL7ENxhAfQGO18dEEzhg8FpMY/koF+jTLw4SuLf1QlP4wMsAzfe xLsc9AcBGDqLOF1SEjFK0nQehf7qNzNqdY3nMcaEZTNM0aLjvCdeh/fCXNLopAlA 9ZJW8y2FT5cXq8DT83vF39IgroZHfh7T/HyLVfZVNcVY4cFVULYuBI7c0axfdcs0 pgRhsuTanJ/gEwwL0EmeApHDHxxSbzArkBNYGrOL9kZW3xbhTTA2oRUq80Flyfka 6qJkr+hXLd5TlXvYF5RcUPPrQ6tVNBKnEA+DEkgpebSkfPHHX9QjNCIJtufq9VOd CIDR1IONfvaHUCZvaVMSNX7aNpkmqGWcl6TKyfFmjhYECk/i1iewfSbWiFl3TFbb 1CTqdw2SrtKGCkzOTdkuzYlMiCafduAZgUoDSh7MiXpCPX/csTXke9R3g1nHtkc3 somHxQBkBhwsIAO5qCipZY8sOwkyJYgyxFMKdxkbhvsgLULwvG5oHhaiY/FtRNwK ysQsDEUzu+X7hLa9dUeiumygCyMCZegpamHO2jzzZTI0Bm+/1KgCH4ppRMTiUei1 cEfH2S3is4rU9ZbiZPodEXh3iz4kZhL+hHDaAF3H0bac4m3isSJPIcoKnlawBkhI I+OArThe7SH0A18Gf6et2VMsO9YjVHHf4bJdnbMcQwswuJ8lm2w= =Ja0L -----END PGP SIGNATURE----- --QYtpBHxdb0NX2jxRAFgZdJRUsluYihY4b-- From nobody Sun Dec 8 23:12:54 2019 Return-Path: X-Original-To: secdispatch@ietfa.amsl.com Delivered-To: secdispatch@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 969DC1200FF for ; Sun, 8 Dec 2019 23:12:53 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.2 X-Spam-Level: X-Spam-Status: No, score=-4.2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8bQ3wJj5CnL4 for ; Sun, 8 Dec 2019 23:12:52 -0800 (PST) Received: from outgoing.mit.edu (outgoing-auth-1.mit.edu [18.9.28.11]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 022D5120033 for ; Sun, 8 Dec 2019 23:12:51 -0800 (PST) Received: from kduck.mit.edu ([24.16.140.251]) (authenticated bits=56) (User authenticated as kaduk@ATHENA.MIT.EDU) by outgoing.mit.edu (8.14.7/8.12.4) with ESMTP id xB97CkD3004956 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 9 Dec 2019 02:12:48 -0500 Date: Sun, 8 Dec 2019 23:12:45 -0800 From: Benjamin Kaduk To: Mike Ounsworth Cc: "secdispatch@ietf.org" Message-ID: <20191209071245.GC13890@kduck.mit.edu> References: <84C6334F-BDB3-40F1-AEB1-6F4B4B4C06C5@ericsson.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: User-Agent: Mutt/1.12.1 (2019-06-15) Archived-At: Subject: Re: [Secdispatch] Problem statement for post-quantum multi-algorithm PKI X-BeenThere: secdispatch@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Dispatch List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 09 Dec 2019 07:12:53 -0000 On Wed, Dec 04, 2019 at 11:35:51PM +0000, Mike Ounsworth wrote: > As an author of a couple of the “hybrid” certificate drafts you mention, I can maybe add some context. > > In the X.509 certificate space, we had been using the word “hybrid certificate” to refer to draft-truskovsky-lamps-pq-hybrid-x509. Since this is A) IP owned by ISARA, and B) ISARA has now branded this as an ISARA Catalyst Agile Digital Certificate, maybe that solves the problem of term-overloading. > https://www.isara.com/catalyst/ > > We have been using the term “composite certificate / signature” to refer to draft-ounsworth-pq-composite-sigs. If “composite” is going to become the most generic umbrella term, then perhaps we need to think of a new name to attach to this draft? Is this not just the instantiation of the generic "composite certificate/signature" for X.509 usage? If so, then there is not much of a naming conflict, to me. -Ben From nobody Thu Dec 12 08:33:10 2019 Return-Path: X-Original-To: secdispatch@ietfa.amsl.com Delivered-To: secdispatch@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AFD93120939 for ; Thu, 12 Dec 2019 08:33:08 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -14.5 X-Spam-Level: X-Spam-Status: No, score=-14.5 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=VIM9vbqX; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=vChzxuaD Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yw6EWv6ZVFbs for ; Thu, 12 Dec 2019 08:33:06 -0800 (PST) Received: from alln-iport-4.cisco.com (alln-iport-4.cisco.com [173.37.142.91]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E79BD120826 for ; Thu, 12 Dec 2019 08:32:43 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=2386; q=dns/txt; s=iport; t=1576168363; x=1577377963; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=gbx6i9Q51MW438OZV4FpI41QGmBDl8GrEqg2BQp2daY=; b=VIM9vbqXap14YcoFbH+62BsDVV7MBWIX6+VqxOl2xC/DGO6O+eoyKJRZ 9DxGhuzaiCeyASGE01kJ9d6pUEn/29q9jPLx0K0fdoBs4O/vmbWtiJK/y 0mDp7+h4sO46nlu+vHa8VCHldBFh017quvhHfuBVwj+Jfa6liyWGl/MJs E=; IronPort-PHdr: =?us-ascii?q?9a23=3ANA0WwhORhp46o/eOJrAl6mtXPHoupqn0MwgJ65?= =?us-ascii?q?Eul7NJdOG58o//OFDEu6w/l0fHCIPc7f8My/HbtaztQyQh2d6AqzhDFf4ETB?= =?us-ascii?q?oZkYMTlg0kDtSCDBjjL/fvdyU8FexJVURu+DewNk0GUMs=3D?= X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0DDCAAPa/Jd/4UNJK1lHgELHIFzC4F?= =?us-ascii?q?LJAUnBYFEIAQLKgqDeYNGA4sKgl+YBoJSA1QJAQEBDAEBLQIBAYRAAheBcyQ?= =?us-ascii?q?3Bg4CAw0BAQQBAQECAQUEbYU3DIVeAQEBAQIBEgsGEQwBATcBBAcEAgEIEQQ?= =?us-ascii?q?BAQECAiYCAgIwFQgIAgQOBQgTB4VHAw4gAQKjRgKBOIhhdYEygn4BAQWFBxi?= =?us-ascii?q?CFwmBDiiMGBqBQT+BEUeCTD6ESwUQI4JWMoIsjU0gA4I+nkUKgjCWFJpBqQg?= =?us-ascii?q?CBAIEBQIOAQEFgWgjKoEucBWDJ1ARFJAgOG8BAYJKilN0gSiNYAGBDwEB?= X-IronPort-AV: E=Sophos;i="5.69,306,1571702400"; d="scan'208";a="381676722" Received: from alln-core-11.cisco.com ([173.36.13.133]) by alln-iport-4.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 12 Dec 2019 16:32:43 +0000 Received: from XCH-RCD-009.cisco.com (xch-rcd-009.cisco.com [173.37.102.19]) by alln-core-11.cisco.com (8.15.2/8.15.2) with ESMTPS id xBCGWgVd002291 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Thu, 12 Dec 2019 16:32:42 GMT Received: from xhs-aln-003.cisco.com (173.37.135.120) by XCH-RCD-009.cisco.com (173.37.102.19) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Thu, 12 Dec 2019 10:32:42 -0600 Received: from xhs-rtp-003.cisco.com (64.101.210.230) by xhs-aln-003.cisco.com (173.37.135.120) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Thu, 12 Dec 2019 10:32:41 -0600 Received: from NAM11-BN8-obe.outbound.protection.outlook.com (64.101.32.56) by xhs-rtp-003.cisco.com (64.101.210.230) with Microsoft SMTP Server (TLS) id 15.0.1473.3 via Frontend Transport; Thu, 12 Dec 2019 11:32:41 -0500 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=aXORRDWc+692k8Q9r9dQ+yJtbL6IXKAlrj/YlD4m3yhXXFSUUfYHlWNTSXlhCrioszDCfCMaMRPSQ8+H1n5s/vYcKmTJkm4UeBqWgD0UzWGr3MOJMNJDwERcuFwy8l0RvX/3rLTepMQPQIyfn+6+xrsNK04fHQtVVS/5Q+LL/l6Bdzk2XTWbxX8SUK0ADiU9KOmixPDGeZNi/jVIQGoOSCUJvp20gXTCPpHk4qCFawjL/1E1dSI35N3v3fVq7FIAhhmPNUatK2QqBInve+y/Q/8aStAmspGusLHUh/urJaPtr1e/ZNwelrxVhRkNe4g0B6ZTU5lrYw09Ty2MabIMTA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=gbx6i9Q51MW438OZV4FpI41QGmBDl8GrEqg2BQp2daY=; b=FtEgsw/mBeK8wVOqasSqI4/Uc0SMYRVUbvZdZ+5V4OEaXhQzbJNxUMRzww6UmL24L7gV6UvKEeHACMJxxGhA/5cZANgKVHjlTxvvt20rBUb44y80F1EQ2AKjtIyvkR3Lub+CDu7H3cZR++zbr/m5LbQRyHBtxMW7TnanjITKVcrRta8ImSC1Pjo39XN8p6Abb/8PBPpcixUOQwObcjyCnUEvyJQBR0vaalejZJaGAXyvHds1qw/6avIPPejXqUdIqPaOSFRHDzAvX7RPPKS+G9R51ZkjlOj8U0O+MXCQ/PVgI6VtdLbFf245paSNZdkvdBNfXF5Rzn16H0Zg9T+Yuw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=gbx6i9Q51MW438OZV4FpI41QGmBDl8GrEqg2BQp2daY=; b=vChzxuaD2Og5//dFg4rWjBH5zhlq4sjqHafzHtGhmHAiUHYPYH/sTFRgFvHl4nb9zeHALriePR6iSLNLX4AIpQfWXCa2R439HvHsBeTLM56RJYtykycMGV4bKj7NArcw0JCtc0LecbCgTmbsuQLHYrJmIVViuEvxA1RDvSqyH0U= Received: from BN7PR11MB2547.namprd11.prod.outlook.com (52.135.255.146) by BN7PR11MB2867.namprd11.prod.outlook.com (52.135.242.159) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2538.17; Thu, 12 Dec 2019 16:32:40 +0000 Received: from BN7PR11MB2547.namprd11.prod.outlook.com ([fe80::5c82:bb6a:d0f0:b802]) by BN7PR11MB2547.namprd11.prod.outlook.com ([fe80::5c82:bb6a:d0f0:b802%6]) with mapi id 15.20.2516.019; Thu, 12 Dec 2019 16:32:40 +0000 From: "Panos Kampanakis (pkampana)" To: Stephen Farrell CC: IETF SecDispatch Thread-Topic: [Secdispatch] [EXTERNAL]Re: Clarification Question for the Comment from Eric Rescorla ( Thread-Index: AQHVrjKMrM9madKCMEWb+FBPgD9H8KexDWsAgAFDtLA= Date: Thu, 12 Dec 2019 16:32:40 +0000 Message-ID: References: <12eed4ff-edd2-7f70-9460-fc86dcbab927@openca.org> <7999ebac-c9c1-eb4f-d9f7-2ba814a3b331@cs.tcd.ie> <78997490-c5ae-c856-6e26-0f79c7733ca3@openca.org> <2feb1778-7770-8a09-2066-a84663ff6b2e@cs.tcd.ie> In-Reply-To: <2feb1778-7770-8a09-2066-a84663ff6b2e@cs.tcd.ie> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: spf=none (sender IP is ) smtp.mailfrom=pkampana@cisco.com; x-originating-ip: [173.38.117.68] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 97ed61c1-963e-4e22-afef-08d77f20e80d x-ms-traffictypediagnostic: BN7PR11MB2867: x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:10000; x-forefront-prvs: 0249EFCB0B x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(366004)(376002)(346002)(136003)(39860400002)(396003)(13464003)(189003)(199004)(9686003)(8936002)(33656002)(71200400001)(52536014)(296002)(316002)(55016002)(478600001)(8676002)(5660300002)(6916009)(186003)(64756008)(86362001)(81166006)(81156014)(7696005)(66946007)(66476007)(66556008)(76116006)(53546011)(66446008)(6506007)(26005)(2906002)(4326008); DIR:OUT; SFP:1101; SCL:1; SRVR:BN7PR11MB2867; H:BN7PR11MB2547.namprd11.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1; received-spf: None (protection.outlook.com: cisco.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: p3IbIXtw1MRczGSuknlCItld6RhJlQC5G3ip5a0VOtwvQmQOPATL/UfMjtR0LSZehOUwFy5WHTIrK2RKpe2ZkMsZoePY12+oTLKa04rb0Gnxl4IglFGX9k9qW/x6nwxd3EJChi6BJKWJAxYlthcxBDl0FcAxhV+Ai59kBaQlgibNOXTp1lRQHZLmgp59zkx6H3FZK2DUiWQ5gfsquzC1Z2ZzSXouwnYXFHvH1BsyOlUu5dTsIG7a9eW+moBu2qpukiKcvpG95Qtf/rTTuzNmUN2nmPvRt6sc+KmsNI1Z3w55/rQO7hJLQvQkjMWfdqGYpdiN+cpqlfT2mF70izOQeg4COFvWd/6YrIjmWhGexngVmc7RSIquQnsu2otSoKaRkYA2RPJ1E+3+uqIZX5gi7wuVnZ7dcnuWqMkSAjQyFEy9KVN/TAO0W/h6sE0pbSGSCV8mNiIvxS4BMfH6VcyHOWkWi8ad/G0yidVlfaI+hXsGW406KdPGIpsAuT/U+k7G x-ms-exchange-transport-forked: True Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 MIME-Version: 1.0 X-MS-Exchange-CrossTenant-Network-Message-Id: 97ed61c1-963e-4e22-afef-08d77f20e80d X-MS-Exchange-CrossTenant-originalarrivaltime: 12 Dec 2019 16:32:40.3127 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: dFNqivEhWbK5gv+ufDeI+h5/6pNJAbjuI8DtKDyAP5CJzlmab+cR6GCuqguyLrNYLRNMOAIP1ttFLPoueqvtpA== X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN7PR11MB2867 X-OriginatorOrg: cisco.com X-Outbound-SMTP-Client: 173.37.102.19, xch-rcd-009.cisco.com X-Outbound-Node: alln-core-11.cisco.com Archived-At: Subject: Re: [Secdispatch] [EXTERNAL]Re: Clarification Question for the Comment from Eric Rescorla ( X-BeenThere: secdispatch@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Dispatch List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 12 Dec 2019 16:33:09 -0000 SGksDQoNCj4gU29ycnkgaWYgSSd2ZSBtaXNzZWQgaXQsIGJ1dCB3aG8gZG8gd2UgaGF2ZSB0aGF0 IGlzIGNhbGxpbmcgZm9yIGEgcG9zdC1xdWFudHVtIFBLSSBzb2x1dGlvbiB0byBiZSBkZXZlbG9w ZWQgbm93LCBidXQgd2hvIGlzIG5vdCBwcm9tb3Rpbmcgb25lIHN1Y2g/DQoNCldlIChDaXNjbykg d2lsbCBuZWVkIFBRIFBLSSAobm90IFdlYlBLSSkgc29sdXRpb24gZm9yIGltYWdlIHNpZ25pbmcu IFdoZW4gdGFsa2luZyBhYm91dCBjaGlwcyB0aGF0IGFyZSBkZXNpZ25lZCBub3cgYW5kIHdpbGwg bGl2ZSBpbiB0aGUgZmllbGQgZm9yIGRlY2FkZXMsIHdlIHdvdWxkIGxpa2UgdG8gZGVzaWduIHRv ZGF5IGluc3RlYWQgb2Ygd2FpdCBmb3IgMjAzMC4gTm90ZSB3ZSBhcmUgc3BlbmRpbmcgKG5vdCBt YWtpbmcpIG1vbmV5IG9uIFBLSSwgc28gd2UgYXJlIG5vdCB0cnlpbmcgdG8gY29ybmVyIGEgbWFy a2V0Lg0KDQpJIGhhdmUgdGFsa2VkIHRvIGFub3RoZXIgdmVuZG9yIGludGVyZXN0ZWQgaW4gdGhl bSB0byBzaWduIGl0cyBPUyBidXQgSSB3aWxsIG5vdCBzcGVhayBmb3IgdGhlbS4gSSBoYXZlIGFs c28gdGFsa2VkIHRvIGF0IGxlYXN0IG9uZSBIU00gdmVuZG9yIHRoYXQgaGFzIHNvbWUgY2xpZW50 cyBhc2tpbmcgZm9yIFBRIFBLSSBzdXBwb3J0IHRvIGJlIGFkZGVkIGluIHRoZWlyIEhTTSBidXQg SSB3aWxsIG5vdCBzcGVhayBmb3IgdGhlbSBlaXRoZXIuIEkgZG9uJ3QgdGhpbmsgYW55IG9mIHRo ZXNlIHVzZS1jYXNlcyBhcmUgdHJ5aW5nIHRvIGNvcm5lciBhIG1hcmtldC4NCg0KUGFub3MNCg0K DQotLS0tLU9yaWdpbmFsIE1lc3NhZ2UtLS0tLQ0KRnJvbTogU2VjZGlzcGF0Y2ggPHNlY2Rpc3Bh dGNoLWJvdW5jZXNAaWV0Zi5vcmc+IE9uIEJlaGFsZiBPZiBTdGVwaGVuIEZhcnJlbGwNClNlbnQ6 IFN1bmRheSwgRGVjZW1iZXIgMDgsIDIwMTkgOTowNCBQTQ0KVG86IE1pa2UgT3Vuc3dvcnRoIDxN aWtlLk91bnN3b3J0aEBlbnRydXN0ZGF0YWNhcmQuY29tPjsgRXJpYyBSZXNjb3JsYSA8ZWtyQHJ0 Zm0uY29tPjsgRHIuIFBhbGEgPG1hZHdvbGZAb3BlbmNhLm9yZz4NCkNjOiBJRVRGIFNlY0Rpc3Bh dGNoIDxzZWNkaXNwYXRjaEBpZXRmLm9yZz4NClN1YmplY3Q6IFJlOiBbU2VjZGlzcGF0Y2hdIFtF WFRFUk5BTF1SZTogQ2xhcmlmaWNhdGlvbiBRdWVzdGlvbiBmb3IgdGhlIENvbW1lbnQgZnJvbSBF cmljIFJlc2NvcmxhICgNCg0KDQpIaXlhLA0KDQpDdXR0aW5nIHRvIHRoZSBudWIgb2YgbXkgY29u Y2Vybi4uLg0KDQpPbiAwOS8xMi8yMDE5IDAxOjQ2LCBNaWtlIE91bnN3b3J0aCB3cm90ZToNCj4g SSBob3BlIHRoYXQgZG9lc27igJl0IHByZWNsdWRlIGEgcHVzaCBmb3IgYSBtb3JlIGltbWVkaWF0 ZSBzb2x1dGlvbi4NCg0KSVNUTSB0aGUgInB1c2giIGlzIGxlc3MgZm9yIGEgc29sdXRpb24gdGhh biBmb3IgdW5kZXJzdGFuZGFibHkgYXR0ZW1wdGluZyB0byBjb3JuZXIgYSBtYXJrZXQuIEkgZG9u J3QgdGhpbmsgc3VjaCBhdHRlbXB0cyBhcmUgImJhZCIgdGhpbmdzLCBidXQgSSBkbyB0aGluayBm b2xsb3dpbmcgJ2VtIGlzIG1vcmUgbGlrZWx5IHVud2lzZS4NCg0KU29ycnkgaWYgSSd2ZSBtaXNz ZWQgaXQsIGJ1dCB3aG8gZG8gd2UgaGF2ZSB0aGF0IGlzIGNhbGxpbmcgZm9yIGEgcG9zdC1xdWFu dHVtIFBLSSBzb2x1dGlvbiB0byBiZSBkZXZlbG9wZWQgbm93LCBidXQgd2hvIGlzIG5vdCBwcm9t b3Rpbmcgb25lIHN1Y2g/DQoNClRoYW5rcywNClMuDQo= From nobody Thu Dec 12 08:50:10 2019 Return-Path: X-Original-To: secdispatch@ietfa.amsl.com Delivered-To: secdispatch@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 40941120998 for ; Thu, 12 Dec 2019 08:50:08 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.299 X-Spam-Level: X-Spam-Status: No, score=-4.299 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cs.tcd.ie Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NeCXfwj1aQhk for ; Thu, 12 Dec 2019 08:50:05 -0800 (PST) Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 859F512098F for ; Thu, 12 Dec 2019 08:50:05 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id C3D91BE51; Thu, 12 Dec 2019 16:50:03 +0000 (GMT) Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YeCIwCVIzcTE; Thu, 12 Dec 2019 16:50:03 +0000 (GMT) Received: from [134.226.36.133] (unknown [134.226.36.133]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id 58F09BE4D; Thu, 12 Dec 2019 16:50:03 +0000 (GMT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cs.tcd.ie; s=mail; t=1576169403; bh=ygQ5x+c9hV7NIg1msJp2EtN0FUFqI+PASuli1bvFihw=; h=To:Cc:References:From:Subject:Date:In-Reply-To:From; b=ODYza18Fc45095FoWtrObOgnFoLfGFpiLS5Ee/woBHdA2Odt8rGEfCmDQ5g3hLuVX rQO/YnOpuvx5UfCUNNoZW0xvi6Qr8dLDpRO6Ke0MZbF+Oqpl1bv4p3Oke2INkZ5fiu JDDV+d6zjjyLkYDXKH6OSaJrliSn0XTqQsxL0M2Y= To: "Panos Kampanakis (pkampana)" Cc: IETF SecDispatch References: <12eed4ff-edd2-7f70-9460-fc86dcbab927@openca.org> <7999ebac-c9c1-eb4f-d9f7-2ba814a3b331@cs.tcd.ie> <78997490-c5ae-c856-6e26-0f79c7733ca3@openca.org> <2feb1778-7770-8a09-2066-a84663ff6b2e@cs.tcd.ie> From: Stephen Farrell Autocrypt: addr=stephen.farrell@cs.tcd.ie; prefer-encrypt=mutual; keydata= mQINBFo9UDIBEADUH4ZPcUnX5WWRWO4kEkHea5Y5eEvZjSwe/YA+G0nrTuOU9nemCP5PMvmh 5Cg8gBTyWyN4Z2+O25p9Tja5zUb+vPMWYvOtokRrp46yhFZOmiS5b6kTq0IqYzsEv5HI58S+ QtaFq978CRa4xH9Gi9u4yzUmT03QNIGDXE37honcAM4MOEtEgvw4fVhVWJuyy3w//0F2tzKr EMjmL5VGuD/Q9+G/7abuXiYNNd9ZFjv4625AUWwy+pAh4EKzS1FE7BOZp9daMu9MUQmDqtZU bUv0Q+DnQAB/4tNncejJPz0p2z3MWCp5iSwHiQvytYgatMp34a50l6CWqa13n6vY8VcPlIqO Vz+7L+WiVfxLbeVqBwV+4uL9to9zLF9IyUvl94lCxpscR2kgRgpM6A5LylRDkR6E0oudFnJg b097ZaNyuY1ETghVB5Uir1GCYChs8NUNumTHXiOkuzk+Gs4DAHx/a78YxBolKHi+esLH8r2k 4LyM2lp5FmBKjG7cGcpBGmWavACYEa7rwAadg4uBx9SHMV5i33vDXQUZcmW0vslQ2Is02NMK 7uB7E7HlVE1IM1zNkVTYYGkKreU8DVQu8qNOtPVE/CdaCJ/pbXoYeHz2B1Nvbl9tlyWxn5Xi HzFPJleXc0ksb9SkJokAfwTSZzTxeQPER8la5lsEEPbU/cDTcwARAQABtDJTdGVwaGVuIEZh cnJlbGwgKDIwMTcpIDxzdGVwaGVuLmZhcnJlbGxAY3MudGNkLmllPokCQAQTAQgAKgIbAwUJ CZQmAAULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgAUCWj6jdwIZAQAKCRBasvrxexcr6o7QD/9m x9DPJetmW794RXmNTrbTJ44zc/tJbcLdRBh0KBn9OW/EaAqjDmgNJeCMyJTKr1ywaps8HGUN hLEVkc14NUpgi4/Zkrbi3DmTp25OHj6wXBS5qVMyVynTMEIjOfeFFyxG+48od+Xn7qg6LT7G rHeNf+z/r0v9+8eZ1Ip63kshQDGhhpmRMKu4Ws9ZvTW2ACXkkTFaSGYJj3yIP4R6IgwBYGMz DXFX6nS4LA1s3pcPNxOgrvCyb60AiJZTLcOk/rRrpZtXB1XQc23ZZmrlTkl2HaThL6w3YKdi Ti1NbuMeOxZqtXcUshII45sANm4HuWNTiRh93Bn5bN6ddjgsaXEZBKUBuUaPBl7gQiQJcAlS 3MmGgVS4ZoX8+VaPGpXdQVFyBMRFlOKOC5XJESt7wY0RE2C8PFm+5eywSO/P1fkl9whkMgml 3OEuIQiP2ehRt/HVLMHkoM9CPQ7t6UwdrXrvX+vBZykav8x9U9M6KTgfsXytxUl6Vx5lPMLi 2/Jrsz6Mzh/IVZa3xjhq1OLFSI/tT2ji4FkJDQbO+yYUDhcuqfakDmtWLMxecZsY6O58A/95 8Qni6Xeq+Nh7zJ7wNcQOMoDGj+24di2TX1cKLzdDMWFaWzlNP5dB5VMwS9Wqj1Z6TzKjGjru q8soqohwb2CK9B3wzFg0Bs1iBI+2RuFnxLkCDQRaPVAyARAA+g3R0HzGr/Dl34Y07XqGqzq5 SU0nXIu9u8Ynsxj7gR5qb3HgUWYEWrHW2jHOByXnvkffucf5yzwrsvw8Q8iI8CFHiTYHPpey 4yPVn6R0w/FOMcY70eTIu/k6EEFDlDbs09DtKcrsT9bmN0XoRxITlXwWTufYqUnmS+YkAuk+ TLCtUin7OdaS2uU6Ata3PLQSeM2ZsUQMmYmHPwB9rmf+q2I005AJ9Q1SPQ2KNg/8xOGxo13S VuaSqYRQdpV93RuCOzg4vuXtR+gP0KQrus/P2ZCEPvU9cXF/2MIhXgOz207lv3iE2zGyNXld /n8spvWk+0bH5Zqd9Wcba/rGcBhmX9NKKDARZqjkv/zVEP1X97w1HsNYeUFNcg2lk9zQKb4v l1jx/Uz8ukzH2QNhU4R39dbF/4AwWuSVkGW6bTxHJqGs6YimbfdQqxTzmqFwz3JP0OtXX5q/ 6D4pHwcmJwEiDNzsBLl6skPSQ0Xyq3pua/qAP8MVm+YxCxJQITqZ8qjDLzoe7s9X6FLLC/DA L9kxl5saVSfDbuI3usH/emdtn0NA9/M7nfgih92zD92sl1yQXHT6BDa8xW1j+RU4P+E0wyd7 zgB2UeYgrp2IIcfG+xX2uFG5MJQ/nYfBoiALb0+dQHNHDtFnNGY3Oe8z1M9c5aDG3/s29QbJ +w7hEKKo9YMAEQEAAYkCJQQYAQgADwUCWj1QMgIbDAUJCZQmAAAKCRBasvrxexcr6qwvD/9b Rek3kfN8Q+jGrKl8qwY8HC5s4mhdDJZI/JP2FImf5J2+d5/e8UJ4fcsT79E0/FqX3Z9wZr6h sofPqLh1/YzDsYkZDHTYSGrlWGP/I5kXwUmFnBZHzM3WGrL3S7ZmCYMdudhykxXXjq7M6Do1 oxM8JofrXGtwBTLv5wfvvygJouVCVe87Ge7mCeY5vey1eUi4zSSF1zPpR6gg64w2g4TXM5qt SwkZVOv1g475LsGlYWRuJV8TA67yp1zJI7HkNqCo8KyHX0DPOh9c+Sd9ZX4aqKfqH9HIpnCL AYEgj7vofeix7gM3kQQmwynqq32bQGQBrKJEYp2vfeO30VsVx4dzuuiC5lyjUccVmw5D72J0 FlGrfEm0kw6D1qwyBg0SAMqamKN6XDdjhNAtXIaoA2UMZK/vZGGUKbqTgDdk0fnzOyb2zvXK CiPFKqIPAqKaDHg0JHdGI3KpQdRNLLzgx083EqEc6IAwWA6jSz+6lZDV6XDgF0lYqAYIkg3+ 6OUXUv6plMlwSHquiOc/MQXHfgUP5//Ra5JuiuyCj954FD+MBKIj8eWROfnzyEnBplVHGSDI ZLzL3pvV14dcsoajdeIH45i8DxnVm64BvEFHtLNlnliMrLOrk4shfmWyUqNlzilXN2BTFVFH 4MrnagFdcFnWYp1JPh96ZKjiqBwMv/H0kw== Message-ID: Date: Thu, 12 Dec 2019 16:50:02 +0000 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.2.2 MIME-Version: 1.0 In-Reply-To: Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="5lUTZx9BXjkhQDDnZRR7r42sBrC7PmFLu" Archived-At: Subject: Re: [Secdispatch] [EXTERNAL]Re: Clarification Question for the Comment from Eric Rescorla ( X-BeenThere: secdispatch@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Dispatch List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 12 Dec 2019 16:50:08 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --5lUTZx9BXjkhQDDnZRR7r42sBrC7PmFLu Content-Type: multipart/mixed; boundary="mIRN7FMXYH8kwrOk7Rz3scTat8jTho6M5"; protected-headers="v1" From: Stephen Farrell To: "Panos Kampanakis (pkampana)" Cc: IETF SecDispatch Message-ID: Subject: Re: [Secdispatch] [EXTERNAL]Re: Clarification Question for the Comment from Eric Rescorla ( References: <12eed4ff-edd2-7f70-9460-fc86dcbab927@openca.org> <7999ebac-c9c1-eb4f-d9f7-2ba814a3b331@cs.tcd.ie> <78997490-c5ae-c856-6e26-0f79c7733ca3@openca.org> <2feb1778-7770-8a09-2066-a84663ff6b2e@cs.tcd.ie> In-Reply-To: --mIRN7FMXYH8kwrOk7Rz3scTat8jTho6M5 Content-Type: multipart/mixed; boundary="------------91038B44DB564DCEE759A4CC" Content-Language: en-US This is a multi-part message in MIME format. --------------91038B44DB564DCEE759A4CC Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Hiya, On 12/12/2019 16:32, Panos Kampanakis (pkampana) wrote: > Hi, >=20 >> Sorry if I've missed it, but who do we have that is calling for a >> post-quantum PKI solution to be developed now, but who is not >> promoting one such? >=20 > We (Cisco) will need PQ PKI (not WebPKI) solution for image signing. > When talking about chips that are designed now and will live in the > field for decades, we would like to design today instead of wait for > 2030.=20 Thanks. It's not at all clear to me that data integrity nor origin authentication in that timeframe ought be tied to x.509 certificates at all. (Except for legacy algs/keys where there's nothing to do.) Or do you envisage using other approaches instead or as well when you say PKI? Personally, I'd guess some kind of manifest based approach would be better, maybe starting from cose or something. I would be supportive of exploratory work in that space. But adding multiple key/alg combinations alongside classical algs/keys into x.509 certificates would create so many new failure modes for all libraries that handle x.509 that it seems generally unwise to me. (The failure modes for such libraries have always been horrible, making 'em worse is not a plan I'd warm to;-) > Note we are spending (not making) money on PKI, so we are not > trying to corner a market. Fair enough that "corner a market" was a bit pejorative. Apologies for that. I'm just not at all convinced that trying to define how to handle PQ algorithms in x.509 is at all worthwhile now, especially before we have an outcome from the NIST competition. Once we do have a standard set of algorithms that people want to use (bearing in mind how sha-3 has not set the world alight) then defining OIDs for those would be fine, and fairly straightforward, but starting now down a path that leads to x.509 certificates that contain combinations of keys/algs in one cert seems like a terrible plan to me. Cheers, S. > I have talked to another vendor interested in them to sign its OS but > I will not speak for them. I have also talked to at least one HSM > vendor that has some clients asking for PQ PKI support to be added in > their HSM but I will not speak for them either. I don't think any of > these use-cases are trying to corner a market. >=20 > Panos >=20 >=20 > -----Original Message----- From: Secdispatch > On Behalf Of Stephen Farrell Sent: > Sunday, December 08, 2019 9:04 PM To: Mike Ounsworth > ; Eric Rescorla ; > Dr. Pala Cc: IETF SecDispatch > Subject: Re: [Secdispatch] [EXTERNAL]Re: > Clarification Question for the Comment from Eric Rescorla ( >=20 >=20 > Hiya, >=20 > Cutting to the nub of my concern... >=20 > On 09/12/2019 01:46, Mike Ounsworth wrote: >> I hope that doesn=E2=80=99t preclude a push for a more immediate solut= ion. >=20 > ISTM the "push" is less for a solution than for understandably > attempting to corner a market. I don't think such attempts are "bad" > things, but I do think following 'em is more likely unwise. >=20 > Sorry if I've missed it, but who do we have that is calling for a > post-quantum PKI solution to be developed now, but who is not > promoting one such? >=20 > Thanks, S. _______________________________________________=20 > Secdispatch mailing list Secdispatch@ietf.org=20 > https://www.ietf.org/mailman/listinfo/secdispatch >=20 --------------91038B44DB564DCEE759A4CC Content-Type: application/pgp-keys; name="0x5AB2FAF17B172BEA.asc" Content-Transfer-Encoding: quoted-printable Content-Disposition: attachment; filename="0x5AB2FAF17B172BEA.asc" -----BEGIN PGP PUBLIC KEY BLOCK----- mQINBFo9UDIBEADUH4ZPcUnX5WWRWO4kEkHea5Y5eEvZjSwe/YA+G0nrTuOU9nem CP5PMvmh5Cg8gBTyWyN4Z2+O25p9Tja5zUb+vPMWYvOtokRrp46yhFZOmiS5b6kT q0IqYzsEv5HI58S+QtaFq978CRa4xH9Gi9u4yzUmT03QNIGDXE37honcAM4MOEtE gvw4fVhVWJuyy3w//0F2tzKrEMjmL5VGuD/Q9+G/7abuXiYNNd9ZFjv4625AUWwy +pAh4EKzS1FE7BOZp9daMu9MUQmDqtZUbUv0Q+DnQAB/4tNncejJPz0p2z3MWCp5 iSwHiQvytYgatMp34a50l6CWqa13n6vY8VcPlIqOVz+7L+WiVfxLbeVqBwV+4uL9 to9zLF9IyUvl94lCxpscR2kgRgpM6A5LylRDkR6E0oudFnJgb097ZaNyuY1ETghV B5Uir1GCYChs8NUNumTHXiOkuzk+Gs4DAHx/a78YxBolKHi+esLH8r2k4LyM2lp5 FmBKjG7cGcpBGmWavACYEa7rwAadg4uBx9SHMV5i33vDXQUZcmW0vslQ2Is02NMK 7uB7E7HlVE1IM1zNkVTYYGkKreU8DVQu8qNOtPVE/CdaCJ/pbXoYeHz2B1Nvbl9t lyWxn5XiHzFPJleXc0ksb9SkJokAfwTSZzTxeQPER8la5lsEEPbU/cDTcwARAQAB tCFTdGVwaGVuIEZhcnJlbGwgPHN0ZXBoZW5AamVsbC5pZT6JAj0EEwEIACcFAlo9 UYwCGwMFCQmUJgAFCwkIBwIGFQgJCgsCBBYCAwECHgECF4AACgkQWrL68XsXK+qG CxAApYHWYgGOIL3G6/OpkejdAkQoCVQAK8LJUSf6vzwost4iVfxIKcKW/3RqKNKk rRl8beJ7j1CWXAz9+VXAOsE9+zNxXIDgGA7HlvJnhffl+qwibVgiHgUcJFhCSbBr sjC+1uULaTU8zYEyET//GOGPLF+X+degkE/sesh4zcEAjF7fGPnlncdCCH3tvPZZ sdTcjwOCRVonKsDgQzBTCMz/RPBfEFX44HZx4g1UQAcCA4xlucY8QkJEyCrSNGpG nvGK8DcGSmnstl1/a9fnlhpdFxieX3oY2phJ1WKkYTn6Advrek3UP71CKxpgtPmk d3iUUz/VZa0Cv6YxQXskspRDVEvdCMYSQBtJPQ4y2+5UxVR9GIQXenwYp9AP2niv Voh+ITsDWWeWnnvYMq07rSDjq0nGdj41MJkNX+Yb2PXVyXItcj5ybE3T2+y3pSBG FEZYJGuaL4NwtBJFMOdOtBmUOPbetS2971EL3Izxb7ibOZWDwexv+8R6SWYfP1wV N3p46RyBQuXqJV8ccE11m6vtZTGSYgnLUUFZMRQYH+0hwuYe0T3AA18xDdSYsa8v ovCCd3l5S4UNzIM2PMChqGrEzKapUpZg7+8ACcxRU3b9Ihd7WYjJ+pQPCoWYKozv tEvenbNpE/govO/ED3B14e+R2yevRPjRrsN7PJzSf15fQLuJARwEEAEIAAYFAlo9 UqAACgkQLzyHNoBfjaLrSwf+MIHbFRQ4O5cmLYR5sIByWelN3SuRN/gW8rpKo9Ok Cz6An8uV/iCXy5tNMLzzi0BFl8f22DwBcC5qy9qnlIAdogWam1qWoTAoAD8veEqm uKhYrqJsCcAyNrKYmK0hP3rpHxx1LySDmKYXmw/8qtBXKHTouMm+5tSsznhykRMT AAr2p7PSaHgo+hIVaW/rKSspHjDhhZS+G9mtOZad1IH29M6G1Q1NCO0Ywe8krKLQ IAQlFxtgvOqpPOZNzeKBa/+KbE8TGgMWrkOhC8OeEM5PVzdDhlhD9kPzB/pCKDF5 DofJ/ZRqnDpbKPQ0bsW38AOig3kOc0A27awiBEw3urqR1YkCMwQQAQgAHRYhBH4X CgRchM9GDit5oBDvedn9g1MSBQJbtyScAAoJEBDvedn9g1MSI/oP/0A9J9nrnBMq Zpm857lfYWw+rshLK+tyeP4OQeOqnDFvs9jePpcyJLG3DF2r6VbVKPQq+AE6Uf5h cJBDEN6BjEhRPSbLcqG3A1cz/nNwm8rPmNp+oKhmaBBQGxwciMLmzgynsDydnjPp MyEs04zvsbsl4vrp2095o105l8KcrrxQrioFjbwveGwHQK9bxJKhx9D+gIk+MouB ur45UDKTZkMZrr9FGrtkyXCGAxvKdcNC5Oa8z9sj1rcUJfG/OpVAMWhArdlZbFUQ yoX6pU2Zb1CR2qpWAVerGSfBhmfCyStjARqaKxlftjO+Bj3Jj73Cr5eqej3qB5+V 4BCsPjr4RLvVbYUCPsRdxWc+nBLlfVYkRURu21g1hFm5KFPjgUkyo1s4vjUOY8Dy I+xLGF7f/IhUBG6l+Vswhpwu7ydalZkeFiPx5xna5NfbEYxvsIf71DvipGvIOaHv X4egWoFgm8n/9c3rcMxJtpwHPSsUt5dgLsyu6VE0IbvOAc3dN7CWJ355DVFJq9Zg 2YVf0izSpyyzJeGsgkfjW6xpmdvZxuT2UcN4BTcm6vYqueASGrb3lfhzC5gpeVsc /MoSjTS65vNWbpzONZWMZuLEFraxWJzC0JrDK3NCd0VN3kstqGkVbUIiYOnUm8Vu 4zoVMLlGWzHLIGoPRG2nRezn1YyNfyb5iQGcBBABCgAGBQJbxcflAAoJEGo7ETk8 pK1gE7QL/ApC5P68W5DrI1787WJVZv1u4t/g39vTr7Xer3UMTVQg10vpa7pmqOGh jIDzDMg3Pe3K3M7fVzfAlUA1qw6ne4RCueVoRKpubeF4AlYbMr0K6hNCPjt5uAxm bBVuejKTc6pru5rv5gKL0nDbr+Snft5xt7juBLSSimw0/41sZnkjCxo9rF/RA/v6 +uWyK171RKmsEYu8fFtw1eqUNt/Xj792TUixE3pxXheNtQtZGk/9P3W83ChhG4Fh 5EQsn0pIh9wZIAbMRLpgRKyW87fWHZC8/YH8h7afarvn9Thl5pFUldCe22mNJj6K LChn2aEHQd+PdY1GBpZEcmNEUPuovwzatM0h64hCzTm41eDqRfihZVBT7TbfXQnv 8rywa42Mk756RGzzEZcQEhwQXZcMQUfxIQQ2VyJo0zG36VdZTQF7TF/4Lz7/3cJ5 6jOIm+dwPXtu+C2wAQuD4USOLt4JWPYpqzDfHYJIND/497P9Z9SuQeahr2ez3DRB g3qsHEjBV7QyU3RlcGhlbiBGYXJyZWxsICgyMDE3KSA8c3RlcGhlbi5mYXJyZWxs QGNzLnRjZC5pZT6JAkAEEwEIACoCGwMFCQmUJgAFCwkIBwIGFQgJCgsCBBYCAwEC HgECF4AFAlo+o3cCGQEACgkQWrL68XsXK+qO0A//ZsfQzyXrZlu/eEV5jU620yeO M3P7SW3C3UQYdCgZ/TlvxGgKow5oDSXgjMiUyq9csGqbPBxlDYSxFZHNeDVKYIuP 2ZK24tw5k6duTh4+sFwUualTMlcp0zBCIzn3hRcsRvuPKHfl5+6oOi0+xqx3jX/s /69L/fvHmdSKet5LIUAxoYaZkTCruFrPWb01tgAl5JExWkhmCY98iD+EeiIMAWBj Mw1xV+p0uCwNbN6XDzcToK7wsm+tAIiWUy3DpP60a6WbVwdV0HNt2WZq5U5Jdh2k 4S+sN2CnYk4tTW7jHjsWarV3FLISCOObADZuB7ljU4kYfdwZ+WzenXY4LGlxGQSl AblGjwZe4EIkCXAJUtzJhoFUuGaF/PlWjxqV3UFRcgTERZTijguVyREre8GNERNg vDxZvuXssEjvz9X5JfcIZDIJpdzhLiEIj9noUbfx1SzB5KDPQj0O7elMHa1671/r wWcpGr/MfVPTOik4H7F8rcVJelceZTzC4tvya7M+jM4fyFWWt8Y4atTixUiP7U9o 4uBZCQ0GzvsmFA4XLqn2pA5rVizMXnGbGOjufAP/efEJ4ul3qvjYe8ye8DXEDjKA xo/tuHYtk19XCi83QzFhWls5TT+XQeVTMEvVqo9Wek8yoxo67qvLKKqIcG9givQd 8MxYNAbNYgSPtkbhZ8SJARwEEAEIAAYFAlo9UqAACgkQLzyHNoBfjaLzHAgAlWT6 NXEGtw/r1miKNGcopzvzILQ9oB8rKI9U9EL6tOf/y2V5oYee/GyQDb3ZdoPxxYYc Jf+RyiH1nMoqUIZiZJaf3bJXinDZ5+AdfE++UR2NBvqaNyC6u3r24jo1B/sagKbY tWgsYtRqHLD4IWi37MZrVyjBuF7u14Q07+uhjq6mX2O/tHpCYw/Q82tbeTRPyUf1 WQOAfD1kfBpW9PvAva5Iw9FWeXpCXRzwxnCZhYfGfqtuSw6CPBYLdbikqML6FZ7E DuTBb/8um1wK7Y9bgeIQC+CYjhYB5RXa1tDJRab2Js4luCvSR0w/CgHw26293tlv e2Q6UTrmHxP5U22DlokCPQQTAQgAJwUCWj1QMgIbAwUJCZQmAAULCQgHAgYVCAkK CwIEFgIDAQIeAQIXgAAKCRBasvrxexcr6tJpD/4rrILH+meP07vrx8wW5eYuqCiP GYnh/CXxIF8eLrfbe5d4QRgtq+w6UeQPMyzKRIRiCoBXB2oJLBZHyxBPxZlg33dT MrEGn8QWKx2iNuz9rZMXyOSWFetuO01d/aUPd5BnbLbIyK5of8xCQlXM6KH8bc+9 gQ7edR9mfLTdvBf2FR522hg8BRBM1imKc3vO8v39+qIHHRjuiwxBBCAOhHtHRsZX ripS0uFA07dM46Oi/E8osjx6fQt/lH5z/PN+2adxYSrLSAXfr1oD3RxYNhuWgyGF L64/VCQb1YGjf0Z5MBPnWm9jgUoOY5K9eNSS0L83WeJjlF5+Q/WOgB+rb49Prm2D Feo9+S9f2V53Llz1WIspXJg6f+n9lmHE94MfQj1GAHCzI0FeL19lvM+LhD8jJSCb hrC3+yobyy/AUOs5Z3E+njjX1FF/VCVAs6iOa6i+XG+Y1hh3ir2y1kckJ5auT10M SU8GEZu9ayU4M3o3N9yxOjaoP0NuQ4MMLL/n/u4u94AeZaHPNBXn/hVfVRRmpRXt GKvJtFAEppGEYezB+bLKIm6XlpPkhnwYzleLZ7AMEco2C6QM8QPB3g3JpS3sqRhA 5rEP4lL16BmijmF+CHoPE/zwgKZbKpyVDqvIW5IDgvfIC2X4pbZDRvGIUKaGSB4+ ksZgUUnNyvfQr2p7jokCMwQQAQgAHRYhBH4XCgRchM9GDit5oBDvedn9g1MSBQJb tySbAAoJEBDvedn9g1MSeKkQAJm44jt1kwHgQgeDBKdjdvl0AjE0xVEQxriZ6lP/ l//34YT0auFfzsYIrChSpQXAEtobBAr4Ohw1Us+BZe+H5P8vm6LRuPwozC3SjwfX 4Iec8+9ot6tIVg4sbedDSgb/CCFVjsmIGcQ1P73JLJTBJ6mxYCV/gn3QC6bwDOFo 7kD9FDHCjRN8XfhHQ4Q9cYyt06uF31qG/aumgWYC9geCGgAwiHgwxNYb9GoJ0iZj CROwbYvLTcQgsVUW2bTmsVR13UVKDsdl02sRV7qcVYW6R0a3Ra8KudX+nt25H5DR Gd382KZ5W8pydsy/viTvD9z6v0ulChBYxAedIvGIClrhbxlLEPmIg4ImVOLGqsUg Vm32J95WOjEkk4PEZ12xSDBtwhSJqmJNboWlfmw43KdIbY8zNhffIO3N6O7FsdGx mqyHeLoTpqY+ySVUPpbuyW8ujnI/J//+6hdTZ9dQsEJQlWngKuWOQ5ma58MPSN88 zllsqhZAFQjNxqnkSzL6ZQ+v/jvuRRe16B80AeO55DsmbWsMv/YLLD1mSi7+Khy2 EtMBhgojWwrGMvdLN6X3mnzNJEscYyLxM9tSk+iySP2sLthK0BVgpAzBSdaf/ezI z60P+neHDzteNFf8Mn7lmgYk1amvZoJ29s5+n2HwxyRL5dVMyMdyQmntubbctfqr Z0tIiQGcBBABCgAGBQJbxcflAAoJEGo7ETk8pK1gnCYMAJY4FeIYjlIXGghFWzsB 4fYwK1+iaFpU3fSto5qcrqVtVPjXpwqczqBWeXGyQxiB0kan4OVAXydIeaP8EAuF CA7paP3s9STLJBO3KurkwyRkPW5zo0X7xVqaVToRsX2Ul98KVJoHYQD1KdezEtwl vpNwiiBr42AYR751Vm6JBVAbQXuFpB3c8bUV0OkkRxNFtL8/2PieHar58n5dntGk bPlPkztahsFqktgacIgXHX5vaT+7YeeZ1DWLOYjGO0wNhkOSeroCmxwJUikU7joB p823L7r5KfpqWTPpSCzVstQKZUGmmoE1qCswY/Ud5wvp9SccpIILkRXj0rZRtfnE 5MpL3hjmtNzfDd9qIsJtBJlSB2hZwAsVm1l+EWN9hG3tqyA43niUMy2n6q690of3 berSiQ+kvY/aC9Hx8I+bKzOV9/J2VUTqfaPZa4Uy2rVX5Q2p69n/PMj7mEer0rCL 3j9V16J9c+s0BSkXoKdtYdB0TWVhBgUybd9qtYcwHWvhP7QuU3RlcGhlbiBGYXJy ZWxsIDxzdGVwaGVuQHRvbGVyYW50bmV0d29ya3MuY29tPokCPQQTAQgAJwUCWj1R WgIbAwUJCZQmAAULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgAAKCRBasvrxexcr6jsc EADEcB0WQEZn2AkrzDs1RhL0Lp6cZi0BigofkbcGfdhJyMSs19C0dhvncrAFClVI 6/Udw3yFtDyYtOCf2W3M3A1K6/RfEizCLzTsdFIhni9gOJLlUpXViQtgrlstjk7h qVV3Ooz4BlCqS4cG7rfqf4LQQPpTAuFUEV9I28FBUB2irqC+v4gTysIgpMw0bA1y BU9sX5jE/tRkzqnuzZrkwiobDtRFJ9qp+7O2JtcY4EsVtLAsaodJKc5cF8R4OvB1 n66vxxcgg9Eh4JNWZ47xsaCmAGo1Bcb2jIY35OtgAL7gCGLRSMKTtAaPy1/fEgIq hCljJ9x40Fkn/3r2BX21WC9HFSPFTBz2RluLRzxdgxOrkYK8EiHUPoE5b1AEzZKw 2AbeXfr57f5zYsN3IqfbQLUjMYtUN1wK3Pjb+idD972wyXMWt8uOzlI7b9Ocu+nY m2whBfJv9Pmp3QYTmPz+LB9lH65VNVUSxSXVr5iWXO3qx1HtEiGEqkporMQCTh3T 5Ud3PvMSRBFFKNs9WhJ/Lxz+SV30WLwG6dr5mQqlzAhb4Phc/zekZyXRdS/oDKrB LUucS36O//49JeyRi1QvOfxnfmIqRIAf/k3PoYJmTo5E82//r5Qj3YGlRu78ba0H Arxs+ACD6AnEHHcbswpbtVEKYzlSu0Ar0Dc7vRWM/IyQdIkBHAQQAQgABgUCWj1S oAAKCRAvPIc2gF+NosIsB/9f/29FNla3BJfGIEIDnhrqGD0i9bSa89SqBd++uG06 TQgW5wsqtNcrwn81yZTq6XE6i9VtD4GKfqC0d4KZJr9bnbeD81cI64VOdL8zJWJs 0vj5EIXCobKyX74Kb4uePUyZqwT2Q74I116u/HwA9/FXsPo5isbh4ZqD4t0VHpWk mfq1FPT9a/JPyX46qKqB2Fce/7Qy+SQP1NfkuUlbhUH/JG9aSSYvk3lznNiH41x9 M+FDlL106itXOubrl3oi2fT3fsSedq7uzt+IV0DQEeNaoQAUuwEhdB8IWOMqN2wo DjGVKJftfsSWY9ilZrnDBNDrp0vRqcx33LUMkIw4d7iBiQIzBBABCAAdFiEEfhcK BFyEz0YOK3mgEO952f2DUxIFAlu3JJwACgkQEO952f2DUxJjuw/6ApHSsVTWD4a0 H6FJ23A9Ftpy+aXZ4vYlzkSrfsn2ECrEfK3lXQh/uzwjJUDYZeB1/BQsFZtcYNQO JSSHbQ49BFRLwb1J/wBZG4bbmrkLxnNbKDKQvzxEpclkMW0Dj0J6o7kGrmzIGGrh B+JJN99AcineHRug8ZSFIERRCmigxdhAKU0BFD7P+5HNHltSL3DF1c2fFOf2JrgB KVoE+9RhMZjWNbYetFFLCkjXb5Rpay9zeMm1DxfSTGAnuOwUXW6qq4hnl5+VC/48 ceDZElLLfu7RQUZv44pkSTOWZs+iQoJiHMFHk9wPqyB2Vok1yJ2a2j27WhXrJlPw nZbgJO5RyWDG3p/eVmpl5Uuc2dsfIpR17KnAuWpghK6V+cyFncDoGCl/YG2Mvool sW08FiZh3Ej4dnJjj25TZkeFG74JJDXLvMYpJfSBGnmETv4Dhcm2xPqVMuFuL1qJ lMbVLrMo2GXeo03OzNyvbs+u8WLIaGm5hC7N1CXY8wZs4jo6OJ/expvnc07dEuws 4zT3AiWv3nIouWReRStZy9QkavDocqbyPmilcdPCYk4BsOlzpwwO74hNG7iyl0Kd AlwTxGQ7y0rJou6HYa1TmRhIEr3vKvlW+JfUUrqtjXgsuacTXo4+Ira2JUErL2cY zQMq1j4r1ZyhFnuz93s7Rsx/Nw0+0YuJAZwEEAEKAAYFAlvFx+UACgkQajsROTyk rWCJqwv+NLVPE4sD4sDA2/6Ek7UsRIUkg+S39fhqWsLc4rtw/mDunv8Un61I3K04 fZ2Ry4nF9hZM0a710UvXFbStvrzRJO3EAAcdJR9LTCd19e8UeruQbIee3YT91U4N kC9JMpecfq62/teOAU2e5P3fWYaLs5ZX7zCLwWuBcW2l3SyoljQczM85HhJ3XHm+ FnwQ6D9xRle+lvWTcuC9d1yAyUb8IOospcL2lJTmy8e3r79R24hPlSB4LDe0wEN8 AXbagrcAQZjwyaHyWxjJbTwZ0b43WGdfIqZ1ElOeoffbketPGRmWvx5xUvb2ALFB BdETzV270gs5XDJgJ1SIIKOyDADxwvroTe2jD8C/841eEql5QSow3s/U3zRqk3mt tto8Qw/DN71aeh6dmYSsvd2UjsHw/vofOPRBGxZLEkKTEvMnhmMW9hiKPkPia+Qg evYE020qpKSxLEdWA8nprHwxmGiDNesCfXSC6vm1qfyj5g8HzxSckq9ZaMhKMCo7 vxflUEDuuQINBFo9UDIBEAD6DdHQfMav8OXfhjTteoarOrlJTSdci727xiezGPuB HmpvceBRZgRasdbaMc4HJee+R9+5x/nLPCuy/DxDyIjwIUeJNgc+l7LjI9WfpHTD 8U4xxjvR5Mi7+ToQQUOUNuzT0O0pyuxP1uY3RehHEhOVfBZO59ipSeZL5iQC6T5M sK1SKfs51pLa5ToC1rc8tBJ4zZmxRAyZiYc/AH2uZ/6rYjTTkAn1DVI9DYo2D/zE 4bGjXdJW5pKphFB2lX3dG4I7ODi+5e1H6A/QpCu6z8/ZkIQ+9T1xcX/YwiFeA7Pb TuW/eITbMbI1eV3+fyym9aT7Rsflmp31Zxtr+sZwGGZf00ooMBFmqOS//NUQ/Vf3 vDUew1h5QU1yDaWT3NApvi+XWPH9TPy6TMfZA2FThHf11sX/gDBa5JWQZbptPEcm oazpiKZt91CrFPOaoXDPck/Q61dfmr/oPikfByYnASIM3OwEuXqyQ9JDRfKrem5r +oA/wxWb5jELElAhOpnyqMMvOh7uz1foUssL8MAv2TGXmxpVJ8Nu4je6wf96Z22f Q0D38zud+CKH3bMP3ayXXJBcdPoENrzFbWP5FTg/4TTDJ3vOAHZR5iCunYghx8b7 Ffa4UbkwlD+dh8GiIAtvT51Ac0cO0Wc0Zjc57zPUz1zloMbf+zb1Bsn7DuEQoqj1 gwARAQABiQIlBBgBCAAPBQJaPVAyAhsMBQkJlCYAAAoJEFqy+vF7FyvqrC8P/1tF 6TeR83xD6MasqXyrBjwcLmziaF0Mlkj8k/YUiZ/knb53n97xQnh9yxPv0TT8Wpfd n3BmvqGyh8+ouHX9jMOxiRkMdNhIauVYY/8jmRfBSYWcFkfMzdYasvdLtmYJgx25 2HKTFdeOrszoOjWjEzwmh+tca3AFMu/nB++/KAmi5UJV7zsZ7uYJ5jm97LV5SLjN JIXXM+lHqCDrjDaDhNczmq1LCRlU6/WDjvkuwaVhZG4lXxMDrvKnXMkjseQ2oKjw rIdfQM86H1z5J31lfhqop+of0cimcIsBgSCPu+h96LHuAzeRBCbDKeqrfZtAZAGs okRina9947fRWxXHh3O66ILmXKNRxxWbDkPvYnQWUat8SbSTDoPWrDIGDRIAypqY o3pcN2OE0C1chqgDZQxkr+9kYZQpupOAN2TR+fM7JvbO9coKI8Uqog8CopoMeDQk d0YjcqlB1E0svODHTzcSoRzogDBYDqNLP7qVkNXpcOAXSVioBgiSDf7o5RdS/qmU yXBIeq6I5z8xBcd+BQ/n/9Frkm6K7IKP3ngUP4wEoiPx5ZE5+fPIScGmVUcZIMhk vMvem9XXh1yyhqN14gfjmLwPGdWbrgG8QUe0s2WeWIyss6uTiyF+ZbJSo2XOKVc3 YFMVUUfgyudqAV1wWdZinUk+H3pkqOKoHAy/8fST =3DYzQY -----END PGP PUBLIC KEY BLOCK----- --------------91038B44DB564DCEE759A4CC-- --mIRN7FMXYH8kwrOk7Rz3scTat8jTho6M5-- --5lUTZx9BXjkhQDDnZRR7r42sBrC7PmFLu Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEW7Wm6ldl0sWGPK4nWrL68XsXK+oFAl3yb7oACgkQWrL68XsX K+p59A/+Pub2wVT7cPXVxklHz7CftVsJEU8lDmIq01dmh3cnzfbtRdoI95o/l2a8 NXOlcApDG2YepgusZZX40S14R0QRoj+ClT7YZmf3sBG76pvg+ukrTKZuhzzPleFr sfCyea7Hfu/ZG1DX0EQ99zDVPOt74cEFZ1XgSLE1RR1PjNruTV27qdBNleN/mZkF OF0u8bmtLabKXljnQJ++OxxEvlNB/8foofMI+qStBVPipR6+6ZuHYki2fiV8hR3P K+OgiGaPai9Vht8nO2hzX4RLRfYcre7jXz+PNzuBa76VxlefzHxETMwBdnW4TCgT s4S157WMDMZ9hfwXw0yH/Zvve+ZJgFGNbyMXwwygo9gssBvxSwvxPNl5a7IzJ4y9 KtkYLkv+6VqDjQcbDA2EhZ+LYrbVwGI4XcqKsIT40jFuTMR/u25+5L15X9biZm3U zO3agQ+sqj7ubcfGLHm/ERS337Z26kTui3pglG8+7cHNqlL228k22lN4uetKT+ED 3TWCD91lMc7YRlUeXlvQcMCo5UYNyhN5B6aU1qNzoySf4nAdQ3hVaa24/p5FkgAb K2H0UmBGJpocr8npjHMbIB2SYirg4vbMk9ObcnPfFZYNS7NqFapmlaSP3MAvMc13 0v7ogghDIyUPYuXf0BLbAT0mr7dW+GaXoH8LAJ1PTW3fn6HYbio= =rz9E -----END PGP SIGNATURE----- --5lUTZx9BXjkhQDDnZRR7r42sBrC7PmFLu-- From nobody Thu Dec 12 08:53:00 2019 Return-Path: X-Original-To: secdispatch@ietfa.amsl.com Delivered-To: secdispatch@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1B71C1209CC for ; Thu, 12 Dec 2019 08:52:58 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.896 X-Spam-Level: X-Spam-Status: No, score=-1.896 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=rtfm-com.20150623.gappssmtp.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZAL8OOYC2Yh8 for ; Thu, 12 Dec 2019 08:52:56 -0800 (PST) Received: from mail-lj1-x234.google.com (mail-lj1-x234.google.com [IPv6:2a00:1450:4864:20::234]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1EF481209C5 for ; Thu, 12 Dec 2019 08:52:56 -0800 (PST) Received: by mail-lj1-x234.google.com with SMTP id h23so3054538ljc.8 for ; Thu, 12 Dec 2019 08:52:56 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rtfm-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=J5UBnFnrAlPkone06+dE2r0mdDnQlpTYxM2gpmyWQw0=; b=vS0zbCrQA81XvWSWzGtWzOm9qwD4oVw6DplD0BkKHhKUeYZRDD38muf8b6HIefdRX0 ThGMj/qCKind1mVCSAyOwTHuzBvmwQ3kFlTBMPU0l1g0EXdcQlpB5H1zU9+GawIk90EC TmjstPOyACSP6n3ZP+8l9Lxm8VP2qUGJtL2B6+CthX9WbbPXTf4x9Bo0zuVQrGghvbgi ba92Dol2JVD1Agr4XDdvQqi9rDhd/AnKUvYBDwfao2yE/GabzPhrC+ujU5Tes1/e0IYu jUSU3fKiuSgK4LnlvP8882NZ2TwCkPYkGA/aBxgCpLII/eGqP/SsvIArUGYx8KxlDt6Q JGJw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=J5UBnFnrAlPkone06+dE2r0mdDnQlpTYxM2gpmyWQw0=; b=M1b9jJSW3QNwcWmAxj8kfX6O7cUziAys7A9SEQiNC8CwM2CshBIAnDIF2J+sxZsnru 5nUphrzqjiR6FD8fwrBO5lPMYoN7lcBaUZDH9SbRApAXDYzU9TY2kImU3pYEmmyUuH/z 0Livu3gCmA4nIld2rofXXK9LStw60mgSADIgKCzz0nSAFQdeTecojPfDEFiBy2kzumw1 Q6I4iX2Jn2ZuLtOhXR+tUWbpR8q6egB5Xz2Gasu4k85AazDQ0BfivFrkh+gmdpkRhwKE fh6JT5XPfdfJyTuWGraWyu7xlJdO2/7rHJ0EL9m6MTP5NR5dlwGyomFCTohi3QpkT6JW J1cg== X-Gm-Message-State: APjAAAXnbqRZyiCBNWltyFzJQaJS6/+Q0UYxaaLi/qaheOHhDE9Y9IIY WLCbj76IBHFSgekE9Vxl9QnvX4DITEt/+gaavyHfEQ== X-Google-Smtp-Source: APXvYqxwSDNdiXNE2C32WZl0c6kAVC4zXrMZVjOqrsM30ESZDw0hTsW7AC0K5UWKA8q5tCDxNNrxq/HaWoiHL/Vvz44= X-Received: by 2002:a2e:9008:: with SMTP id h8mr6735745ljg.217.1576169574397; Thu, 12 Dec 2019 08:52:54 -0800 (PST) MIME-Version: 1.0 References: <12eed4ff-edd2-7f70-9460-fc86dcbab927@openca.org> <7999ebac-c9c1-eb4f-d9f7-2ba814a3b331@cs.tcd.ie> <78997490-c5ae-c856-6e26-0f79c7733ca3@openca.org> <2feb1778-7770-8a09-2066-a84663ff6b2e@cs.tcd.ie> In-Reply-To: From: Eric Rescorla Date: Thu, 12 Dec 2019 08:52:18 -0800 Message-ID: To: "Panos Kampanakis (pkampana)" Cc: Stephen Farrell , IETF SecDispatch Content-Type: multipart/alternative; boundary="000000000000968b2405998493d6" Archived-At: Subject: Re: [Secdispatch] [EXTERNAL]Re: Clarification Question for the Comment from Eric Rescorla ( X-BeenThere: secdispatch@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Dispatch List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 12 Dec 2019 16:52:58 -0000 --000000000000968b2405998493d6 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable On Thu, Dec 12, 2019 at 8:33 AM Panos Kampanakis (pkampana) < pkampana@cisco.com> wrote: > Hi, > > > Sorry if I've missed it, but who do we have that is calling for a > post-quantum PKI solution to be developed now, but who is not promoting o= ne > such? > > We (Cisco) will need PQ PKI (not WebPKI) solution for image signing. When > talking about chips that are designed now and will live in the field for > decades, we would like to design today instead of wait for 2030. Note we > are spending (not making) money on PKI, so we are not trying to corner a > market. > Is there a reason why you don't want to do hash signatures? -Ekr I have talked to another vendor interested in them to sign its OS but I > will not speak for them. I have also talked to at least one HSM vendor th= at > has some clients asking for PQ PKI support to be added in their HSM but I > will not speak for them either. I don't think any of these use-cases are > trying to corner a market. > > Panos > > > -----Original Message----- > From: Secdispatch On Behalf Of Stephen > Farrell > Sent: Sunday, December 08, 2019 9:04 PM > To: Mike Ounsworth ; Eric Rescorla < > ekr@rtfm.com>; Dr. Pala > Cc: IETF SecDispatch > Subject: Re: [Secdispatch] [EXTERNAL]Re: Clarification Question for the > Comment from Eric Rescorla ( > > > Hiya, > > Cutting to the nub of my concern... > > On 09/12/2019 01:46, Mike Ounsworth wrote: > > I hope that doesn=E2=80=99t preclude a push for a more immediate soluti= on. > > ISTM the "push" is less for a solution than for understandably attempting > to corner a market. I don't think such attempts are "bad" things, but I d= o > think following 'em is more likely unwise. > > Sorry if I've missed it, but who do we have that is calling for a > post-quantum PKI solution to be developed now, but who is not promoting o= ne > such? > > Thanks, > S. > _______________________________________________ > Secdispatch mailing list > Secdispatch@ietf.org > https://www.ietf.org/mailman/listinfo/secdispatch > --000000000000968b2405998493d6 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable


=
On Thu, Dec 12, 2019 at 8:33 AM Panos= Kampanakis (pkampana) <pkampana@c= isco.com> wrote:
Hi,

> Sorry if I've missed it, but who do we have that is calling for a = post-quantum PKI solution to be developed now, but who is not promoting one= such?

We (Cisco) will need PQ PKI (not WebPKI) solution for image signing. When t= alking about chips that are designed now and will live in the field for dec= ades, we would like to design today instead of wait for 2030. Note we are s= pending (not making) money on PKI, so we are not trying to corner a market.=

Is there a reason why you don't wa= nt to do hash signatures?

-Ekr

<= /div>
I have talked to another vendor interested in them to sign its OS but I wil= l not speak for them. I have also talked to at least one HSM vendor that ha= s some clients asking for PQ PKI support to be added in their HSM but I wil= l not speak for them either. I don't think any of these use-cases are t= rying to corner a market.

Panos


-----Original Message-----
From: Secdispatch <secdispatch-bounces@ietf.org> On Behalf Of Stephen Farr= ell
Sent: Sunday, December 08, 2019 9:04 PM
To: Mike Ounsworth <Mike.Ounsworth@entrustdatacard.com>; Eric Rescor= la <ekr@rtfm.com&g= t;; Dr. Pala <ma= dwolf@openca.org>
Cc: IETF SecDispatch <secdispatch@ietf.org>
Subject: Re: [Secdispatch] [EXTERNAL]Re: Clarification Question for the Com= ment from Eric Rescorla (


Hiya,

Cutting to the nub of my concern...

On 09/12/2019 01:46, Mike Ounsworth wrote:
> I hope that doesn=E2=80=99t preclude a push for a more immediate solut= ion.

ISTM the "push" is less for a solution than for understandably at= tempting to corner a market. I don't think such attempts are "bad&= quot; things, but I do think following 'em is more likely unwise.

Sorry if I've missed it, but who do we have that is calling for a post-= quantum PKI solution to be developed now, but who is not promoting one such= ?

Thanks,
S.
_______________________________________________
Secdispatch mailing list
Secdispatch@ietf.= org
https://www.ietf.org/mailman/listinfo/secdispatch
--000000000000968b2405998493d6-- From nobody Thu Dec 12 09:07:08 2019 Return-Path: X-Original-To: secdispatch@ietfa.amsl.com Delivered-To: secdispatch@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9BDA7120A20 for ; Thu, 12 Dec 2019 09:07:05 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.3 X-Spam-Level: X-Spam-Status: No, score=-4.3 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cs.tcd.ie Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gHh4UgcZOQ4f for ; Thu, 12 Dec 2019 09:07:02 -0800 (PST) Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 81FB7120A24 for ; Thu, 12 Dec 2019 09:07:01 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id EE6CEBDCF; Thu, 12 Dec 2019 17:06:58 +0000 (GMT) Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3j5zgUEFXW0E; Thu, 12 Dec 2019 17:06:58 +0000 (GMT) Received: from [134.226.36.133] (unknown [134.226.36.133]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id BA48BBE24; Thu, 12 Dec 2019 17:06:56 +0000 (GMT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cs.tcd.ie; s=mail; t=1576170416; bh=og6h8G/neB2577NzL29PpTi+YnOMybXw8nlV/crPyRQ=; h=Subject:To:Cc:References:From:Date:In-Reply-To:From; b=lLaa5BMBTMPZMFb5gGafFrYoF1kUSpixtqJxVM5scgFtZY6aUYD3CTts8gkpBzStw kSG6OqWVz3NqQ2D7bbyN43JZGXMmfWabqAc5h+QIyUEpVW08mkoR24WlK4c3qQsFvV sVsEPSK2f18hpCoo99qtRE60m33B9jhAfSIib/VU= To: Eric Rescorla , "Panos Kampanakis (pkampana)" Cc: IETF SecDispatch References: <12eed4ff-edd2-7f70-9460-fc86dcbab927@openca.org> <7999ebac-c9c1-eb4f-d9f7-2ba814a3b331@cs.tcd.ie> <78997490-c5ae-c856-6e26-0f79c7733ca3@openca.org> <2feb1778-7770-8a09-2066-a84663ff6b2e@cs.tcd.ie> From: Stephen Farrell Autocrypt: addr=stephen.farrell@cs.tcd.ie; prefer-encrypt=mutual; keydata= mQINBFo9UDIBEADUH4ZPcUnX5WWRWO4kEkHea5Y5eEvZjSwe/YA+G0nrTuOU9nemCP5PMvmh 5Cg8gBTyWyN4Z2+O25p9Tja5zUb+vPMWYvOtokRrp46yhFZOmiS5b6kTq0IqYzsEv5HI58S+ QtaFq978CRa4xH9Gi9u4yzUmT03QNIGDXE37honcAM4MOEtEgvw4fVhVWJuyy3w//0F2tzKr EMjmL5VGuD/Q9+G/7abuXiYNNd9ZFjv4625AUWwy+pAh4EKzS1FE7BOZp9daMu9MUQmDqtZU bUv0Q+DnQAB/4tNncejJPz0p2z3MWCp5iSwHiQvytYgatMp34a50l6CWqa13n6vY8VcPlIqO Vz+7L+WiVfxLbeVqBwV+4uL9to9zLF9IyUvl94lCxpscR2kgRgpM6A5LylRDkR6E0oudFnJg b097ZaNyuY1ETghVB5Uir1GCYChs8NUNumTHXiOkuzk+Gs4DAHx/a78YxBolKHi+esLH8r2k 4LyM2lp5FmBKjG7cGcpBGmWavACYEa7rwAadg4uBx9SHMV5i33vDXQUZcmW0vslQ2Is02NMK 7uB7E7HlVE1IM1zNkVTYYGkKreU8DVQu8qNOtPVE/CdaCJ/pbXoYeHz2B1Nvbl9tlyWxn5Xi HzFPJleXc0ksb9SkJokAfwTSZzTxeQPER8la5lsEEPbU/cDTcwARAQABtDJTdGVwaGVuIEZh cnJlbGwgKDIwMTcpIDxzdGVwaGVuLmZhcnJlbGxAY3MudGNkLmllPokCQAQTAQgAKgIbAwUJ CZQmAAULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgAUCWj6jdwIZAQAKCRBasvrxexcr6o7QD/9m x9DPJetmW794RXmNTrbTJ44zc/tJbcLdRBh0KBn9OW/EaAqjDmgNJeCMyJTKr1ywaps8HGUN hLEVkc14NUpgi4/Zkrbi3DmTp25OHj6wXBS5qVMyVynTMEIjOfeFFyxG+48od+Xn7qg6LT7G rHeNf+z/r0v9+8eZ1Ip63kshQDGhhpmRMKu4Ws9ZvTW2ACXkkTFaSGYJj3yIP4R6IgwBYGMz DXFX6nS4LA1s3pcPNxOgrvCyb60AiJZTLcOk/rRrpZtXB1XQc23ZZmrlTkl2HaThL6w3YKdi Ti1NbuMeOxZqtXcUshII45sANm4HuWNTiRh93Bn5bN6ddjgsaXEZBKUBuUaPBl7gQiQJcAlS 3MmGgVS4ZoX8+VaPGpXdQVFyBMRFlOKOC5XJESt7wY0RE2C8PFm+5eywSO/P1fkl9whkMgml 3OEuIQiP2ehRt/HVLMHkoM9CPQ7t6UwdrXrvX+vBZykav8x9U9M6KTgfsXytxUl6Vx5lPMLi 2/Jrsz6Mzh/IVZa3xjhq1OLFSI/tT2ji4FkJDQbO+yYUDhcuqfakDmtWLMxecZsY6O58A/95 8Qni6Xeq+Nh7zJ7wNcQOMoDGj+24di2TX1cKLzdDMWFaWzlNP5dB5VMwS9Wqj1Z6TzKjGjru q8soqohwb2CK9B3wzFg0Bs1iBI+2RuFnxLkCDQRaPVAyARAA+g3R0HzGr/Dl34Y07XqGqzq5 SU0nXIu9u8Ynsxj7gR5qb3HgUWYEWrHW2jHOByXnvkffucf5yzwrsvw8Q8iI8CFHiTYHPpey 4yPVn6R0w/FOMcY70eTIu/k6EEFDlDbs09DtKcrsT9bmN0XoRxITlXwWTufYqUnmS+YkAuk+ TLCtUin7OdaS2uU6Ata3PLQSeM2ZsUQMmYmHPwB9rmf+q2I005AJ9Q1SPQ2KNg/8xOGxo13S VuaSqYRQdpV93RuCOzg4vuXtR+gP0KQrus/P2ZCEPvU9cXF/2MIhXgOz207lv3iE2zGyNXld /n8spvWk+0bH5Zqd9Wcba/rGcBhmX9NKKDARZqjkv/zVEP1X97w1HsNYeUFNcg2lk9zQKb4v l1jx/Uz8ukzH2QNhU4R39dbF/4AwWuSVkGW6bTxHJqGs6YimbfdQqxTzmqFwz3JP0OtXX5q/ 6D4pHwcmJwEiDNzsBLl6skPSQ0Xyq3pua/qAP8MVm+YxCxJQITqZ8qjDLzoe7s9X6FLLC/DA L9kxl5saVSfDbuI3usH/emdtn0NA9/M7nfgih92zD92sl1yQXHT6BDa8xW1j+RU4P+E0wyd7 zgB2UeYgrp2IIcfG+xX2uFG5MJQ/nYfBoiALb0+dQHNHDtFnNGY3Oe8z1M9c5aDG3/s29QbJ +w7hEKKo9YMAEQEAAYkCJQQYAQgADwUCWj1QMgIbDAUJCZQmAAAKCRBasvrxexcr6qwvD/9b Rek3kfN8Q+jGrKl8qwY8HC5s4mhdDJZI/JP2FImf5J2+d5/e8UJ4fcsT79E0/FqX3Z9wZr6h sofPqLh1/YzDsYkZDHTYSGrlWGP/I5kXwUmFnBZHzM3WGrL3S7ZmCYMdudhykxXXjq7M6Do1 oxM8JofrXGtwBTLv5wfvvygJouVCVe87Ge7mCeY5vey1eUi4zSSF1zPpR6gg64w2g4TXM5qt SwkZVOv1g475LsGlYWRuJV8TA67yp1zJI7HkNqCo8KyHX0DPOh9c+Sd9ZX4aqKfqH9HIpnCL AYEgj7vofeix7gM3kQQmwynqq32bQGQBrKJEYp2vfeO30VsVx4dzuuiC5lyjUccVmw5D72J0 FlGrfEm0kw6D1qwyBg0SAMqamKN6XDdjhNAtXIaoA2UMZK/vZGGUKbqTgDdk0fnzOyb2zvXK CiPFKqIPAqKaDHg0JHdGI3KpQdRNLLzgx083EqEc6IAwWA6jSz+6lZDV6XDgF0lYqAYIkg3+ 6OUXUv6plMlwSHquiOc/MQXHfgUP5//Ra5JuiuyCj954FD+MBKIj8eWROfnzyEnBplVHGSDI ZLzL3pvV14dcsoajdeIH45i8DxnVm64BvEFHtLNlnliMrLOrk4shfmWyUqNlzilXN2BTFVFH 4MrnagFdcFnWYp1JPh96ZKjiqBwMv/H0kw== Message-ID: <479fe0dd-ab8d-7ac7-a541-70aedde0be24@cs.tcd.ie> Date: Thu, 12 Dec 2019 17:06:55 +0000 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.2.2 MIME-Version: 1.0 In-Reply-To: Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="Jjc2QgT8TFcrmFRs9tC5Th93GHhWFQL4q" Archived-At: Subject: Re: [Secdispatch] [EXTERNAL]Re: Clarification Question for the Comment from Eric Rescorla ( X-BeenThere: secdispatch@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Dispatch List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 12 Dec 2019 17:07:06 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --Jjc2QgT8TFcrmFRs9tC5Th93GHhWFQL4q Content-Type: multipart/mixed; boundary="0jTNkp3mlkLpJhucUlcBskE1bkyodMttg"; protected-headers="v1" From: Stephen Farrell To: Eric Rescorla , "Panos Kampanakis (pkampana)" Cc: IETF SecDispatch Message-ID: <479fe0dd-ab8d-7ac7-a541-70aedde0be24@cs.tcd.ie> Subject: Re: [Secdispatch] [EXTERNAL]Re: Clarification Question for the Comment from Eric Rescorla ( References: <12eed4ff-edd2-7f70-9460-fc86dcbab927@openca.org> <7999ebac-c9c1-eb4f-d9f7-2ba814a3b331@cs.tcd.ie> <78997490-c5ae-c856-6e26-0f79c7733ca3@openca.org> <2feb1778-7770-8a09-2066-a84663ff6b2e@cs.tcd.ie> In-Reply-To: --0jTNkp3mlkLpJhucUlcBskE1bkyodMttg Content-Type: multipart/mixed; boundary="------------D4BA9942E4109D996128285C" Content-Language: en-US This is a multi-part message in MIME format. --------------D4BA9942E4109D996128285C Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable On 12/12/2019 16:52, Eric Rescorla wrote: > Is there a reason why you don't want to do hash signatures? A good question. I'll also note that the mandatory notAfter field in x.509 (which was always a mistake;-) becomes a semantically misleading footgun with stateful signatures. So you can't just use those algs in x.509 without lots and lots of likely-unexpected cascading changes. (Changes that don't seem worthwhile to me.) Cheers, S. --------------D4BA9942E4109D996128285C Content-Type: application/pgp-keys; name="0x5AB2FAF17B172BEA.asc" Content-Transfer-Encoding: quoted-printable Content-Disposition: attachment; filename="0x5AB2FAF17B172BEA.asc" -----BEGIN PGP PUBLIC KEY BLOCK----- mQINBFo9UDIBEADUH4ZPcUnX5WWRWO4kEkHea5Y5eEvZjSwe/YA+G0nrTuOU9nem CP5PMvmh5Cg8gBTyWyN4Z2+O25p9Tja5zUb+vPMWYvOtokRrp46yhFZOmiS5b6kT q0IqYzsEv5HI58S+QtaFq978CRa4xH9Gi9u4yzUmT03QNIGDXE37honcAM4MOEtE gvw4fVhVWJuyy3w//0F2tzKrEMjmL5VGuD/Q9+G/7abuXiYNNd9ZFjv4625AUWwy +pAh4EKzS1FE7BOZp9daMu9MUQmDqtZUbUv0Q+DnQAB/4tNncejJPz0p2z3MWCp5 iSwHiQvytYgatMp34a50l6CWqa13n6vY8VcPlIqOVz+7L+WiVfxLbeVqBwV+4uL9 to9zLF9IyUvl94lCxpscR2kgRgpM6A5LylRDkR6E0oudFnJgb097ZaNyuY1ETghV B5Uir1GCYChs8NUNumTHXiOkuzk+Gs4DAHx/a78YxBolKHi+esLH8r2k4LyM2lp5 FmBKjG7cGcpBGmWavACYEa7rwAadg4uBx9SHMV5i33vDXQUZcmW0vslQ2Is02NMK 7uB7E7HlVE1IM1zNkVTYYGkKreU8DVQu8qNOtPVE/CdaCJ/pbXoYeHz2B1Nvbl9t lyWxn5XiHzFPJleXc0ksb9SkJokAfwTSZzTxeQPER8la5lsEEPbU/cDTcwARAQAB tCFTdGVwaGVuIEZhcnJlbGwgPHN0ZXBoZW5AamVsbC5pZT6JAj0EEwEIACcFAlo9 UYwCGwMFCQmUJgAFCwkIBwIGFQgJCgsCBBYCAwECHgECF4AACgkQWrL68XsXK+qG CxAApYHWYgGOIL3G6/OpkejdAkQoCVQAK8LJUSf6vzwost4iVfxIKcKW/3RqKNKk rRl8beJ7j1CWXAz9+VXAOsE9+zNxXIDgGA7HlvJnhffl+qwibVgiHgUcJFhCSbBr sjC+1uULaTU8zYEyET//GOGPLF+X+degkE/sesh4zcEAjF7fGPnlncdCCH3tvPZZ sdTcjwOCRVonKsDgQzBTCMz/RPBfEFX44HZx4g1UQAcCA4xlucY8QkJEyCrSNGpG nvGK8DcGSmnstl1/a9fnlhpdFxieX3oY2phJ1WKkYTn6Advrek3UP71CKxpgtPmk d3iUUz/VZa0Cv6YxQXskspRDVEvdCMYSQBtJPQ4y2+5UxVR9GIQXenwYp9AP2niv Voh+ITsDWWeWnnvYMq07rSDjq0nGdj41MJkNX+Yb2PXVyXItcj5ybE3T2+y3pSBG FEZYJGuaL4NwtBJFMOdOtBmUOPbetS2971EL3Izxb7ibOZWDwexv+8R6SWYfP1wV N3p46RyBQuXqJV8ccE11m6vtZTGSYgnLUUFZMRQYH+0hwuYe0T3AA18xDdSYsa8v ovCCd3l5S4UNzIM2PMChqGrEzKapUpZg7+8ACcxRU3b9Ihd7WYjJ+pQPCoWYKozv tEvenbNpE/govO/ED3B14e+R2yevRPjRrsN7PJzSf15fQLuJARwEEAEIAAYFAlo9 UqAACgkQLzyHNoBfjaLrSwf+MIHbFRQ4O5cmLYR5sIByWelN3SuRN/gW8rpKo9Ok Cz6An8uV/iCXy5tNMLzzi0BFl8f22DwBcC5qy9qnlIAdogWam1qWoTAoAD8veEqm uKhYrqJsCcAyNrKYmK0hP3rpHxx1LySDmKYXmw/8qtBXKHTouMm+5tSsznhykRMT AAr2p7PSaHgo+hIVaW/rKSspHjDhhZS+G9mtOZad1IH29M6G1Q1NCO0Ywe8krKLQ IAQlFxtgvOqpPOZNzeKBa/+KbE8TGgMWrkOhC8OeEM5PVzdDhlhD9kPzB/pCKDF5 DofJ/ZRqnDpbKPQ0bsW38AOig3kOc0A27awiBEw3urqR1YkCMwQQAQgAHRYhBH4X CgRchM9GDit5oBDvedn9g1MSBQJbtyScAAoJEBDvedn9g1MSI/oP/0A9J9nrnBMq Zpm857lfYWw+rshLK+tyeP4OQeOqnDFvs9jePpcyJLG3DF2r6VbVKPQq+AE6Uf5h cJBDEN6BjEhRPSbLcqG3A1cz/nNwm8rPmNp+oKhmaBBQGxwciMLmzgynsDydnjPp MyEs04zvsbsl4vrp2095o105l8KcrrxQrioFjbwveGwHQK9bxJKhx9D+gIk+MouB ur45UDKTZkMZrr9FGrtkyXCGAxvKdcNC5Oa8z9sj1rcUJfG/OpVAMWhArdlZbFUQ yoX6pU2Zb1CR2qpWAVerGSfBhmfCyStjARqaKxlftjO+Bj3Jj73Cr5eqej3qB5+V 4BCsPjr4RLvVbYUCPsRdxWc+nBLlfVYkRURu21g1hFm5KFPjgUkyo1s4vjUOY8Dy I+xLGF7f/IhUBG6l+Vswhpwu7ydalZkeFiPx5xna5NfbEYxvsIf71DvipGvIOaHv X4egWoFgm8n/9c3rcMxJtpwHPSsUt5dgLsyu6VE0IbvOAc3dN7CWJ355DVFJq9Zg 2YVf0izSpyyzJeGsgkfjW6xpmdvZxuT2UcN4BTcm6vYqueASGrb3lfhzC5gpeVsc /MoSjTS65vNWbpzONZWMZuLEFraxWJzC0JrDK3NCd0VN3kstqGkVbUIiYOnUm8Vu 4zoVMLlGWzHLIGoPRG2nRezn1YyNfyb5iQGcBBABCgAGBQJbxcflAAoJEGo7ETk8 pK1gE7QL/ApC5P68W5DrI1787WJVZv1u4t/g39vTr7Xer3UMTVQg10vpa7pmqOGh jIDzDMg3Pe3K3M7fVzfAlUA1qw6ne4RCueVoRKpubeF4AlYbMr0K6hNCPjt5uAxm bBVuejKTc6pru5rv5gKL0nDbr+Snft5xt7juBLSSimw0/41sZnkjCxo9rF/RA/v6 +uWyK171RKmsEYu8fFtw1eqUNt/Xj792TUixE3pxXheNtQtZGk/9P3W83ChhG4Fh 5EQsn0pIh9wZIAbMRLpgRKyW87fWHZC8/YH8h7afarvn9Thl5pFUldCe22mNJj6K LChn2aEHQd+PdY1GBpZEcmNEUPuovwzatM0h64hCzTm41eDqRfihZVBT7TbfXQnv 8rywa42Mk756RGzzEZcQEhwQXZcMQUfxIQQ2VyJo0zG36VdZTQF7TF/4Lz7/3cJ5 6jOIm+dwPXtu+C2wAQuD4USOLt4JWPYpqzDfHYJIND/497P9Z9SuQeahr2ez3DRB g3qsHEjBV7QyU3RlcGhlbiBGYXJyZWxsICgyMDE3KSA8c3RlcGhlbi5mYXJyZWxs QGNzLnRjZC5pZT6JAkAEEwEIACoCGwMFCQmUJgAFCwkIBwIGFQgJCgsCBBYCAwEC HgECF4AFAlo+o3cCGQEACgkQWrL68XsXK+qO0A//ZsfQzyXrZlu/eEV5jU620yeO M3P7SW3C3UQYdCgZ/TlvxGgKow5oDSXgjMiUyq9csGqbPBxlDYSxFZHNeDVKYIuP 2ZK24tw5k6duTh4+sFwUualTMlcp0zBCIzn3hRcsRvuPKHfl5+6oOi0+xqx3jX/s /69L/fvHmdSKet5LIUAxoYaZkTCruFrPWb01tgAl5JExWkhmCY98iD+EeiIMAWBj Mw1xV+p0uCwNbN6XDzcToK7wsm+tAIiWUy3DpP60a6WbVwdV0HNt2WZq5U5Jdh2k 4S+sN2CnYk4tTW7jHjsWarV3FLISCOObADZuB7ljU4kYfdwZ+WzenXY4LGlxGQSl AblGjwZe4EIkCXAJUtzJhoFUuGaF/PlWjxqV3UFRcgTERZTijguVyREre8GNERNg vDxZvuXssEjvz9X5JfcIZDIJpdzhLiEIj9noUbfx1SzB5KDPQj0O7elMHa1671/r wWcpGr/MfVPTOik4H7F8rcVJelceZTzC4tvya7M+jM4fyFWWt8Y4atTixUiP7U9o 4uBZCQ0GzvsmFA4XLqn2pA5rVizMXnGbGOjufAP/efEJ4ul3qvjYe8ye8DXEDjKA xo/tuHYtk19XCi83QzFhWls5TT+XQeVTMEvVqo9Wek8yoxo67qvLKKqIcG9givQd 8MxYNAbNYgSPtkbhZ8SJARwEEAEIAAYFAlo9UqAACgkQLzyHNoBfjaLzHAgAlWT6 NXEGtw/r1miKNGcopzvzILQ9oB8rKI9U9EL6tOf/y2V5oYee/GyQDb3ZdoPxxYYc Jf+RyiH1nMoqUIZiZJaf3bJXinDZ5+AdfE++UR2NBvqaNyC6u3r24jo1B/sagKbY tWgsYtRqHLD4IWi37MZrVyjBuF7u14Q07+uhjq6mX2O/tHpCYw/Q82tbeTRPyUf1 WQOAfD1kfBpW9PvAva5Iw9FWeXpCXRzwxnCZhYfGfqtuSw6CPBYLdbikqML6FZ7E DuTBb/8um1wK7Y9bgeIQC+CYjhYB5RXa1tDJRab2Js4luCvSR0w/CgHw26293tlv e2Q6UTrmHxP5U22DlokCPQQTAQgAJwUCWj1QMgIbAwUJCZQmAAULCQgHAgYVCAkK CwIEFgIDAQIeAQIXgAAKCRBasvrxexcr6tJpD/4rrILH+meP07vrx8wW5eYuqCiP GYnh/CXxIF8eLrfbe5d4QRgtq+w6UeQPMyzKRIRiCoBXB2oJLBZHyxBPxZlg33dT MrEGn8QWKx2iNuz9rZMXyOSWFetuO01d/aUPd5BnbLbIyK5of8xCQlXM6KH8bc+9 gQ7edR9mfLTdvBf2FR522hg8BRBM1imKc3vO8v39+qIHHRjuiwxBBCAOhHtHRsZX ripS0uFA07dM46Oi/E8osjx6fQt/lH5z/PN+2adxYSrLSAXfr1oD3RxYNhuWgyGF L64/VCQb1YGjf0Z5MBPnWm9jgUoOY5K9eNSS0L83WeJjlF5+Q/WOgB+rb49Prm2D Feo9+S9f2V53Llz1WIspXJg6f+n9lmHE94MfQj1GAHCzI0FeL19lvM+LhD8jJSCb hrC3+yobyy/AUOs5Z3E+njjX1FF/VCVAs6iOa6i+XG+Y1hh3ir2y1kckJ5auT10M SU8GEZu9ayU4M3o3N9yxOjaoP0NuQ4MMLL/n/u4u94AeZaHPNBXn/hVfVRRmpRXt GKvJtFAEppGEYezB+bLKIm6XlpPkhnwYzleLZ7AMEco2C6QM8QPB3g3JpS3sqRhA 5rEP4lL16BmijmF+CHoPE/zwgKZbKpyVDqvIW5IDgvfIC2X4pbZDRvGIUKaGSB4+ ksZgUUnNyvfQr2p7jokCMwQQAQgAHRYhBH4XCgRchM9GDit5oBDvedn9g1MSBQJb tySbAAoJEBDvedn9g1MSeKkQAJm44jt1kwHgQgeDBKdjdvl0AjE0xVEQxriZ6lP/ l//34YT0auFfzsYIrChSpQXAEtobBAr4Ohw1Us+BZe+H5P8vm6LRuPwozC3SjwfX 4Iec8+9ot6tIVg4sbedDSgb/CCFVjsmIGcQ1P73JLJTBJ6mxYCV/gn3QC6bwDOFo 7kD9FDHCjRN8XfhHQ4Q9cYyt06uF31qG/aumgWYC9geCGgAwiHgwxNYb9GoJ0iZj CROwbYvLTcQgsVUW2bTmsVR13UVKDsdl02sRV7qcVYW6R0a3Ra8KudX+nt25H5DR Gd382KZ5W8pydsy/viTvD9z6v0ulChBYxAedIvGIClrhbxlLEPmIg4ImVOLGqsUg Vm32J95WOjEkk4PEZ12xSDBtwhSJqmJNboWlfmw43KdIbY8zNhffIO3N6O7FsdGx mqyHeLoTpqY+ySVUPpbuyW8ujnI/J//+6hdTZ9dQsEJQlWngKuWOQ5ma58MPSN88 zllsqhZAFQjNxqnkSzL6ZQ+v/jvuRRe16B80AeO55DsmbWsMv/YLLD1mSi7+Khy2 EtMBhgojWwrGMvdLN6X3mnzNJEscYyLxM9tSk+iySP2sLthK0BVgpAzBSdaf/ezI z60P+neHDzteNFf8Mn7lmgYk1amvZoJ29s5+n2HwxyRL5dVMyMdyQmntubbctfqr Z0tIiQGcBBABCgAGBQJbxcflAAoJEGo7ETk8pK1gnCYMAJY4FeIYjlIXGghFWzsB 4fYwK1+iaFpU3fSto5qcrqVtVPjXpwqczqBWeXGyQxiB0kan4OVAXydIeaP8EAuF CA7paP3s9STLJBO3KurkwyRkPW5zo0X7xVqaVToRsX2Ul98KVJoHYQD1KdezEtwl vpNwiiBr42AYR751Vm6JBVAbQXuFpB3c8bUV0OkkRxNFtL8/2PieHar58n5dntGk bPlPkztahsFqktgacIgXHX5vaT+7YeeZ1DWLOYjGO0wNhkOSeroCmxwJUikU7joB p823L7r5KfpqWTPpSCzVstQKZUGmmoE1qCswY/Ud5wvp9SccpIILkRXj0rZRtfnE 5MpL3hjmtNzfDd9qIsJtBJlSB2hZwAsVm1l+EWN9hG3tqyA43niUMy2n6q690of3 berSiQ+kvY/aC9Hx8I+bKzOV9/J2VUTqfaPZa4Uy2rVX5Q2p69n/PMj7mEer0rCL 3j9V16J9c+s0BSkXoKdtYdB0TWVhBgUybd9qtYcwHWvhP7QuU3RlcGhlbiBGYXJy ZWxsIDxzdGVwaGVuQHRvbGVyYW50bmV0d29ya3MuY29tPokCPQQTAQgAJwUCWj1R WgIbAwUJCZQmAAULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgAAKCRBasvrxexcr6jsc EADEcB0WQEZn2AkrzDs1RhL0Lp6cZi0BigofkbcGfdhJyMSs19C0dhvncrAFClVI 6/Udw3yFtDyYtOCf2W3M3A1K6/RfEizCLzTsdFIhni9gOJLlUpXViQtgrlstjk7h qVV3Ooz4BlCqS4cG7rfqf4LQQPpTAuFUEV9I28FBUB2irqC+v4gTysIgpMw0bA1y BU9sX5jE/tRkzqnuzZrkwiobDtRFJ9qp+7O2JtcY4EsVtLAsaodJKc5cF8R4OvB1 n66vxxcgg9Eh4JNWZ47xsaCmAGo1Bcb2jIY35OtgAL7gCGLRSMKTtAaPy1/fEgIq hCljJ9x40Fkn/3r2BX21WC9HFSPFTBz2RluLRzxdgxOrkYK8EiHUPoE5b1AEzZKw 2AbeXfr57f5zYsN3IqfbQLUjMYtUN1wK3Pjb+idD972wyXMWt8uOzlI7b9Ocu+nY m2whBfJv9Pmp3QYTmPz+LB9lH65VNVUSxSXVr5iWXO3qx1HtEiGEqkporMQCTh3T 5Ud3PvMSRBFFKNs9WhJ/Lxz+SV30WLwG6dr5mQqlzAhb4Phc/zekZyXRdS/oDKrB LUucS36O//49JeyRi1QvOfxnfmIqRIAf/k3PoYJmTo5E82//r5Qj3YGlRu78ba0H Arxs+ACD6AnEHHcbswpbtVEKYzlSu0Ar0Dc7vRWM/IyQdIkBHAQQAQgABgUCWj1S oAAKCRAvPIc2gF+NosIsB/9f/29FNla3BJfGIEIDnhrqGD0i9bSa89SqBd++uG06 TQgW5wsqtNcrwn81yZTq6XE6i9VtD4GKfqC0d4KZJr9bnbeD81cI64VOdL8zJWJs 0vj5EIXCobKyX74Kb4uePUyZqwT2Q74I116u/HwA9/FXsPo5isbh4ZqD4t0VHpWk mfq1FPT9a/JPyX46qKqB2Fce/7Qy+SQP1NfkuUlbhUH/JG9aSSYvk3lznNiH41x9 M+FDlL106itXOubrl3oi2fT3fsSedq7uzt+IV0DQEeNaoQAUuwEhdB8IWOMqN2wo DjGVKJftfsSWY9ilZrnDBNDrp0vRqcx33LUMkIw4d7iBiQIzBBABCAAdFiEEfhcK BFyEz0YOK3mgEO952f2DUxIFAlu3JJwACgkQEO952f2DUxJjuw/6ApHSsVTWD4a0 H6FJ23A9Ftpy+aXZ4vYlzkSrfsn2ECrEfK3lXQh/uzwjJUDYZeB1/BQsFZtcYNQO JSSHbQ49BFRLwb1J/wBZG4bbmrkLxnNbKDKQvzxEpclkMW0Dj0J6o7kGrmzIGGrh B+JJN99AcineHRug8ZSFIERRCmigxdhAKU0BFD7P+5HNHltSL3DF1c2fFOf2JrgB KVoE+9RhMZjWNbYetFFLCkjXb5Rpay9zeMm1DxfSTGAnuOwUXW6qq4hnl5+VC/48 ceDZElLLfu7RQUZv44pkSTOWZs+iQoJiHMFHk9wPqyB2Vok1yJ2a2j27WhXrJlPw nZbgJO5RyWDG3p/eVmpl5Uuc2dsfIpR17KnAuWpghK6V+cyFncDoGCl/YG2Mvool sW08FiZh3Ej4dnJjj25TZkeFG74JJDXLvMYpJfSBGnmETv4Dhcm2xPqVMuFuL1qJ lMbVLrMo2GXeo03OzNyvbs+u8WLIaGm5hC7N1CXY8wZs4jo6OJ/expvnc07dEuws 4zT3AiWv3nIouWReRStZy9QkavDocqbyPmilcdPCYk4BsOlzpwwO74hNG7iyl0Kd AlwTxGQ7y0rJou6HYa1TmRhIEr3vKvlW+JfUUrqtjXgsuacTXo4+Ira2JUErL2cY zQMq1j4r1ZyhFnuz93s7Rsx/Nw0+0YuJAZwEEAEKAAYFAlvFx+UACgkQajsROTyk rWCJqwv+NLVPE4sD4sDA2/6Ek7UsRIUkg+S39fhqWsLc4rtw/mDunv8Un61I3K04 fZ2Ry4nF9hZM0a710UvXFbStvrzRJO3EAAcdJR9LTCd19e8UeruQbIee3YT91U4N kC9JMpecfq62/teOAU2e5P3fWYaLs5ZX7zCLwWuBcW2l3SyoljQczM85HhJ3XHm+ FnwQ6D9xRle+lvWTcuC9d1yAyUb8IOospcL2lJTmy8e3r79R24hPlSB4LDe0wEN8 AXbagrcAQZjwyaHyWxjJbTwZ0b43WGdfIqZ1ElOeoffbketPGRmWvx5xUvb2ALFB BdETzV270gs5XDJgJ1SIIKOyDADxwvroTe2jD8C/841eEql5QSow3s/U3zRqk3mt tto8Qw/DN71aeh6dmYSsvd2UjsHw/vofOPRBGxZLEkKTEvMnhmMW9hiKPkPia+Qg evYE020qpKSxLEdWA8nprHwxmGiDNesCfXSC6vm1qfyj5g8HzxSckq9ZaMhKMCo7 vxflUEDuuQINBFo9UDIBEAD6DdHQfMav8OXfhjTteoarOrlJTSdci727xiezGPuB HmpvceBRZgRasdbaMc4HJee+R9+5x/nLPCuy/DxDyIjwIUeJNgc+l7LjI9WfpHTD 8U4xxjvR5Mi7+ToQQUOUNuzT0O0pyuxP1uY3RehHEhOVfBZO59ipSeZL5iQC6T5M sK1SKfs51pLa5ToC1rc8tBJ4zZmxRAyZiYc/AH2uZ/6rYjTTkAn1DVI9DYo2D/zE 4bGjXdJW5pKphFB2lX3dG4I7ODi+5e1H6A/QpCu6z8/ZkIQ+9T1xcX/YwiFeA7Pb TuW/eITbMbI1eV3+fyym9aT7Rsflmp31Zxtr+sZwGGZf00ooMBFmqOS//NUQ/Vf3 vDUew1h5QU1yDaWT3NApvi+XWPH9TPy6TMfZA2FThHf11sX/gDBa5JWQZbptPEcm oazpiKZt91CrFPOaoXDPck/Q61dfmr/oPikfByYnASIM3OwEuXqyQ9JDRfKrem5r +oA/wxWb5jELElAhOpnyqMMvOh7uz1foUssL8MAv2TGXmxpVJ8Nu4je6wf96Z22f Q0D38zud+CKH3bMP3ayXXJBcdPoENrzFbWP5FTg/4TTDJ3vOAHZR5iCunYghx8b7 Ffa4UbkwlD+dh8GiIAtvT51Ac0cO0Wc0Zjc57zPUz1zloMbf+zb1Bsn7DuEQoqj1 gwARAQABiQIlBBgBCAAPBQJaPVAyAhsMBQkJlCYAAAoJEFqy+vF7FyvqrC8P/1tF 6TeR83xD6MasqXyrBjwcLmziaF0Mlkj8k/YUiZ/knb53n97xQnh9yxPv0TT8Wpfd n3BmvqGyh8+ouHX9jMOxiRkMdNhIauVYY/8jmRfBSYWcFkfMzdYasvdLtmYJgx25 2HKTFdeOrszoOjWjEzwmh+tca3AFMu/nB++/KAmi5UJV7zsZ7uYJ5jm97LV5SLjN JIXXM+lHqCDrjDaDhNczmq1LCRlU6/WDjvkuwaVhZG4lXxMDrvKnXMkjseQ2oKjw rIdfQM86H1z5J31lfhqop+of0cimcIsBgSCPu+h96LHuAzeRBCbDKeqrfZtAZAGs okRina9947fRWxXHh3O66ILmXKNRxxWbDkPvYnQWUat8SbSTDoPWrDIGDRIAypqY o3pcN2OE0C1chqgDZQxkr+9kYZQpupOAN2TR+fM7JvbO9coKI8Uqog8CopoMeDQk d0YjcqlB1E0svODHTzcSoRzogDBYDqNLP7qVkNXpcOAXSVioBgiSDf7o5RdS/qmU yXBIeq6I5z8xBcd+BQ/n/9Frkm6K7IKP3ngUP4wEoiPx5ZE5+fPIScGmVUcZIMhk vMvem9XXh1yyhqN14gfjmLwPGdWbrgG8QUe0s2WeWIyss6uTiyF+ZbJSo2XOKVc3 YFMVUUfgyudqAV1wWdZinUk+H3pkqOKoHAy/8fST =3DYzQY -----END PGP PUBLIC KEY BLOCK----- --------------D4BA9942E4109D996128285C-- --0jTNkp3mlkLpJhucUlcBskE1bkyodMttg-- --Jjc2QgT8TFcrmFRs9tC5Th93GHhWFQL4q Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEW7Wm6ldl0sWGPK4nWrL68XsXK+oFAl3yc68ACgkQWrL68XsX K+p4GA/+NBscSUCcQCmBZYoPqRpnDkIz1eXYoJm/IBKqYA1+wvmnH3WNTbEzs8xc tGBHrRGwOJYtLmei+6pr0jtRoy+2VA18uJWchUuVEl3WYploUkVlrSXjdB8RSbTY xkRUi6TBt5YMGhkK3W8ecu4lWYYcUwHoL3ONPfFfGODDt6WCBgzul/uBueYQC6H2 JIz6OniZjiN+4w/Iz2buVFBHG7nkodN1I51Yu5OyXO3dl0mM31uaJMrrmLsAdv6k 5aOv5FlrMj+00mpdZ2Te2kCkxKi7rlHjTtQYdMGICDgJcbiHk0EEeDmklj4a0bTk 2uGMNGA7twN3hZzJtC6sLadi7YWy1KUTDecEM+eWTB913YsvNc8vALpk5L0HhNqQ dNqKtSrrAApXDPRG/8U14NO4o4fsXuYh4q58BRxDaH6TFeYOKIiu87F61p1wkAI6 MaVSu+o7EzUNVvM8nSSMshuyNIJCDtofndBEZj2ksw4RTAAkH20erq5GitiHK5oE YG3rdwy+lfMlapmSh48PsPym0b7n0BkVbH2viLIJe5+QN1BDTg/d6zTOnuDMMmvt ZyliKcTCdV0sGpJPNSkvfPoxZhBp5C3XY6xAO+K0w0olfk+YC1D1k5ykdLPcbvaV JJVV43BBjNE2c1HagqxiP0dQC6a07tlm/ddSsqnPTT5DvkxaeBE= =850H -----END PGP SIGNATURE----- --Jjc2QgT8TFcrmFRs9tC5Th93GHhWFQL4q-- From nobody Thu Dec 12 13:32:31 2019 Return-Path: X-Original-To: secdispatch@ietfa.amsl.com Delivered-To: secdispatch@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1196712013B for ; Thu, 12 Dec 2019 13:32:30 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.199 X-Spam-Level: X-Spam-Status: No, score=-4.199 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Tw4YdhwSK_Bw for ; Thu, 12 Dec 2019 13:32:27 -0800 (PST) Received: from tuna.sandelman.ca (tuna.sandelman.ca [209.87.249.19]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 87965120024 for ; Thu, 12 Dec 2019 13:32:27 -0800 (PST) Received: from sandelman.ca (obiwan.sandelman.ca [IPv6:2607:f0b0:f:2::247]) by tuna.sandelman.ca (Postfix) with ESMTP id 80E3C38998; Thu, 12 Dec 2019 16:28:36 -0500 (EST) Received: from localhost (localhost [IPv6:::1]) by sandelman.ca (Postfix) with ESMTP id 1799D726; Thu, 12 Dec 2019 16:32:26 -0500 (EST) From: Michael Richardson To: "Panos Kampanakis \(pkampana\)" cc: Stephen Farrell , IETF SecDispatch In-Reply-To: References: <12eed4ff-edd2-7f70-9460-fc86dcbab927@openca.org> <7999ebac-c9c1-eb4f-d9f7-2ba814a3b331@cs.tcd.ie> <78997490-c5ae-c856-6e26-0f79c7733ca3@openca.org> <2feb1778-7770-8a09-2066-a84663ff6b2e@cs.tcd.ie> X-Mailer: MH-E 8.6; nmh 1.7+dev; GNU Emacs 24.5.1 X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m Archived-At: Subject: Re: [Secdispatch] [EXTERNAL]Re: Clarification Question for the Comment from Eric Rescorla ( X-BeenThere: secdispatch@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Dispatch List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 12 Dec 2019 21:32:30 -0000 --=-=-= Content-Type: text/plain Panos Kampanakis (pkampana) wrote: >> Sorry if I've missed it, but who do we have that is calling for a >> post-quantum PKI solution to be developed now, but who is not >> promoting one such? > We (Cisco) will need PQ PKI (not WebPKI) solution for image > signing. When talking about chips that are designed now and will live > in the field for decades, we would like to design today instead of wait > for 2030. Note we are spending (not making) money on PKI, so we are not > trying to corner a market. As a variation of what EKR asked, you are asking for PQ-PKI, but your use case is image signing. I can see why having a set of chainable signed objects (i.e. a PKI) would more useful than just a hash-based signature, if you can do it simply. It seems like draft-ietf-cose-hash-sig-09 plus draft-birkholz-core-coid might be useful here. -- Michael Richardson , Sandelman Software Works -= IPv6 IoT consulting =- --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQEzBAEBCAAdFiEEbsyLEzg/qUTA43uogItw+93Q3WUFAl3ysekACgkQgItw+93Q 3WWtiwgAhL7ijgfBaoj1RLaevcTiEg8nrjWDq9TILD2fNwUgH5OpzUZ9hOSHEmDf /V1FAgxLihvV86c2F3NFy6xj7sbX+siBkKLPVOD5rFWF5rBMMkxEQ5D+FxyLF+2o rtx3zEkjtY3d2mMueGC0wPqendOmyz/rGk7nmrrq2zvoBMyo9LNPBOwcMufpuMvj 7pXKDPujDv2UKhrxZiqEG0GVmvSLw+Cd17IS89mIpKoFLl7mipNO7QCEMqDQFqoG vuf7BXs71gmENy3uU+/KEY/u+h7q9M5Bwaf1uqqYJmgllEV9iGAQxQF7EHxPGQ8C 4JrBMstj2sr0D9BeyL4B6uW/k1fNcg== =b/qy -----END PGP SIGNATURE----- --=-=-=-- From nobody Thu Dec 12 18:56:34 2019 Return-Path: X-Original-To: secdispatch@ietfa.amsl.com Delivered-To: secdispatch@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8A88112081C for ; Thu, 12 Dec 2019 18:56:32 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -14.499 X-Spam-Level: X-Spam-Status: No, score=-14.499 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=knE0F/Ja; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=o1hnP6Tg Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zkQ-Ip5KF6LM for ; Thu, 12 Dec 2019 18:56:29 -0800 (PST) Received: from rcdn-iport-4.cisco.com (rcdn-iport-4.cisco.com [173.37.86.75]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 562CD12010F for ; Thu, 12 Dec 2019 18:56:29 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=27198; q=dns/txt; s=iport; t=1576205789; x=1577415389; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=/PbeFPO2tLM3Y0VaYbqu63FfRxgkIWB+k4sgegQAhss=; b=knE0F/JakasZ3oRRm9njKSOs2qb9PfuPS5jH5NcDVTdZWVyWmQp11K8T k/vF/EHl8rtZnL6vJDvPntL8t3iL6kuwrkR9ouhe5zQAyvVm2izxxB56B 63SxLn29yLhmdgXamnstxGfdG57cRvvlLhTRYxx76f0mwCZuMi15QlDk2 o=; IronPort-PHdr: =?us-ascii?q?9a23=3A6aiHcBZts+Jz6Ic3mJy3l+L/LSx94ef9IxIV55?= =?us-ascii?q?w7irlHbqWk+dH4MVfC4el20gabRp3VvvRDjeee87vtX2AN+96giDgDa9QNMn?= =?us-ascii?q?1NksAKh0olCc+BB1f8KavybCU/BM1EXXdu/mqwNg5eH8OtL1A=3D?= X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0DrCADy/PJd/4oNJK1lHQEBAQkBEQU?= =?us-ascii?q?FAYF+gRwvJAUnBWxYIAQLKoQDg0YDiwyCX5gGglIDVAkBAQEMAQEYAQ4GAgE?= =?us-ascii?q?Bg3tFAheBcyQ4EwIDDQEBBAEBAQIBBQRthTcMhV4BAQEBAQEBAQEQCwYKEwE?= =?us-ascii?q?BLAQHAQQHBAIBCA4DAQMBAQEdCgMCAgIlCxQDBggCBAENBQgTB4MBgXlNAw4?= =?us-ascii?q?gAQIMoxYCgTiIYXWBMoJ+AQEFgTUBE0GDAxiCFwMGgTaMGBqBQT+BEUeCTD6?= =?us-ascii?q?CZAEBAYFVDwUHCRYJgloygiyNKiMgA4I+hVSYcQqCMIckjnCaQY5LiEyRcQI?= =?us-ascii?q?EAgQFAg4BAQWBaSIqgRoMCHAVO4JsUBEUV4w7CwEXFW8BAYJKhRSFP3QBC4E?= =?us-ascii?q?cjDSCPwEB?= X-IronPort-AV: E=Sophos;i="5.69,308,1571702400"; d="scan'208,217";a="683093019" Received: from alln-core-5.cisco.com ([173.36.13.138]) by rcdn-iport-4.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 13 Dec 2019 02:56:27 +0000 Received: from XCH-ALN-007.cisco.com (xch-aln-007.cisco.com [173.36.7.17]) by alln-core-5.cisco.com (8.15.2/8.15.2) with ESMTPS id xBD2uR6s018986 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Fri, 13 Dec 2019 02:56:27 GMT Received: from xhs-rtp-003.cisco.com (64.101.210.230) by XCH-ALN-007.cisco.com (173.36.7.17) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Thu, 12 Dec 2019 20:56:27 -0600 Received: from xhs-rtp-002.cisco.com (64.101.210.229) by xhs-rtp-003.cisco.com (64.101.210.230) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Thu, 12 Dec 2019 21:56:25 -0500 Received: from NAM12-BN8-obe.outbound.protection.outlook.com (64.101.32.56) by xhs-rtp-002.cisco.com (64.101.210.229) with Microsoft SMTP Server (TLS) id 15.0.1473.3 via Frontend Transport; Thu, 12 Dec 2019 21:56:25 -0500 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=F/E/JbVHVWexmPUgPkTYyOtfUL/XlRAr/gSXLnOWk/Sm3Qjx/MuIbjymCYOCh0At/I1o/WlI9+UCaMnhYB2WCV9WN2oPEppjJV+Oa9nAN+UypO+F8KCkflLJ/iz+vAFW+bHkyaaYGQchuiFjoJNjT+SrER7v+UIwhtFZdwXRbS4yLMzyx6GnCnLfU5Wl57xNZaFPn5sfV37YFiLoxw/oX7+A174EWt9CP9Kdug+xkBCI4Dn0HKM6d1k9n0D5308JmHMRHBMz5q6TdIicke9XzjxX1jNPfR6KasKNoAVxw934PIOlgQoEVI+zYnHujxe+eN3nYUG1ioKFcJ7UOdyLLQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=/PbeFPO2tLM3Y0VaYbqu63FfRxgkIWB+k4sgegQAhss=; b=RBARADt8fM8Vop9LHJxgDrmX8trzfuveRKkwLFpb5KIZLjZhnel69d7XufZeT46jNmnC2HWfHWEMA/UBp21IUp5qn2EuCqHkQvqDDyVXVr4V9f8+AWvTp5L0ZqgbemFpZCYDzde4xv8Bj/LRk5H+pWnrGH8xTNI2aULMUyn9DvhlnYLI8MwkIUwd1qCfpXfAcqEObCDd76NWOvI2wuYnW9ldStcUNEeBgxL8aMUrDIz76iS/kgor8hZpHGI5I+0RIjy4pukqEvN5j2OnL/40rluk4WKKeYgsdIaMALBpdc8Qxlpstq+jWKlIsTiR1l0kKEZNArq/qFX5i94YKITQBA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=/PbeFPO2tLM3Y0VaYbqu63FfRxgkIWB+k4sgegQAhss=; b=o1hnP6TgD7u8kZj6yl128kivwJPqh1itNWkgC7+f3UmuNt9A8UrlWE32ceiXQQr4M1qouZy3KHed+IqFLEFrT0s5tHS5AaiL69luKIQq7vIj8TaLAnaybHkYC3p7kja3V0y3uXEQ4I5qJb6tP+/DIqnisSiWYKYb4tLgudM1w1k= Received: from DM6PR11MB2555.namprd11.prod.outlook.com (20.176.98.161) by DM6PR11MB4331.namprd11.prod.outlook.com (52.132.251.140) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2516.13; Fri, 13 Dec 2019 02:56:25 +0000 Received: from DM6PR11MB2555.namprd11.prod.outlook.com ([fe80::8daa:f960:32db:8b77]) by DM6PR11MB2555.namprd11.prod.outlook.com ([fe80::8daa:f960:32db:8b77%6]) with mapi id 15.20.2538.016; Fri, 13 Dec 2019 02:56:24 +0000 From: "Panos Kampanakis (pkampana)" To: Eric Rescorla , Stephen Farrell , Michael Richardson CC: IETF SecDispatch Thread-Topic: [Secdispatch] [EXTERNAL]Re: Clarification Question for the Comment from Eric Rescorla ( Thread-Index: AQHVrjKMrM9madKCMEWb+FBPgD9H8KexDWsAgAFDtLCABGuCAIAAALpg Date: Fri, 13 Dec 2019 02:56:24 +0000 Message-ID: References: <12eed4ff-edd2-7f70-9460-fc86dcbab927@openca.org> <7999ebac-c9c1-eb4f-d9f7-2ba814a3b331@cs.tcd.ie> <78997490-c5ae-c856-6e26-0f79c7733ca3@openca.org> <2feb1778-7770-8a09-2066-a84663ff6b2e@cs.tcd.ie> In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: spf=none (sender IP is ) smtp.mailfrom=pkampana@cisco.com; x-originating-ip: [2001:420:c0c4:1006::5b] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: f92ea56d-c184-42e5-17dc-08d77f780ac9 x-ms-traffictypediagnostic: DM6PR11MB4331: x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:10000; x-forefront-prvs: 0250B840C1 x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(366004)(376002)(136003)(396003)(346002)(39860400002)(199004)(13464003)(189003)(76116006)(5660300002)(71200400001)(186003)(66556008)(64756008)(316002)(66446008)(81166006)(81156014)(8936002)(55016002)(478600001)(8676002)(4326008)(966005)(110136005)(66946007)(86362001)(7696005)(33656002)(2906002)(66476007)(52536014)(9686003)(6506007)(53546011); DIR:OUT; SFP:1101; SCL:1; SRVR:DM6PR11MB4331; H:DM6PR11MB2555.namprd11.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1; received-spf: None (protection.outlook.com: cisco.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: iUuG9T4zNvHGXU3woHIbzAUx+QlG99DbbEpvWNzgput1iYoy5VzKF+tDMiutHUEkaGWZ7+xp3da+W13AVHxEeF9k4ZJQJU7WKOh9ptie2e2ZjISR/1F2E/4xmv4lDOPjxFoGr1VNkcDelp6LtlOlTj9mrYDmWrZrKawHb3amHqA+AnVAyQWdAH6DJVbF1Acrgez0Zxgg9WyAr7yVo4jtk1kRTpzInFRzpsb1H8VvDb/YAtxLDdMXqOM+L0ux2Ipg8wsWf6+iB7XaVtV4hwYC7LN/wiuuQ8QSVkUxLy6sMiWn1WS3+t5bB+J8GPWKzFd+aQO+pLauZfe99vewXGe147Hk6JbJfdYR/VFyoBKGC1E7eWvaYZ+/uN/7S7Sh8xqMzIisORgRrUO5fPW2teMCl4HrOQWcjctYxCKDX4GuS3qp6IVLXqAxcEzRUQ1JfJY/Cg1PbVBOv5hOCodF0zUwYz+DL4yHa+Oi/u4v0Q39389pZgn0Bcri2QUgkPs55f6JgoyNEmXoJu0mNNeHpsWJskGg5Mky+TOiXGmMJWvyp8w= x-ms-exchange-transport-forked: True Content-Type: multipart/alternative; boundary="_000_DM6PR11MB2555C062D7FC31DC30A6357DC9540DM6PR11MB2555namp_" MIME-Version: 1.0 X-MS-Exchange-CrossTenant-Network-Message-Id: f92ea56d-c184-42e5-17dc-08d77f780ac9 X-MS-Exchange-CrossTenant-originalarrivaltime: 13 Dec 2019 02:56:24.6810 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: TedLV5ttrLUALZqjFrXNMOsA5sso+oKwxL8HqKZhL3ZuP2anNkgw3jsm1MLFL/J4sbXRdgd6dFxqkngNsqrF8A== X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR11MB4331 X-OriginatorOrg: cisco.com X-Outbound-SMTP-Client: 173.36.7.17, xch-aln-007.cisco.com X-Outbound-Node: alln-core-5.cisco.com Archived-At: Subject: Re: [Secdispatch] [EXTERNAL]Re: Clarification Question for the Comment from Eric Rescorla ( X-BeenThere: secdispatch@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Dispatch List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 13 Dec 2019 02:56:33 -0000 --_000_DM6PR11MB2555C062D7FC31DC30A6357DC9540DM6PR11MB2555namp_ Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 SGkgRWtyLCBTdGVwaGVuLCBNaWtlLA0KDQoNCj4gQXMgYSB2YXJpYXRpb24gb2Ygd2hhdCBFS1Ig YXNrZWQsIHlvdSBhcmUgYXNraW5nIGZvciBQUS1QS0ksIGJ1dCB5b3VyIHVzZSBjYXNlIGlzIGlt YWdlIHNpZ25pbmcuDQoNClVFRkkgU2VjdXJlIEJvb3QgKGluIGVzc2VuY2Ugd2hhdCBJIG1lYW50 IGJ5IGltYWdlIHNpbmdpbmcpICB1c2VzIGEgUEtJIGFyY2hpdGVjdHVyZS4gVGhlcmUgaXMgYSBQ cm9kdWN0IEtleSBQSyAocm9vdCBDQSkgdGhhdCBlc3RhYmxpc2hlcyBhIHRydXN0IHJlbGF0aW9u c2hpcCBiZXR3ZWVuIHRoZSBwbGF0Zm9ybSBvd25lciBhbmQgdGhlIHBsYXRmb3JtIGZpcm13YXJl LiBUaGUgUEsgc2lnbnMgS0VLcyB3aGljaCBlc3RhYmxpc2hlZCBhIHRydXN0IHJlbGF0aW9uc2hp cCBiZXR3ZWVuIHRoZSBwbGF0Zm9ybSBmaXJtd2FyZSBhbmQgdGhlIG9wZXJhdGluZyBzeXN0ZW0u IFRoZXNlIGFyZSBtb3N0bHkgaW4gWC41MDkgdG9kYXkuIE1vcmUgaW4gWzJdLg0KDQo+IElzIHRo ZXJlIGEgcmVhc29uIHdoeSB5b3UgZG9uJ3Qgd2FudCB0byBkbyBoYXNoIHNpZ25hdHVyZXM/DQoN CkhCUyBpbmRlZWQgbG9va3MgbGlrZSB0aGUgYmVzdCBvcHRpb24gZm9yIHRoaXMgdXNlY2FzZS4g Tm90IG5lY2Vzc2FyaWx5IHN0YXRlZnVsLiBXZSBoYXZlIHNvbWUgcHJlbGltaW5hcnkgYW5hbHlz aXMgb24gdGhpcyBpcyBpbiBTZWN0aW9uIDMgaW4gWzFdLiBNb3JlIHRvIGNvbWUgc29vbi4NCg0K QnV0IHdlIGNhbuKAmXQgZ28gZGlyZWN0bHkgdG8gcHVyZSBIQlMgYmVjYXVzZSBhbHJlYWR5IGRl cGxveWVkIG1hY2hpbmVzIGluIHRoZSBmaWVsZCB3aWxsIG5vdCBib290IGF0IGFsbCBhbmQgdXBn cmFkaW5nIEJJT1MgaXMgbm90IHNpbXBsZS4gQWxzbywgd2UgY2Fu4oCZdCBnbyB0byBwdXJlIEhC UyBiZWNhdXNlIGl0IHdpbGwgbm90IGJlIEZJUFMgYXBwcm92ZWQgZXZlbiBhZnRlciB3ZSBoYXZl IGEgc3RhbmRhcmRpemVkIFBRIG9wdGlvbi4gU28sIHdlIGhhdmUgdG8gZG8gc29tZSBzb3J0IG9m IGNvbXBvc2l0ZSBSU0ErcG9zdC1xdWFudHVtIChOSVNUIGhhcyBwdXQgb3V0IGEgc3RhdGVtZW50 IHRoYXQgc2F5cyB0aGF0IGEgY29tcG9zaXRlIHdpbGwgc3RpbGwgYmUgRklQUyBhcHByb3ZlZCBp ZiB0aGUgY2xhc3NpY2FsIHBhcnQgaXMpLiBUaGUgRklQUyBhcmd1bWVudCBpcyBpbXBvcnRhbnQu IFdhaXRpbmcgZm9yIFBRIHN0YW5kYXJkaXphdGlvbiBpcyBvbmUgdGhpbmcsIGJ1dCBGSVBTIGFw cHJvdmFsIHdpbGwgdGFrZSBldmVuIGxvbmdlciBhbmQgdW50aWwgdGhlbiB3ZSAoQ2lzY28pIHdh bnQgdG8gZG8gc29tZSBzb3J0IG9mIGNvbXBvc2l0ZSBiZWZvcmUgdGhlbi4NCg0KTm90ZSB0aGF0 IEkgYW0gbm90IGludGVyZXN0ZWQgaW4gZ2V0dGluZyBhbiBYLjUwOSBPSUQgZm9yIFJTQStIQlMs IEkgd2FudCBhIGRlZmluaXRpb24gb2YgaG93IGNvbXBvc2l0ZSB3b3VsZCB3b3JrIHNvIEkgY2Fu IGVzdGFibGlzaCB0aGUgcmVxdWlyZW1lbnRzIGZvciB0aGVzZSBmdXR1cmUgY2hpcHMgc3VwcG9y dGluZyBjb21wb3NpdGUgdmVyaWZpY2F0aW9uLg0KDQoNCj4gSXQncyBub3QgYXQgYWxsIGNsZWFy IHRvIG1lIHRoYXQgZGF0YSBpbnRlZ3JpdHkgbm9yIG9yaWdpbiBhdXRoZW50aWNhdGlvbiBpbiB0 aGF0IHRpbWVmcmFtZSBvdWdodCBiZSB0aWVkIHRvIHguNTA5IGNlcnRpZmljYXRlcyBhdCBhbGwu DQoNClN0ZXBoZW7igJlzIGNvbW1lbnQgYWJvdXQgbm90IGRvaW5nIGl0IGluIFguNTA5IGlzIHZh bGlkLiBXZSBjb3VsZCB1c2UgYSBjb21wb3NpdGUgYmxvYiBhbmQgdXNlIGl0IGluIG91ciBvd24g Y3VzdG9tIHdheS4gVHdvIGlzc3VlcyB3aXRoIHRoYXQ6DQoNCiAgMS4gIFVFRkkgY2hhaW5zIG9m IHRydXN0IGhhdmUgYmVlbiBtb3ZpbmcgdG8gWC41MDkgYW5kIHRvIENNUy9QS0NTIzcgZm9yIHRo ZSBzdyBzaWduYXR1cmVzLiBJIGFtIG5vdCBjbGFpbWluZyB0aGVyZSBhcmUgbm8gY3VzdG9tIGtl eXMvc2lnbmF0dXJlIGZvcm1hdHMgbm93aGVyZSwgYnV0IG1vc3QgVUVGSSB2ZW5kb3JzIGhhdmUg YmVlbiBtb3ZpbmcgYXdheSBmcm9tIHRoZW0uIFNvIGdvaW5nIHRvIGN1c3RvbSBrZXkgcmVwcmVz ZW50YXRpb25zIG9yIENPU0Ugd291bGQgYmUgYSBzdGVwIGJhY2t3YXJkcyBvciBzaWRld2F5cy4N CiAgMi4gIEFsc28gT0VNIHZlbmRvcnMgdGhhdCBpbmNsdWRlIHNpZyB2ZXJpZmljYXRpb24gaW4g dGhlaXIgY2hpcHMgb3IgRlBHQXMgc2hvdyBwcmVmZXJlbmNlIGluIHdlbGwtZGVmaW5lZCBzcGVj cyBwcm9iYWJseSBiZWNhdXNlIHRoZXkgY2FuIHJldXNlIHRoZW0gZm9yIG90aGVyIHVzZWNhc2Vz Lg0KVGhhdCBpcyB3aHkgd2UgKENpc2NvKSB3b3VsZCBwcmVmZXIgdG8gc2VlIGEgc3RhbmRhcmQg d2F5IG9mIGRvaW5nIGNvbXBvc2l0ZSBzaWdzIGZvciBVRUZJIChpbiBYLjUwOSBhbmQgaW4gQ01T IHRvIGJlIGhvbmVzdCkgaW5zdGVhZCBvZiBkZWZpbmluZyBvdXIgb3duLiBXZSBwcm9iYWJseSBk b27igJl0IHdhbnQgdG8gc29sdmUgdGhpcyBtYW55IHRpbWVzLCBvbmNlIGJ5IGVhY2ggdmVuZG9y LCBvbmNlIGluIENNUywgb25jZSBVRUZJIFBLSS4NCg0KSSB0b3RhbGx5IGFwcHJlY2lhdGUgdGhl IGNvdW50ZXItYXJndW1lbnQgYWJvdXQgY29tcGxleGl0eSBhbmQgcG90ZW50aWFsIGNhbnMgb2Yg d29ybXMsIGJ1dCBJIGFtIGFmcmFpZCB2ZW5kb3JzIHdpbGwgaGF2ZSB0byBhZGRyZXNzIHRoaXMg ZWl0aGVyIGluZGl2aWR1YWxseSBvciBhcyBhIGdyb3VwLiBBbmQgbXkgYXJndW1lbnQgd291bGQg ZG9pbmcgaXQgYXMgYSBncm91cC4NCg0KUmdzLA0KUGFub3MNCg0KWzFdIGh0dHBzOi8vZXByaW50 LmlhY3Iub3JnLzIwMTkvMTI3Ni5wZGYNClsyXSBodHRwczovL2RvY3MubWljcm9zb2Z0LmNvbS9l bi11cy93aW5kb3dzLWhhcmR3YXJlL21hbnVmYWN0dXJlL2Rlc2t0b3Avd2luZG93cy1zZWN1cmUt Ym9vdC1rZXktY3JlYXRpb24tYW5kLW1hbmFnZW1lbnQtZ3VpZGFuY2UNCg0KDQoNCkZyb206IEVy aWMgUmVzY29ybGEgPGVrckBydGZtLmNvbTxtYWlsdG86ZWtyQHJ0Zm0uY29tPj4NClNlbnQ6IFRo dXJzZGF5LCBEZWNlbWJlciAxMiwgMjAxOSAxMTo1MiBBTQ0KVG86IFBhbm9zIEthbXBhbmFraXMg KHBrYW1wYW5hKSA8cGthbXBhbmFAY2lzY28uY29tPG1haWx0bzpwa2FtcGFuYUBjaXNjby5jb20+ Pg0KQ2M6IFN0ZXBoZW4gRmFycmVsbCA8c3RlcGhlbi5mYXJyZWxsQGNzLnRjZC5pZTxtYWlsdG86 c3RlcGhlbi5mYXJyZWxsQGNzLnRjZC5pZT4+OyBJRVRGIFNlY0Rpc3BhdGNoIDxzZWNkaXNwYXRj aEBpZXRmLm9yZzxtYWlsdG86c2VjZGlzcGF0Y2hAaWV0Zi5vcmc+Pg0KU3ViamVjdDogUmU6IFtT ZWNkaXNwYXRjaF0gW0VYVEVSTkFMXVJlOiBDbGFyaWZpY2F0aW9uIFF1ZXN0aW9uIGZvciB0aGUg Q29tbWVudCBmcm9tIEVyaWMgUmVzY29ybGEgKA0KDQoNCg0KT24gVGh1LCBEZWMgMTIsIDIwMTkg YXQgODozMyBBTSBQYW5vcyBLYW1wYW5ha2lzIChwa2FtcGFuYSkgPHBrYW1wYW5hQGNpc2NvLmNv bTxtYWlsdG86cGthbXBhbmFAY2lzY28uY29tPj4gd3JvdGU6DQpIaSwNCg0KPiBTb3JyeSBpZiBJ J3ZlIG1pc3NlZCBpdCwgYnV0IHdobyBkbyB3ZSBoYXZlIHRoYXQgaXMgY2FsbGluZyBmb3IgYSBw b3N0LXF1YW50dW0gUEtJIHNvbHV0aW9uIHRvIGJlIGRldmVsb3BlZCBub3csIGJ1dCB3aG8gaXMg bm90IHByb21vdGluZyBvbmUgc3VjaD8NCg0KV2UgKENpc2NvKSB3aWxsIG5lZWQgUFEgUEtJIChu b3QgV2ViUEtJKSBzb2x1dGlvbiBmb3IgaW1hZ2Ugc2lnbmluZy4gV2hlbiB0YWxraW5nIGFib3V0 IGNoaXBzIHRoYXQgYXJlIGRlc2lnbmVkIG5vdyBhbmQgd2lsbCBsaXZlIGluIHRoZSBmaWVsZCBm b3IgZGVjYWRlcywgd2Ugd291bGQgbGlrZSB0byBkZXNpZ24gdG9kYXkgaW5zdGVhZCBvZiB3YWl0 IGZvciAyMDMwLiBOb3RlIHdlIGFyZSBzcGVuZGluZyAobm90IG1ha2luZykgbW9uZXkgb24gUEtJ LCBzbyB3ZSBhcmUgbm90IHRyeWluZyB0byBjb3JuZXIgYSBtYXJrZXQuDQoNCklzIHRoZXJlIGEg cmVhc29uIHdoeSB5b3UgZG9uJ3Qgd2FudCB0byBkbyBoYXNoIHNpZ25hdHVyZXM/DQoNCi1Fa3IN Cg0KSSBoYXZlIHRhbGtlZCB0byBhbm90aGVyIHZlbmRvciBpbnRlcmVzdGVkIGluIHRoZW0gdG8g c2lnbiBpdHMgT1MgYnV0IEkgd2lsbCBub3Qgc3BlYWsgZm9yIHRoZW0uIEkgaGF2ZSBhbHNvIHRh bGtlZCB0byBhdCBsZWFzdCBvbmUgSFNNIHZlbmRvciB0aGF0IGhhcyBzb21lIGNsaWVudHMgYXNr aW5nIGZvciBQUSBQS0kgc3VwcG9ydCB0byBiZSBhZGRlZCBpbiB0aGVpciBIU00gYnV0IEkgd2ls bCBub3Qgc3BlYWsgZm9yIHRoZW0gZWl0aGVyLiBJIGRvbid0IHRoaW5rIGFueSBvZiB0aGVzZSB1 c2UtY2FzZXMgYXJlIHRyeWluZyB0byBjb3JuZXIgYSBtYXJrZXQuDQoNClBhbm9zDQoNCg0KLS0t LS1PcmlnaW5hbCBNZXNzYWdlLS0tLS0NCkZyb206IFNlY2Rpc3BhdGNoIDxzZWNkaXNwYXRjaC1i b3VuY2VzQGlldGYub3JnPG1haWx0bzpzZWNkaXNwYXRjaC1ib3VuY2VzQGlldGYub3JnPj4gT24g QmVoYWxmIE9mIFN0ZXBoZW4gRmFycmVsbA0KU2VudDogU3VuZGF5LCBEZWNlbWJlciAwOCwgMjAx OSA5OjA0IFBNDQpUbzogTWlrZSBPdW5zd29ydGggPE1pa2UuT3Vuc3dvcnRoQGVudHJ1c3RkYXRh Y2FyZC5jb208bWFpbHRvOk1pa2UuT3Vuc3dvcnRoQGVudHJ1c3RkYXRhY2FyZC5jb20+PjsgRXJp YyBSZXNjb3JsYSA8ZWtyQHJ0Zm0uY29tPG1haWx0bzpla3JAcnRmbS5jb20+PjsgRHIuIFBhbGEg PG1hZHdvbGZAb3BlbmNhLm9yZzxtYWlsdG86bWFkd29sZkBvcGVuY2Eub3JnPj4NCkNjOiBJRVRG IFNlY0Rpc3BhdGNoIDxzZWNkaXNwYXRjaEBpZXRmLm9yZzxtYWlsdG86c2VjZGlzcGF0Y2hAaWV0 Zi5vcmc+Pg0KU3ViamVjdDogUmU6IFtTZWNkaXNwYXRjaF0gW0VYVEVSTkFMXVJlOiBDbGFyaWZp Y2F0aW9uIFF1ZXN0aW9uIGZvciB0aGUgQ29tbWVudCBmcm9tIEVyaWMgUmVzY29ybGEgKA0KDQoN CkhpeWEsDQoNCkN1dHRpbmcgdG8gdGhlIG51YiBvZiBteSBjb25jZXJuLi4uDQoNCk9uIDA5LzEy LzIwMTkgMDE6NDYsIE1pa2UgT3Vuc3dvcnRoIHdyb3RlOg0KPiBJIGhvcGUgdGhhdCBkb2VzbuKA mXQgcHJlY2x1ZGUgYSBwdXNoIGZvciBhIG1vcmUgaW1tZWRpYXRlIHNvbHV0aW9uLg0KDQpJU1RN IHRoZSAicHVzaCIgaXMgbGVzcyBmb3IgYSBzb2x1dGlvbiB0aGFuIGZvciB1bmRlcnN0YW5kYWJs eSBhdHRlbXB0aW5nIHRvIGNvcm5lciBhIG1hcmtldC4gSSBkb24ndCB0aGluayBzdWNoIGF0dGVt cHRzIGFyZSAiYmFkIiB0aGluZ3MsIGJ1dCBJIGRvIHRoaW5rIGZvbGxvd2luZyAnZW0gaXMgbW9y ZSBsaWtlbHkgdW53aXNlLg0KDQpTb3JyeSBpZiBJJ3ZlIG1pc3NlZCBpdCwgYnV0IHdobyBkbyB3 ZSBoYXZlIHRoYXQgaXMgY2FsbGluZyBmb3IgYSBwb3N0LXF1YW50dW0gUEtJIHNvbHV0aW9uIHRv IGJlIGRldmVsb3BlZCBub3csIGJ1dCB3aG8gaXMgbm90IHByb21vdGluZyBvbmUgc3VjaD8NCg0K VGhhbmtzLA0KUy4NCl9fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19f X19fDQpTZWNkaXNwYXRjaCBtYWlsaW5nIGxpc3QNClNlY2Rpc3BhdGNoQGlldGYub3JnPG1haWx0 bzpTZWNkaXNwYXRjaEBpZXRmLm9yZz4NCmh0dHBzOi8vd3d3LmlldGYub3JnL21haWxtYW4vbGlz dGluZm8vc2VjZGlzcGF0Y2gNCg== --_000_DM6PR11MB2555C062D7FC31DC30A6357DC9540DM6PR11MB2555namp_ Content-Type: text/html; charset="utf-8" Content-Transfer-Encoding: base64 PGh0bWwgeG1sbnM6dj0idXJuOnNjaGVtYXMtbWljcm9zb2Z0LWNvbTp2bWwiIHhtbG5zOm89InVy bjpzY2hlbWFzLW1pY3Jvc29mdC1jb206b2ZmaWNlOm9mZmljZSIgeG1sbnM6dz0idXJuOnNjaGVt YXMtbWljcm9zb2Z0LWNvbTpvZmZpY2U6d29yZCIgeG1sbnM6bT0iaHR0cDovL3NjaGVtYXMubWlj cm9zb2Z0LmNvbS9vZmZpY2UvMjAwNC8xMi9vbW1sIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv VFIvUkVDLWh0bWw0MCI+DQo8aGVhZD4NCjxtZXRhIGh0dHAtZXF1aXY9IkNvbnRlbnQtVHlwZSIg Y29udGVudD0idGV4dC9odG1sOyBjaGFyc2V0PXV0Zi04Ij4NCjxtZXRhIG5hbWU9IkdlbmVyYXRv ciIgY29udGVudD0iTWljcm9zb2Z0IFdvcmQgMTUgKGZpbHRlcmVkIG1lZGl1bSkiPg0KPHN0eWxl PjwhLS0NCi8qIEZvbnQgRGVmaW5pdGlvbnMgKi8NCkBmb250LWZhY2UNCgl7Zm9udC1mYW1pbHk6 IkNhbWJyaWEgTWF0aCI7DQoJcGFub3NlLTE6MiA0IDUgMyA1IDQgNiAzIDIgNDt9DQpAZm9udC1m YWNlDQoJe2ZvbnQtZmFtaWx5OkNhbGlicmk7DQoJcGFub3NlLTE6MiAxNSA1IDIgMiAyIDQgMyAy IDQ7fQ0KLyogU3R5bGUgRGVmaW5pdGlvbnMgKi8NCnAuTXNvTm9ybWFsLCBsaS5Nc29Ob3JtYWws IGRpdi5Nc29Ob3JtYWwNCgl7bWFyZ2luOjBpbjsNCgltYXJnaW4tYm90dG9tOi4wMDAxcHQ7DQoJ Zm9udC1zaXplOjExLjBwdDsNCglmb250LWZhbWlseToiQ2FsaWJyaSIsc2Fucy1zZXJpZjt9DQph OmxpbmssIHNwYW4uTXNvSHlwZXJsaW5rDQoJe21zby1zdHlsZS1wcmlvcml0eTo5OTsNCgljb2xv cjpibHVlOw0KCXRleHQtZGVjb3JhdGlvbjp1bmRlcmxpbmU7fQ0KYTp2aXNpdGVkLCBzcGFuLk1z b0h5cGVybGlua0ZvbGxvd2VkDQoJe21zby1zdHlsZS1wcmlvcml0eTo5OTsNCgljb2xvcjpwdXJw bGU7DQoJdGV4dC1kZWNvcmF0aW9uOnVuZGVybGluZTt9DQpwLk1zb1BsYWluVGV4dCwgbGkuTXNv UGxhaW5UZXh0LCBkaXYuTXNvUGxhaW5UZXh0DQoJe21zby1zdHlsZS1wcmlvcml0eTo5OTsNCglt c28tc3R5bGUtbGluazoiUGxhaW4gVGV4dCBDaGFyIjsNCgltYXJnaW46MGluOw0KCW1hcmdpbi1i b3R0b206LjAwMDFwdDsNCglmb250LXNpemU6MTEuMHB0Ow0KCWZvbnQtZmFtaWx5OiJDYWxpYnJp IixzYW5zLXNlcmlmO30NCnAuTXNvTGlzdFBhcmFncmFwaCwgbGkuTXNvTGlzdFBhcmFncmFwaCwg ZGl2Lk1zb0xpc3RQYXJhZ3JhcGgNCgl7bXNvLXN0eWxlLXByaW9yaXR5OjM0Ow0KCW1hcmdpbi10 b3A6MGluOw0KCW1hcmdpbi1yaWdodDowaW47DQoJbWFyZ2luLWJvdHRvbTowaW47DQoJbWFyZ2lu LWxlZnQ6LjVpbjsNCgltYXJnaW4tYm90dG9tOi4wMDAxcHQ7DQoJZm9udC1zaXplOjExLjBwdDsN Cglmb250LWZhbWlseToiQ2FsaWJyaSIsc2Fucy1zZXJpZjt9DQpwLm1zb25vcm1hbDAsIGxpLm1z b25vcm1hbDAsIGRpdi5tc29ub3JtYWwwDQoJe21zby1zdHlsZS1uYW1lOm1zb25vcm1hbDsNCglt c28tbWFyZ2luLXRvcC1hbHQ6YXV0bzsNCgltYXJnaW4tcmlnaHQ6MGluOw0KCW1zby1tYXJnaW4t Ym90dG9tLWFsdDphdXRvOw0KCW1hcmdpbi1sZWZ0OjBpbjsNCglmb250LXNpemU6MTEuMHB0Ow0K CWZvbnQtZmFtaWx5OiJDYWxpYnJpIixzYW5zLXNlcmlmO30NCnNwYW4uRW1haWxTdHlsZTE4DQoJ e21zby1zdHlsZS10eXBlOnBlcnNvbmFsLXJlcGx5Ow0KCWZvbnQtZmFtaWx5OiJDYWxpYnJpIixz YW5zLXNlcmlmOw0KCWNvbG9yOiMxRjQ5N0Q7DQoJZm9udC13ZWlnaHQ6bm9ybWFsOw0KCWZvbnQt c3R5bGU6bm9ybWFsOw0KCXRleHQtZGVjb3JhdGlvbjpub25lIG5vbmU7fQ0Kc3Bhbi5QbGFpblRl eHRDaGFyDQoJe21zby1zdHlsZS1uYW1lOiJQbGFpbiBUZXh0IENoYXIiOw0KCW1zby1zdHlsZS1w cmlvcml0eTo5OTsNCgltc28tc3R5bGUtbGluazoiUGxhaW4gVGV4dCI7DQoJZm9udC1mYW1pbHk6 IkNhbGlicmkiLHNhbnMtc2VyaWY7fQ0KLk1zb0NocERlZmF1bHQNCgl7bXNvLXN0eWxlLXR5cGU6 ZXhwb3J0LW9ubHk7DQoJZm9udC1zaXplOjEwLjBwdDsNCglmb250LWZhbWlseToiQ2FsaWJyaSIs c2Fucy1zZXJpZjt9DQpAcGFnZSBXb3JkU2VjdGlvbjENCgl7c2l6ZTo4LjVpbiAxMS4waW47DQoJ bWFyZ2luOjEuMGluIDEuMGluIDEuMGluIDEuMGluO30NCmRpdi5Xb3JkU2VjdGlvbjENCgl7cGFn ZTpXb3JkU2VjdGlvbjE7fQ0KLyogTGlzdCBEZWZpbml0aW9ucyAqLw0KQGxpc3QgbDANCgl7bXNv LWxpc3QtaWQ6NTY2NDk3NzE4Ow0KCW1zby1saXN0LXR5cGU6aHlicmlkOw0KCW1zby1saXN0LXRl bXBsYXRlLWlkczo0NjMzOTM5MjIgLTExOTcyMDk1MTQgNjc2OTg3MTMgNjc2OTg3MTUgNjc2OTg3 MDMgNjc2OTg3MTMgNjc2OTg3MTUgNjc2OTg3MDMgNjc2OTg3MTMgNjc2OTg3MTU7fQ0KQGxpc3Qg bDA6bGV2ZWwxDQoJe21zby1sZXZlbC10ZXh0OiJcKCUxXCkiOw0KCW1zby1sZXZlbC10YWItc3Rv cDpub25lOw0KCW1zby1sZXZlbC1udW1iZXItcG9zaXRpb246bGVmdDsNCgl0ZXh0LWluZGVudDot LjI1aW47fQ0KQGxpc3QgbDA6bGV2ZWwyDQoJe21zby1sZXZlbC1udW1iZXItZm9ybWF0OmFscGhh LWxvd2VyOw0KCW1zby1sZXZlbC10YWItc3RvcDpub25lOw0KCW1zby1sZXZlbC1udW1iZXItcG9z aXRpb246bGVmdDsNCgl0ZXh0LWluZGVudDotLjI1aW47fQ0KQGxpc3QgbDA6bGV2ZWwzDQoJe21z by1sZXZlbC1udW1iZXItZm9ybWF0OnJvbWFuLWxvd2VyOw0KCW1zby1sZXZlbC10YWItc3RvcDpu b25lOw0KCW1zby1sZXZlbC1udW1iZXItcG9zaXRpb246cmlnaHQ7DQoJdGV4dC1pbmRlbnQ6LTku MHB0O30NCkBsaXN0IGwwOmxldmVsNA0KCXttc28tbGV2ZWwtdGFiLXN0b3A6bm9uZTsNCgltc28t bGV2ZWwtbnVtYmVyLXBvc2l0aW9uOmxlZnQ7DQoJdGV4dC1pbmRlbnQ6LS4yNWluO30NCkBsaXN0 IGwwOmxldmVsNQ0KCXttc28tbGV2ZWwtbnVtYmVyLWZvcm1hdDphbHBoYS1sb3dlcjsNCgltc28t bGV2ZWwtdGFiLXN0b3A6bm9uZTsNCgltc28tbGV2ZWwtbnVtYmVyLXBvc2l0aW9uOmxlZnQ7DQoJ dGV4dC1pbmRlbnQ6LS4yNWluO30NCkBsaXN0IGwwOmxldmVsNg0KCXttc28tbGV2ZWwtbnVtYmVy LWZvcm1hdDpyb21hbi1sb3dlcjsNCgltc28tbGV2ZWwtdGFiLXN0b3A6bm9uZTsNCgltc28tbGV2 ZWwtbnVtYmVyLXBvc2l0aW9uOnJpZ2h0Ow0KCXRleHQtaW5kZW50Oi05LjBwdDt9DQpAbGlzdCBs MDpsZXZlbDcNCgl7bXNvLWxldmVsLXRhYi1zdG9wOm5vbmU7DQoJbXNvLWxldmVsLW51bWJlci1w b3NpdGlvbjpsZWZ0Ow0KCXRleHQtaW5kZW50Oi0uMjVpbjt9DQpAbGlzdCBsMDpsZXZlbDgNCgl7 bXNvLWxldmVsLW51bWJlci1mb3JtYXQ6YWxwaGEtbG93ZXI7DQoJbXNvLWxldmVsLXRhYi1zdG9w Om5vbmU7DQoJbXNvLWxldmVsLW51bWJlci1wb3NpdGlvbjpsZWZ0Ow0KCXRleHQtaW5kZW50Oi0u MjVpbjt9DQpAbGlzdCBsMDpsZXZlbDkNCgl7bXNvLWxldmVsLW51bWJlci1mb3JtYXQ6cm9tYW4t bG93ZXI7DQoJbXNvLWxldmVsLXRhYi1zdG9wOm5vbmU7DQoJbXNvLWxldmVsLW51bWJlci1wb3Np dGlvbjpyaWdodDsNCgl0ZXh0LWluZGVudDotOS4wcHQ7fQ0Kb2wNCgl7bWFyZ2luLWJvdHRvbTow aW47fQ0KdWwNCgl7bWFyZ2luLWJvdHRvbTowaW47fQ0KLS0+PC9zdHlsZT48IS0tW2lmIGd0ZSBt c28gOV0+PHhtbD4NCjxvOnNoYXBlZGVmYXVsdHMgdjpleHQ9ImVkaXQiIHNwaWRtYXg9IjEwMjYi IC8+DQo8L3htbD48IVtlbmRpZl0tLT48IS0tW2lmIGd0ZSBtc28gOV0+PHhtbD4NCjxvOnNoYXBl bGF5b3V0IHY6ZXh0PSJlZGl0Ij4NCjxvOmlkbWFwIHY6ZXh0PSJlZGl0IiBkYXRhPSIxIiAvPg0K PC9vOnNoYXBlbGF5b3V0PjwveG1sPjwhW2VuZGlmXS0tPg0KPC9oZWFkPg0KPGJvZHkgbGFuZz0i RU4tVVMiIGxpbms9ImJsdWUiIHZsaW5rPSJwdXJwbGUiPg0KPGRpdiBjbGFzcz0iV29yZFNlY3Rp b24xIj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJjb2xvcjojMUY0OTdEIj5I aSBFa3IsIFN0ZXBoZW4sIE1pa2UsPG86cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1z b05vcm1hbCI+PHNwYW4gc3R5bGU9ImNvbG9yOiMxRjQ5N0QiPjxvOnA+Jm5ic3A7PC9vOnA+PC9z cGFuPjwvcD4NCjxwIGNsYXNzPSJNc29QbGFpblRleHQiPiZndDsgQXMgYSB2YXJpYXRpb24gb2Yg d2hhdCBFS1IgYXNrZWQsIHlvdSBhcmUgYXNraW5nIGZvciBQUS1QS0ksIGJ1dCB5b3VyIHVzZSBj YXNlIGlzIGltYWdlIHNpZ25pbmcuPG86cD48L286cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFs Ij48c3BhbiBzdHlsZT0iY29sb3I6IzFGNDk3RCI+PG86cD4mbmJzcDs8L286cD48L3NwYW4+PC9w Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImNvbG9yOiMxRjQ5N0QiPlVFRkkg U2VjdXJlIEJvb3QgKGluIGVzc2VuY2Ugd2hhdCBJIG1lYW50IGJ5IGltYWdlIHNpbmdpbmcpICZu YnNwO3VzZXMgYSBQS0kgYXJjaGl0ZWN0dXJlLiBUaGVyZSBpcyBhIFByb2R1Y3QgS2V5IFBLIChy b290IENBKSB0aGF0IGVzdGFibGlzaGVzIGEgdHJ1c3QgcmVsYXRpb25zaGlwIGJldHdlZW4gdGhl IHBsYXRmb3JtIG93bmVyIGFuZCB0aGUgcGxhdGZvcm0gZmlybXdhcmUuDQogVGhlIFBLIHNpZ25z IEtFS3Mgd2hpY2ggZXN0YWJsaXNoZWQgYSB0cnVzdCByZWxhdGlvbnNoaXAgYmV0d2VlbiB0aGUg cGxhdGZvcm0gZmlybXdhcmUgYW5kIHRoZSBvcGVyYXRpbmcgc3lzdGVtLiBUaGVzZSBhcmUgbW9z dGx5IGluIFguNTA5IHRvZGF5LiBNb3JlIGluIFsyXS4NCjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4N CjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJjb2xvcjojMUY0OTdEIj48bzpwPiZu YnNwOzwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0i Y29sb3I6IzFGNDk3RCI+Jmd0OyA8L3NwYW4+SXMgdGhlcmUgYSByZWFzb24gd2h5IHlvdSBkb24n dCB3YW50IHRvIGRvIGhhc2ggc2lnbmF0dXJlcz88bzpwPjwvbzpwPjwvcD4NCjxwIGNsYXNzPSJN c29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJjb2xvcjojMUY0OTdEIj48bzpwPiZuYnNwOzwvbzpwPjwv c3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iY29sb3I6IzFGNDk3 RCI+SEJTIGluZGVlZCBsb29rcyBsaWtlIHRoZSBiZXN0IG9wdGlvbiBmb3IgdGhpcyB1c2VjYXNl LiBOb3QgbmVjZXNzYXJpbHkgc3RhdGVmdWwuIFdlIGhhdmUgc29tZSBwcmVsaW1pbmFyeSBhbmFs eXNpcyBvbiB0aGlzIGlzIGluIFNlY3Rpb24gMyBpbiBbMV0uIE1vcmUgdG8gY29tZSBzb29uLg0K PG86cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9 ImNvbG9yOiMxRjQ5N0QiPjxvOnA+Jm5ic3A7PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJN c29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJjb2xvcjojMUY0OTdEIj5CdXQgd2UgY2Fu4oCZdCBnbyBk aXJlY3RseSB0byBwdXJlIEhCUyBiZWNhdXNlIGFscmVhZHkgZGVwbG95ZWQgbWFjaGluZXMgaW4g dGhlIGZpZWxkIHdpbGwgbm90IGJvb3QgYXQgYWxsIGFuZCB1cGdyYWRpbmcgQklPUyBpcyBub3Qg c2ltcGxlLiBBbHNvLCB3ZSBjYW7igJl0IGdvIHRvIHB1cmUgSEJTIGJlY2F1c2UgaXQgd2lsbCBu b3QgYmUgRklQUyBhcHByb3ZlZCBldmVuDQogYWZ0ZXIgd2UgaGF2ZSBhIHN0YW5kYXJkaXplZCBQ USBvcHRpb24uIFNvLCB3ZSBoYXZlIHRvIGRvIHNvbWUgc29ydCBvZiBjb21wb3NpdGUgUlNBJiM0 Mztwb3N0LXF1YW50dW0gKE5JU1QgaGFzIHB1dCBvdXQgYSBzdGF0ZW1lbnQgdGhhdCBzYXlzIHRo YXQgYSBjb21wb3NpdGUgd2lsbCBzdGlsbCBiZSBGSVBTIGFwcHJvdmVkIGlmIHRoZSBjbGFzc2lj YWwgcGFydCBpcykuIFRoZSBGSVBTIGFyZ3VtZW50IGlzIGltcG9ydGFudC4gV2FpdGluZyBmb3Ig UFENCiBzdGFuZGFyZGl6YXRpb24gaXMgb25lIHRoaW5nLCBidXQgRklQUyBhcHByb3ZhbCB3aWxs IHRha2UgZXZlbiBsb25nZXIgYW5kIHVudGlsIHRoZW4gd2UgKENpc2NvKSB3YW50IHRvIGRvIHNv bWUgc29ydCBvZiBjb21wb3NpdGUgYmVmb3JlIHRoZW4uDQo8bzpwPjwvbzpwPjwvc3Bhbj48L3A+ DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iY29sb3I6IzFGNDk3RCI+PG86cD4m bmJzcDs8L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9 ImNvbG9yOiMxRjQ5N0QiPk5vdGUgdGhhdCBJIGFtIG5vdCBpbnRlcmVzdGVkIGluIGdldHRpbmcg YW4gWC41MDkgT0lEIGZvciBSU0EmIzQzO0hCUywgSSB3YW50IGEgZGVmaW5pdGlvbiBvZiBob3cg Y29tcG9zaXRlIHdvdWxkIHdvcmsgc28gSSBjYW4gZXN0YWJsaXNoIHRoZSByZXF1aXJlbWVudHMg Zm9yIHRoZXNlIGZ1dHVyZSBjaGlwcyBzdXBwb3J0aW5nIGNvbXBvc2l0ZSB2ZXJpZmljYXRpb24u DQo8bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHls ZT0iY29sb3I6IzFGNDk3RCI+PG86cD4mbmJzcDs8L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9 Ik1zb1BsYWluVGV4dCI+PHNwYW4gc3R5bGU9ImNvbG9yOiMxRjQ5N0QiPiZndDsgPC9zcGFuPkl0 J3Mgbm90IGF0IGFsbCBjbGVhciB0byBtZSB0aGF0IGRhdGEgaW50ZWdyaXR5IG5vciBvcmlnaW4g YXV0aGVudGljYXRpb24gaW4gdGhhdCB0aW1lZnJhbWUgb3VnaHQgYmUgdGllZCB0byB4LjUwOSBj ZXJ0aWZpY2F0ZXMgYXQgYWxsLg0KPG86cD48L286cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFs Ij48c3BhbiBzdHlsZT0iY29sb3I6IzFGNDk3RCI+PG86cD4mbmJzcDs8L286cD48L3NwYW4+PC9w Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImNvbG9yOiMxRjQ5N0QiPlN0ZXBo ZW7igJlzIGNvbW1lbnQgYWJvdXQgbm90IGRvaW5nIGl0IGluIFguNTA5IGlzIHZhbGlkLiBXZSBj b3VsZCB1c2UgYSBjb21wb3NpdGUgYmxvYiBhbmQgdXNlIGl0IGluIG91ciBvd24gY3VzdG9tIHdh eS4gVHdvIGlzc3VlcyB3aXRoIHRoYXQ6DQo8bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8b2wgc3R5 bGU9Im1hcmdpbi10b3A6MGluIiBzdGFydD0iMSIgdHlwZT0iMSI+DQo8bGkgY2xhc3M9Ik1zb0xp c3RQYXJhZ3JhcGgiIHN0eWxlPSJjb2xvcjojMUY0OTdEO21hcmdpbi1sZWZ0OjBpbjttc28tbGlz dDpsMCBsZXZlbDEgbGZvMSI+DQpVRUZJIGNoYWlucyBvZiB0cnVzdCBoYXZlIGJlZW4gbW92aW5n IHRvIFguNTA5IGFuZCB0byBDTVMvUEtDUyM3IGZvciB0aGUgc3cgc2lnbmF0dXJlcy4gSSBhbSBu b3QgY2xhaW1pbmcgdGhlcmUgYXJlIG5vIGN1c3RvbSBrZXlzL3NpZ25hdHVyZSBmb3JtYXRzIG5v d2hlcmUsIGJ1dCBtb3N0IFVFRkkgdmVuZG9ycyBoYXZlIGJlZW4gbW92aW5nIGF3YXkgZnJvbSB0 aGVtLiBTbyBnb2luZyB0byBjdXN0b20ga2V5IHJlcHJlc2VudGF0aW9ucyBvciBDT1NFDQogd291 bGQgYmUgYSBzdGVwIGJhY2t3YXJkcyBvciBzaWRld2F5cy4gPG86cD48L286cD48L2xpPjxsaSBj bGFzcz0iTXNvTGlzdFBhcmFncmFwaCIgc3R5bGU9ImNvbG9yOiMxRjQ5N0Q7bWFyZ2luLWxlZnQ6 MGluO21zby1saXN0OmwwIGxldmVsMSBsZm8xIj4NCkFsc28gT0VNIHZlbmRvcnMgdGhhdCBpbmNs dWRlIHNpZyB2ZXJpZmljYXRpb24gaW4gdGhlaXIgY2hpcHMgb3IgRlBHQXMgc2hvdyBwcmVmZXJl bmNlIGluIHdlbGwtZGVmaW5lZCBzcGVjcyBwcm9iYWJseSBiZWNhdXNlIHRoZXkgY2FuIHJldXNl IHRoZW0gZm9yIG90aGVyIHVzZWNhc2VzLg0KPG86cD48L286cD48L2xpPjwvb2w+DQo8cCBjbGFz cz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iY29sb3I6IzFGNDk3RCI+VGhhdCBpcyB3aHkgd2Ug KENpc2NvKSB3b3VsZCBwcmVmZXIgdG8gc2VlIGEgc3RhbmRhcmQgd2F5IG9mIGRvaW5nIGNvbXBv c2l0ZSBzaWdzIGZvciBVRUZJIChpbiBYLjUwOSBhbmQgaW4gQ01TIHRvIGJlIGhvbmVzdCkgaW5z dGVhZCBvZiBkZWZpbmluZyBvdXIgb3duLiBXZSBwcm9iYWJseSBkb27igJl0IHdhbnQgdG8gc29s dmUgdGhpcyBtYW55IHRpbWVzLCBvbmNlDQogYnkgZWFjaCB2ZW5kb3IsIG9uY2UgaW4gQ01TLCBv bmNlIFVFRkkgUEtJLiA8bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFs Ij48c3BhbiBzdHlsZT0iY29sb3I6IzFGNDk3RCI+PG86cD4mbmJzcDs8L286cD48L3NwYW4+PC9w Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImNvbG9yOiMxRjQ5N0QiPkkgdG90 YWxseSBhcHByZWNpYXRlIHRoZSBjb3VudGVyLWFyZ3VtZW50IGFib3V0IGNvbXBsZXhpdHkgYW5k IHBvdGVudGlhbCBjYW5zIG9mIHdvcm1zLCBidXQgSSBhbSBhZnJhaWQgdmVuZG9ycyB3aWxsIGhh dmUgdG8gYWRkcmVzcyB0aGlzIGVpdGhlciBpbmRpdmlkdWFsbHkgb3IgYXMgYSBncm91cC4gQW5k IG15IGFyZ3VtZW50IHdvdWxkIGRvaW5nIGl0IGFzIGENCiBncm91cC4gPG86cD48L286cD48L3Nw YW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImNvbG9yOiMxRjQ5N0Qi PjxvOnA+Jm5ic3A7PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFu IHN0eWxlPSJjb2xvcjojMUY0OTdEIj5SZ3MsPG86cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xh c3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImNvbG9yOiMxRjQ5N0QiPlBhbm9zPG86cD48L286 cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImNvbG9yOiMx RjQ5N0QiPjxvOnA+Jm5ic3A7PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwi PjxzcGFuIHN0eWxlPSJjb2xvcjojMUY0OTdEIj5bMV0gPGEgaHJlZj0iaHR0cHM6Ly9lcHJpbnQu aWFjci5vcmcvMjAxOS8xMjc2LnBkZiI+DQpodHRwczovL2VwcmludC5pYWNyLm9yZy8yMDE5LzEy NzYucGRmPC9hPiA8bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48 c3BhbiBzdHlsZT0iY29sb3I6IzFGNDk3RCI+WzJdIDwvc3Bhbj48YSBocmVmPSJodHRwczovL2Rv Y3MubWljcm9zb2Z0LmNvbS9lbi11cy93aW5kb3dzLWhhcmR3YXJlL21hbnVmYWN0dXJlL2Rlc2t0 b3Avd2luZG93cy1zZWN1cmUtYm9vdC1rZXktY3JlYXRpb24tYW5kLW1hbmFnZW1lbnQtZ3VpZGFu Y2UiPmh0dHBzOi8vZG9jcy5taWNyb3NvZnQuY29tL2VuLXVzL3dpbmRvd3MtaGFyZHdhcmUvbWFu dWZhY3R1cmUvZGVza3RvcC93aW5kb3dzLXNlY3VyZS1ib290LWtleS1jcmVhdGlvbi1hbmQtbWFu YWdlbWVudC1ndWlkYW5jZTwvYT4NCjxzcGFuIHN0eWxlPSJjb2xvcjojMUY0OTdEIj48bzpwPjwv bzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iY29sb3I6 IzFGNDk3RCI+PG86cD4mbmJzcDs8L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1h bCI+PHNwYW4gc3R5bGU9ImNvbG9yOiMxRjQ5N0QiPjxvOnA+Jm5ic3A7PC9vOnA+PC9zcGFuPjwv cD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJjb2xvcjojMUY0OTdEIj48bzpw PiZuYnNwOzwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48Yj5Gcm9tOjwv Yj4gRXJpYyBSZXNjb3JsYSAmbHQ7PGEgaHJlZj0ibWFpbHRvOmVrckBydGZtLmNvbSI+ZWtyQHJ0 Zm0uY29tPC9hPiZndDsNCjxicj4NCjxiPlNlbnQ6PC9iPiBUaHVyc2RheSwgRGVjZW1iZXIgMTIs IDIwMTkgMTE6NTIgQU08YnI+DQo8Yj5Ubzo8L2I+IFBhbm9zIEthbXBhbmFraXMgKHBrYW1wYW5h KSAmbHQ7PGEgaHJlZj0ibWFpbHRvOnBrYW1wYW5hQGNpc2NvLmNvbSI+cGthbXBhbmFAY2lzY28u Y29tPC9hPiZndDs8YnI+DQo8Yj5DYzo8L2I+IFN0ZXBoZW4gRmFycmVsbCAmbHQ7PGEgaHJlZj0i bWFpbHRvOnN0ZXBoZW4uZmFycmVsbEBjcy50Y2QuaWUiPnN0ZXBoZW4uZmFycmVsbEBjcy50Y2Qu aWU8L2E+Jmd0OzsgSUVURiBTZWNEaXNwYXRjaCAmbHQ7PGEgaHJlZj0ibWFpbHRvOnNlY2Rpc3Bh dGNoQGlldGYub3JnIj5zZWNkaXNwYXRjaEBpZXRmLm9yZzwvYT4mZ3Q7PGJyPg0KPGI+U3ViamVj dDo8L2I+IFJlOiBbU2VjZGlzcGF0Y2hdIFtFWFRFUk5BTF1SZTogQ2xhcmlmaWNhdGlvbiBRdWVz dGlvbiBmb3IgdGhlIENvbW1lbnQgZnJvbSBFcmljIFJlc2NvcmxhICg8bzpwPjwvbzpwPjwvcD4N CjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxvOnA+Jm5ic3A7PC9vOnA+PC9wPg0KPGRpdj4NCjxkaXY+ DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48bzpwPiZuYnNwOzwvbzpwPjwvcD4NCjwvZGl2Pg0KPHAg Y2xhc3M9Ik1zb05vcm1hbCI+PG86cD4mbmJzcDs8L286cD48L3A+DQo8ZGl2Pg0KPGRpdj4NCjxw IGNsYXNzPSJNc29Ob3JtYWwiPk9uIFRodSwgRGVjIDEyLCAyMDE5IGF0IDg6MzMgQU0gUGFub3Mg S2FtcGFuYWtpcyAocGthbXBhbmEpICZsdDs8YSBocmVmPSJtYWlsdG86cGthbXBhbmFAY2lzY28u Y29tIj5wa2FtcGFuYUBjaXNjby5jb208L2E+Jmd0OyB3cm90ZTo8bzpwPjwvbzpwPjwvcD4NCjwv ZGl2Pg0KPGJsb2NrcXVvdGUgc3R5bGU9ImJvcmRlcjpub25lO2JvcmRlci1sZWZ0OnNvbGlkICND Q0NDQ0MgMS4wcHQ7cGFkZGluZzowaW4gMGluIDBpbiA2LjBwdDttYXJnaW4tbGVmdDo0LjhwdDtt YXJnaW4tdG9wOjUuMHB0O21hcmdpbi1yaWdodDowaW47bWFyZ2luLWJvdHRvbTo1LjBwdCI+DQo8 cCBjbGFzcz0iTXNvTm9ybWFsIj5IaSw8YnI+DQo8YnI+DQomZ3Q7IFNvcnJ5IGlmIEkndmUgbWlz c2VkIGl0LCBidXQgd2hvIGRvIHdlIGhhdmUgdGhhdCBpcyBjYWxsaW5nIGZvciBhIHBvc3QtcXVh bnR1bSBQS0kgc29sdXRpb24gdG8gYmUgZGV2ZWxvcGVkIG5vdywgYnV0IHdobyBpcyBub3QgcHJv bW90aW5nIG9uZSBzdWNoPzxicj4NCjxicj4NCldlIChDaXNjbykgd2lsbCBuZWVkIFBRIFBLSSAo bm90IFdlYlBLSSkgc29sdXRpb24gZm9yIGltYWdlIHNpZ25pbmcuIFdoZW4gdGFsa2luZyBhYm91 dCBjaGlwcyB0aGF0IGFyZSBkZXNpZ25lZCBub3cgYW5kIHdpbGwgbGl2ZSBpbiB0aGUgZmllbGQg Zm9yIGRlY2FkZXMsIHdlIHdvdWxkIGxpa2UgdG8gZGVzaWduIHRvZGF5IGluc3RlYWQgb2Ygd2Fp dCBmb3IgMjAzMC4gTm90ZSB3ZSBhcmUgc3BlbmRpbmcgKG5vdCBtYWtpbmcpIG1vbmV5IG9uIFBL SSwNCiBzbyB3ZSBhcmUgbm90IHRyeWluZyB0byBjb3JuZXIgYSBtYXJrZXQuPG86cD48L286cD48 L3A+DQo8L2Jsb2NrcXVvdGU+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PG86cD4mbmJz cDs8L286cD48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj5JcyB0aGVy ZSBhIHJlYXNvbiB3aHkgeW91IGRvbid0IHdhbnQgdG8gZG8gaGFzaCBzaWduYXR1cmVzPzxvOnA+ PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PG86cD4mbmJz cDs8L286cD48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj4tRWtyPG86 cD48L286cD48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48bzpwPiZu YnNwOzwvbzpwPjwvcD4NCjwvZGl2Pg0KPGJsb2NrcXVvdGUgc3R5bGU9ImJvcmRlcjpub25lO2Jv cmRlci1sZWZ0OnNvbGlkICNDQ0NDQ0MgMS4wcHQ7cGFkZGluZzowaW4gMGluIDBpbiA2LjBwdDtt YXJnaW4tbGVmdDo0LjhwdDttYXJnaW4tdG9wOjUuMHB0O21hcmdpbi1yaWdodDowaW47bWFyZ2lu LWJvdHRvbTo1LjBwdCI+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj5JIGhhdmUgdGFsa2VkIHRvIGFu b3RoZXIgdmVuZG9yIGludGVyZXN0ZWQgaW4gdGhlbSB0byBzaWduIGl0cyBPUyBidXQgSSB3aWxs IG5vdCBzcGVhayBmb3IgdGhlbS4gSSBoYXZlIGFsc28gdGFsa2VkIHRvIGF0IGxlYXN0IG9uZSBI U00gdmVuZG9yIHRoYXQgaGFzIHNvbWUgY2xpZW50cyBhc2tpbmcgZm9yIFBRIFBLSSBzdXBwb3J0 IHRvIGJlIGFkZGVkIGluIHRoZWlyIEhTTSBidXQgSSB3aWxsIG5vdCBzcGVhaw0KIGZvciB0aGVt IGVpdGhlci4gSSBkb24ndCB0aGluayBhbnkgb2YgdGhlc2UgdXNlLWNhc2VzIGFyZSB0cnlpbmcg dG8gY29ybmVyIGEgbWFya2V0Ljxicj4NCjxicj4NClBhbm9zPGJyPg0KPGJyPg0KPGJyPg0KLS0t LS1PcmlnaW5hbCBNZXNzYWdlLS0tLS08YnI+DQpGcm9tOiBTZWNkaXNwYXRjaCAmbHQ7PGEgaHJl Zj0ibWFpbHRvOnNlY2Rpc3BhdGNoLWJvdW5jZXNAaWV0Zi5vcmciIHRhcmdldD0iX2JsYW5rIj5z ZWNkaXNwYXRjaC1ib3VuY2VzQGlldGYub3JnPC9hPiZndDsgT24gQmVoYWxmIE9mIFN0ZXBoZW4g RmFycmVsbDxicj4NClNlbnQ6IFN1bmRheSwgRGVjZW1iZXIgMDgsIDIwMTkgOTowNCBQTTxicj4N ClRvOiBNaWtlIE91bnN3b3J0aCAmbHQ7PGEgaHJlZj0ibWFpbHRvOk1pa2UuT3Vuc3dvcnRoQGVu dHJ1c3RkYXRhY2FyZC5jb20iIHRhcmdldD0iX2JsYW5rIj5NaWtlLk91bnN3b3J0aEBlbnRydXN0 ZGF0YWNhcmQuY29tPC9hPiZndDs7IEVyaWMgUmVzY29ybGEgJmx0OzxhIGhyZWY9Im1haWx0bzpl a3JAcnRmbS5jb20iIHRhcmdldD0iX2JsYW5rIj5la3JAcnRmbS5jb208L2E+Jmd0OzsgRHIuIFBh bGEgJmx0OzxhIGhyZWY9Im1haWx0bzptYWR3b2xmQG9wZW5jYS5vcmciIHRhcmdldD0iX2JsYW5r Ij5tYWR3b2xmQG9wZW5jYS5vcmc8L2E+Jmd0Ozxicj4NCkNjOiBJRVRGIFNlY0Rpc3BhdGNoICZs dDs8YSBocmVmPSJtYWlsdG86c2VjZGlzcGF0Y2hAaWV0Zi5vcmciIHRhcmdldD0iX2JsYW5rIj5z ZWNkaXNwYXRjaEBpZXRmLm9yZzwvYT4mZ3Q7PGJyPg0KU3ViamVjdDogUmU6IFtTZWNkaXNwYXRj aF0gW0VYVEVSTkFMXVJlOiBDbGFyaWZpY2F0aW9uIFF1ZXN0aW9uIGZvciB0aGUgQ29tbWVudCBm cm9tIEVyaWMgUmVzY29ybGEgKDxicj4NCjxicj4NCjxicj4NCkhpeWEsPGJyPg0KPGJyPg0KQ3V0 dGluZyB0byB0aGUgbnViIG9mIG15IGNvbmNlcm4uLi48YnI+DQo8YnI+DQpPbiAwOS8xMi8yMDE5 IDAxOjQ2LCBNaWtlIE91bnN3b3J0aCB3cm90ZTo8YnI+DQomZ3Q7IEkgaG9wZSB0aGF0IGRvZXNu 4oCZdCBwcmVjbHVkZSBhIHB1c2ggZm9yIGEgbW9yZSBpbW1lZGlhdGUgc29sdXRpb24uPGJyPg0K PGJyPg0KSVNUTSB0aGUgJnF1b3Q7cHVzaCZxdW90OyBpcyBsZXNzIGZvciBhIHNvbHV0aW9uIHRo YW4gZm9yIHVuZGVyc3RhbmRhYmx5IGF0dGVtcHRpbmcgdG8gY29ybmVyIGEgbWFya2V0LiBJIGRv bid0IHRoaW5rIHN1Y2ggYXR0ZW1wdHMgYXJlICZxdW90O2JhZCZxdW90OyB0aGluZ3MsIGJ1dCBJ IGRvIHRoaW5rIGZvbGxvd2luZyAnZW0gaXMgbW9yZSBsaWtlbHkgdW53aXNlLjxicj4NCjxicj4N ClNvcnJ5IGlmIEkndmUgbWlzc2VkIGl0LCBidXQgd2hvIGRvIHdlIGhhdmUgdGhhdCBpcyBjYWxs aW5nIGZvciBhIHBvc3QtcXVhbnR1bSBQS0kgc29sdXRpb24gdG8gYmUgZGV2ZWxvcGVkIG5vdywg YnV0IHdobyBpcyBub3QgcHJvbW90aW5nIG9uZSBzdWNoPzxicj4NCjxicj4NClRoYW5rcyw8YnI+ DQpTLjxicj4NCl9fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19f PGJyPg0KU2VjZGlzcGF0Y2ggbWFpbGluZyBsaXN0PGJyPg0KPGEgaHJlZj0ibWFpbHRvOlNlY2Rp c3BhdGNoQGlldGYub3JnIiB0YXJnZXQ9Il9ibGFuayI+U2VjZGlzcGF0Y2hAaWV0Zi5vcmc8L2E+ PGJyPg0KPGEgaHJlZj0iaHR0cHM6Ly93d3cuaWV0Zi5vcmcvbWFpbG1hbi9saXN0aW5mby9zZWNk aXNwYXRjaCIgdGFyZ2V0PSJfYmxhbmsiPmh0dHBzOi8vd3d3LmlldGYub3JnL21haWxtYW4vbGlz dGluZm8vc2VjZGlzcGF0Y2g8L2E+PG86cD48L286cD48L3A+DQo8L2Jsb2NrcXVvdGU+DQo8L2Rp dj4NCjwvZGl2Pg0KPC9kaXY+DQo8L2JvZHk+DQo8L2h0bWw+DQo= --_000_DM6PR11MB2555C062D7FC31DC30A6357DC9540DM6PR11MB2555namp_-- From nobody Thu Dec 19 08:09:57 2019 Return-Path: X-Original-To: secdispatch@ietfa.amsl.com Delivered-To: secdispatch@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C29EE1200F1 for ; Thu, 19 Dec 2019 08:09:55 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.898 X-Spam-Level: X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=entrustdatacardcorp.onmicrosoft.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qfIKsMg5eHMZ for ; Thu, 19 Dec 2019 08:09:53 -0800 (PST) Received: from mx2.entrustdatacard.com (mx2.entrustdatacard.com [204.124.80.222]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D77CF1200A4 for ; Thu, 19 Dec 2019 08:09:52 -0800 (PST) IronPort-SDR: Yp84EwkRj4F9sYZpywCbq9eKZH3FleyXzjE2P9OzEiMKFJ8a4OZNMDgEzveGfpvw7Vrwx4A84w a8fOXQSXdIlw== X-IronPort-AV: E=Sophos;i="5.69,332,1571720400"; d="scan'208,217";a="6634575" Received: from pmspex01.corporate.datacard.com (HELO owa.entrustdatacard.com) ([192.168.211.29]) by pmspesa04inside.corporate.datacard.com with ESMTP/TLS/ECDHE-RSA-AES256-SHA384; 19 Dec 2019 10:09:51 -0600 Received: from pmspex01.corporate.datacard.com (192.168.211.29) by pmspex01.corporate.datacard.com (192.168.211.29) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Thu, 19 Dec 2019 10:09:51 -0600 Received: from NAM10-BN7-obe.outbound.protection.outlook.com (172.28.1.8) by pmspex01.corporate.datacard.com (192.168.211.29) with Microsoft SMTP Server (TLS) id 15.0.1497.2 via Frontend Transport; Thu, 19 Dec 2019 10:09:51 -0600 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=fChywsN6MxTivBfTC4C0im+86dy/BPWLQzZhBougTgE1ijynXJhG6VMMT2lvUZOH0cFwI7iNYnEvaPRvRILCOBg2S0ccvQAjLKn3mN6ep1EYSTBn/e7fL14lBx2jjCRnwqBRNwDGCTidCZS1Z2S37NkE7f3x2CrKaiO6EeGsoA0DkYaA8Dt77KkSB8k152kkamoIsopckZOXbfaYwK1PKpczGvu1bltz3Xfdl4FFNvA9BIJDmkKgtbAnJhn4TAdBXhcpCEHwpCl0Qp5jUAxACRlFzx1Mkn8yFONSVsI1ZVaOzwql2M+0yFvToJMZ461sd/PCDmdAtn3gI4GK0Usr+A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=PaJkwVi01kNNc8VfzyR+FiMI1mQr5VC/epkBz5gp7zY=; b=SKujxKDnTNT8Rul0HULwqVORaRRAZvWpPmgq0nCDmgYxm4DdnHl4f/a+FKIMkddNYiiW2CQMhz18vdAiTpZIn8SfzbqbeYUpn/xEt8FzbArvRHGI6rcD+Wb4XiDo02TIQuwKhZ7ExAynz5N4jTZq+8oZIeOy85nj9FucGalHDNCrlkMuRjedCUH1+PFxQe4rBKlZG8pk8CXXu3sZqhFyHiHq4ye1xCjIT2b6ahNL9hbEIL42FXlxzYVVd2PPYIJNZF+oUxvL4zqbN8lFeSEJKyyKwupAJbfUixWScgvQKmVj9hlEwjjFKcYi5jplTh9eUWCSQHqNOkJaoz5KM+Oblw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=entrustdatacard.com; dmarc=pass action=none header.from=entrustdatacard.com; dkim=pass header.d=entrustdatacard.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=entrustdatacardcorp.onmicrosoft.com; s=selector1-entrustdatacardcorp-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=PaJkwVi01kNNc8VfzyR+FiMI1mQr5VC/epkBz5gp7zY=; b=XT6pCkLmr7Vs+AYDOZK3jA7KpRTxkydPxXJbCOzyoBG+ttWkWY/YbI9QC8Jgf1GPskEXgvj3ECUgVLiBooMCxZAqpZ9l/D0j8UFO2O2QJqcytnvNwdihOQALYs3stAlQ+BxoIODEs5SSjUMEO4v5F+mCqjekeNevdWGaMD119DU= Received: from CY4PR11MB1430.namprd11.prod.outlook.com (10.172.69.137) by CY4PR11MB1861.namprd11.prod.outlook.com (10.175.80.146) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2538.19; Thu, 19 Dec 2019 16:09:49 +0000 Received: from CY4PR11MB1430.namprd11.prod.outlook.com ([fe80::ede9:16cf:479e:b525]) by CY4PR11MB1430.namprd11.prod.outlook.com ([fe80::ede9:16cf:479e:b525%10]) with mapi id 15.20.2538.019; Thu, 19 Dec 2019 16:09:49 +0000 From: Mike Ounsworth To: "Panos Kampanakis (pkampana)" , Eric Rescorla , Stephen Farrell , "Michael Richardson" CC: IETF SecDispatch Thread-Topic: [Secdispatch] [EXTERNAL]Re: Clarification Question for the Comment from Eric Rescorla ( Thread-Index: AQHVsQnb1MFmXdTjB0GBQdRnfAIVfqe2tvMAgACoyACAB7g8QA== Date: Thu, 19 Dec 2019 16:09:49 +0000 Message-ID: References: <12eed4ff-edd2-7f70-9460-fc86dcbab927@openca.org> <7999ebac-c9c1-eb4f-d9f7-2ba814a3b331@cs.tcd.ie> <78997490-c5ae-c856-6e26-0f79c7733ca3@openca.org> <2feb1778-7770-8a09-2066-a84663ff6b2e@cs.tcd.ie> In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: spf=none (sender IP is ) smtp.mailfrom=Mike.Ounsworth@entrustdatacard.com; x-originating-ip: [216.191.252.67] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 1b8d2514-4987-421d-08bb-08d7849ddf91 x-ms-traffictypediagnostic: CY4PR11MB1861: x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:10000; x-forefront-prvs: 0256C18696 x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(376002)(366004)(39860400002)(346002)(136003)(396003)(199004)(189003)(13464003)(81166006)(8676002)(5660300002)(55016002)(53546011)(66946007)(2906002)(6506007)(76116006)(110136005)(186003)(52536014)(86362001)(4001150100001)(66446008)(966005)(478600001)(66556008)(7696005)(4326008)(316002)(8936002)(26005)(71200400001)(81156014)(66476007)(33656002)(9686003)(64756008); DIR:OUT; SFP:1102; SCL:1; SRVR:CY4PR11MB1861; H:CY4PR11MB1430.namprd11.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1; x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: Dt0oWYlIAuoYA9IxHeFCtcGgO1HPitSjaQHSAxY5mNbLihtMMyi6QiQgjDI1BvPNKp78oGggpkuyP0RyqpJOfdzSGdnohSkRg8s/YKNty2npMVBTznkFEvpZwuesAUwW33W/EopBCJx9SjToZizCyxoPdDgX+2WnuS47BaBin9d+PkFTv+v+mBlHba2LZymuOTSTJbB2/4CqyCqTk/ZbUcezupyaW2mlgF0vz0Z6lpW7+z7uO5Cln5sscNSnKjDv3cHixwKRDPLkNn2suISHjJVnFjT96qn8ysK0D8/Re52fqUB9TzYcajajSvEgK+pTxWG1NsHkjxN0OQXQQmcWJ44a/o6e01jwgg973wohYqXAOYq+eda5Ya36MwjHEZbwVy2d5S6wXhfIOF2PBP7ROwwoxjFMW+dl/Nmo9R7rvzCyWJbQKtEQrX+FD1Il6kQNL1/RSk9a/Uwp1Dj7CUjCsgNgVWcrTEkmVIC1YZtDcfLaErHnygOfBfl8x4PJ1BhQVeC87sZA038WYFDhqu6LR+GpKkl/e9f6wyPlXvEs+/M= x-ms-exchange-transport-forked: True Content-Type: multipart/alternative; boundary="_000_CY4PR11MB14306370336BBCA04E9E755F9B520CY4PR11MB1430namp_" MIME-Version: 1.0 X-MS-Exchange-CrossTenant-Network-Message-Id: 1b8d2514-4987-421d-08bb-08d7849ddf91 X-MS-Exchange-CrossTenant-originalarrivaltime: 19 Dec 2019 16:09:49.0740 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: f46cf439-27ef-4acf-a800-15072bb7ddc1 X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: NLUFCF3fSEXP+sjlKUr5l3oN05ahzFXnHQVOaasyHkVdt+YVtd33A6ekEwHbqRKLnl2hV1SAkakgiHgyT3mBmATqgCrD4T6IYt0z1sXmcFcJuqtrYgWRw9pMSRTfQvLN X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY4PR11MB1861 X-OriginatorOrg: entrustdatacard.com Archived-At: Subject: Re: [Secdispatch] [EXTERNAL]Re: Clarification Question for the Comment from Eric Rescorla ( X-BeenThere: secdispatch@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Dispatch List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 19 Dec 2019 16:09:56 -0000 --_000_CY4PR11MB14306370336BBCA04E9E755F9B520CY4PR11MB1430namp_ Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 VGhhbmtzIFBhbm9zIGZvciBsYXlpbmcgb3V0IHRoZSB1c2UtY2FzZXMuIEkgdGhpbmsgeW91IGhp dCBhIGJpdCBvbmUgb24gdGhlIGhlYWQ6IEZJUFMgYXBwcm92YWwuIE9uIDIwMTktMTAtMzAsIE5J U1QgcHVibGlzaGVkIGEgUFFDIEZBUSB0aGF0IGluY2x1ZGVzIGEgY2FsbCBmb3IgaHlicmlkIG1v ZGVzIGZvciBib3RoIGtleSBleGNoYW5nZSBhbmQgc2lnbmF0dXJlcy4NCmh0dHBzOi8vY3NyYy5u aXN0Lmdvdi9Qcm9qZWN0cy9Qb3N0LVF1YW50dW0tQ3J5cHRvZ3JhcGh5L2ZhcXMNCmRyYWZ0LW91 bnN3b3J0aC1wcS1jb21wb3NpdGUtc2lncyBpbnRlbmRzIHRvIGJlIHRoZSDigJxvYnZpb3Vz4oCd IGltcGxlbWVudGF0aW9uIG9mIE5JU1TigJlzIGNhbGwgZm9yIGh5YnJpZCBtb2Rlcy4NCg0KDQpP bmUgcGxhY2UgdGhhdCB3ZSBkaWZmZXIgZnJvbSBOSVNU4oCZcyBjYWxsIGlzIHRoaXMgcG9pbnQg aW4gdGhlIEZBUToNCg0KPiBUaGUgbW9kZSBpcyB2YWxpZCBpZiBhbmQgb25seSBpZiBib3RoIHNp Z25hdHVyZXMgYXJlIHZhbGlkLg0KDQpPbmUgb2YgdGhlIGRlc2lnbiByZXF1aXJlbWVudHMgdGhh dCB3ZeKAmXZlIGJlZW4gd29ya2luZyB3aXRoIGlzIHRoZSBvbmUgcHVzaGVkIGJ5IE1heCBQYWxh IC8gQ2FibGVMYWJzOyBkZXBsb3kgZGV2aWNlcyBpbiB0aGUgZmllbGQgdG9kYXkgdGhhdCB1bmRl cnN0YW5kIHRoZSBoeWJyaWQgcHViIGtleSAvIHNpZ25hdHVyZSBmb3JtYXQsIGJ1dCBkbyBub3Qg bmVjZXNzYXJpbHkgaGF2ZSBhbiBpbXBsZW1lbnRhdGlvbiBvZiB0aGUgUFEgYWxnb3JpdGhtIChv ciBoYXZlIGFuIG9sZGVyLCBpbmNvbXBhdGlibGUsIGltcGxlbWVudGF0aW9uIG9mIHRoZSBQUSBh bGcgd2hpbGUgdGhlIE5JU1QgUFFDIGlzIHN0aWxsIHNoYWtpbmcgb3V0IG1hdGhlbWF0aWNhbCBv ciBpbXBsZW1lbnRhdGlvbiB2dWxuZXJhYmlsaXRpZXMpLg0KDQoNCkFzIHRvIHRoZSBwaGlsb3Nv cGhpY2FsIGRlYmF0ZSBhYm91dCDigJxLZWVwIFguNTA5IG9yIGdvIHRvIHNvbWV0aGluZyBuZXc/ 4oCdLCBub3RlIHRoYXQgZHJhZnQtb3Vuc3dvcnRoIGFpbXMgdG8gZGVmaW5lIGNvbXBvc2l0ZSBw dWJsaWMga2V5IGFuZCBzaWduYXR1cmUgZm9ybWF0cyB0aGF0LCBpZiB3ZeKAmXZlIGRvbmUgaXQg cmlnaHQsIGFyZSBjb21wYXRpYmxlIHdpdGggYW55IEFTTi4xIHByb3RvY29sLiBUaGlzIGRyYWZ0 IGlzIGludGVudGlvbmFsbHkgZGVjb3VwbGVkIGZyb20sIGJ1dCBjYW4gYmUgdXNlZCBieSwgWC41 MDkuICBUaGUgZ29hbCBoZXJlIGlzIG5vdCB0bw0KDQoNClJlOiBoYXNoLWJhc2VkIHNpZ25hdHVy ZXM6IEZvciBhIENBIHZlbmRvciDigJMgd2hldGhlciBwcm92aWRpbmcgcHVibGljbHktdHJ1c3Rl ZCBzZXJ2aWNlcywgb3Igb24tcHJlbSBzb2Z0d2FyZSAtLSBwcm9kdWN0IGNhcGFiaWxpdGllcyBh cmUgZHJpdmVuIGJ5IHRoZSBpbmR1c3RyeTsgaWYgdGhlIGluZHVzdHJ5IGlzIGhhcHB5IHdpdGgg cHVyZSBoYXNoLWJhc2VkIFBLSSBkdXJpbmcgdGhlIHRyYW5zaXRpb24gcGVyaW9kLCB0aGVuIEkg YWdyZWUgdGhhdCBoeWJyaWQgbW9kZXMgYXJlIHVubmVjZXNzYXJ5LiBIb3dldmVyLCB0aGF04oCZ cyBub3Qgd2hhdCBJ4oCZbSBzZWVpbmc6IHRoZSBIQlMgc2NoZW1lcyBjdXJyZW50bHkgYXZhaWxh YmxlIGluIElFVEYgYXJlIGFsbCBzdGF0ZWZ1bCwgYW5kIDEpIE5JU1TigJlzIFNQIDgwMC0yMDgt ZHJhZnQgc2F5cyDigJxTdGF0ZWZ1bCBIQlMgc2NoZW1lcyBhcmUgbm90IHN1aXRhYmxlIGZvciBn ZW5lcmFsIHVzZSBiZWNhdXNlIHRoZXkgcmVxdWlyZSBjYXJlZnVsIHN0YXRlIG1hbmFnZW1lbnQg dGhhdCBpcyBvZnRlbiBkaWZmaWN1bHQgdG8gYXNzdXJl4oCdLCBhbmQgMikgY2hhdHMgSeKAmXZl IGhhZCB3aXRoIFJ5YW4gU2xlZXZpIGFuZCBBZGFtIExhbmdsZXkgd2hvIHNlZW0gc2tlcHRpY2Fs IHRoYXQgYWxsIENBIG9wZXJhdG9ycyAocHVibGljLCBwcml2YXRlLCBjb3Jwb3JhdGUsIGV0Yyks IGNhbiByZXNwb25zaWJseSBtYW5hZ2UgYSBzdGF0ZWZ1bCBwcml2YXRlIGtleS4gMykgRWFybGll ciB0aGlzIHllYXIsIFBhbm9zIGhhZCBiZWVuIHB1c2hpbmcgZm9yIHB1YmxpY2x5LXRydXN0ZWQg SFNCIHJvb3QgQ0FzLCBidXQgZHJvcHBlZCBpdCBvbiB0aGUgcG9pbnQgdGhhdCwgb25jZSB5b3Ug aGF2ZSBhIHN0YXRlZnVsIEhCUyByb290IENBLCB3aGF0IGRvIHlvdSBkbyB3aXRoIGl0PyBZb3Ug ZG9u4oCZdCByZWFsbHkgd2FudCBlbmQgZW50aXRpZXMgKFRMUyBzZXJ2ZXJzLCB0aGUgUy9NSU1F IGNsaWVudCBvbiB5b3VyIHBob25lLCBQSVYgY2FyZHMsIGV0YykgdXNpbmcgc3RhdGVmdWwga2V5 cy4NClNvIG1heWJlIHRoZSBtYXJrZXQgd2lsbCBiZSBzYXRpc2ZpZWQgd2l0aCBIQlMtb25seSBQ S0lzIGZvciBzb21lIHVzZS1jYXNlcywgYnV0IEkgbWFpbnRhaW4gdGhhdCB3ZSBzaG91bGQgc3Rh bmRhcmRpemUgYSBmdWxseSBhbGdvcml0aG0tYWdub3N0aWMgaHlicmlkIG1lY2hhbmlzbSBhbnl3 YXkuDQoNCg0KDQpQUyAtIEnigJlsbCB0YWtlIHlvdXIgYmFpdCBvbiB0aGUg4oCcY29ybmVyIHRo ZSBtYXJrZXTigJ0gY29tbWVudDsgSU1ITyBhIFBLSSBpcyB1c2VsZXNzIGlmIGl0cyBjb3JlIGZ1 bmN0aW9uYWxpdHkg4oCTIHB1YmxpYyBrZXlzIGFuZCBzaWduYXR1cmVzIC0tZG8gbm90IGludGVy b3BlcmF0ZSB3aXRoIG90aGVyIHZlbmRvcnMuIE5vIGNvcm5lcmluZyBvZiB0aGUgbWFya2V0IGlz IGludGVuZGVkLCBzaW1wbHkgbG9va2luZyBmb3IgYSBzaW1wbGUtaXNoIHNvbHV0aW9uIHF1aWNr bHktaXNoLg0KDQotLS0NCk1pa2UgT3Vuc3dvcnRoDQpTb2Z0d2FyZSBTZWN1cml0eSBBcmNoaXRl Y3QsIEVudHJ1c3QgRGF0YWNhcmQNCg0KRnJvbTogU2VjZGlzcGF0Y2ggPHNlY2Rpc3BhdGNoLWJv dW5jZXNAaWV0Zi5vcmc+IE9uIEJlaGFsZiBPZiBQYW5vcyBLYW1wYW5ha2lzIChwa2FtcGFuYSkN ClNlbnQ6IERlY2VtYmVyIDEyLCAyMDE5IDk6NTYgUE0NClRvOiBFcmljIFJlc2NvcmxhIDxla3JA cnRmbS5jb20+OyBTdGVwaGVuIEZhcnJlbGwgPHN0ZXBoZW4uZmFycmVsbEBjcy50Y2QuaWU+OyBN aWNoYWVsIFJpY2hhcmRzb24gPG1jcitpZXRmQHNhbmRlbG1hbi5jYT4NCkNjOiBJRVRGIFNlY0Rp c3BhdGNoIDxzZWNkaXNwYXRjaEBpZXRmLm9yZz4NClN1YmplY3Q6IFJlOiBbU2VjZGlzcGF0Y2hd IFtFWFRFUk5BTF1SZTogQ2xhcmlmaWNhdGlvbiBRdWVzdGlvbiBmb3IgdGhlIENvbW1lbnQgZnJv bSBFcmljIFJlc2NvcmxhICgNCg0KSGkgRWtyLCBTdGVwaGVuLCBNaWtlLA0KDQoNCj4gQXMgYSB2 YXJpYXRpb24gb2Ygd2hhdCBFS1IgYXNrZWQsIHlvdSBhcmUgYXNraW5nIGZvciBQUS1QS0ksIGJ1 dCB5b3VyIHVzZSBjYXNlIGlzIGltYWdlIHNpZ25pbmcuDQoNClVFRkkgU2VjdXJlIEJvb3QgKGlu IGVzc2VuY2Ugd2hhdCBJIG1lYW50IGJ5IGltYWdlIHNpbmdpbmcpICB1c2VzIGEgUEtJIGFyY2hp dGVjdHVyZS4gVGhlcmUgaXMgYSBQcm9kdWN0IEtleSBQSyAocm9vdCBDQSkgdGhhdCBlc3RhYmxp c2hlcyBhIHRydXN0IHJlbGF0aW9uc2hpcCBiZXR3ZWVuIHRoZSBwbGF0Zm9ybSBvd25lciBhbmQg dGhlIHBsYXRmb3JtIGZpcm13YXJlLiBUaGUgUEsgc2lnbnMgS0VLcyB3aGljaCBlc3RhYmxpc2hl ZCBhIHRydXN0IHJlbGF0aW9uc2hpcCBiZXR3ZWVuIHRoZSBwbGF0Zm9ybSBmaXJtd2FyZSBhbmQg dGhlIG9wZXJhdGluZyBzeXN0ZW0uIFRoZXNlIGFyZSBtb3N0bHkgaW4gWC41MDkgdG9kYXkuIE1v cmUgaW4gWzJdLg0KDQo+IElzIHRoZXJlIGEgcmVhc29uIHdoeSB5b3UgZG9uJ3Qgd2FudCB0byBk byBoYXNoIHNpZ25hdHVyZXM/DQoNCkhCUyBpbmRlZWQgbG9va3MgbGlrZSB0aGUgYmVzdCBvcHRp b24gZm9yIHRoaXMgdXNlY2FzZS4gTm90IG5lY2Vzc2FyaWx5IHN0YXRlZnVsLiBXZSBoYXZlIHNv bWUgcHJlbGltaW5hcnkgYW5hbHlzaXMgb24gdGhpcyBpcyBpbiBTZWN0aW9uIDMgaW4gWzFdLiBN b3JlIHRvIGNvbWUgc29vbi4NCg0KQnV0IHdlIGNhbuKAmXQgZ28gZGlyZWN0bHkgdG8gcHVyZSBI QlMgYmVjYXVzZSBhbHJlYWR5IGRlcGxveWVkIG1hY2hpbmVzIGluIHRoZSBmaWVsZCB3aWxsIG5v dCBib290IGF0IGFsbCBhbmQgdXBncmFkaW5nIEJJT1MgaXMgbm90IHNpbXBsZS4gQWxzbywgd2Ug Y2Fu4oCZdCBnbyB0byBwdXJlIEhCUyBiZWNhdXNlIGl0IHdpbGwgbm90IGJlIEZJUFMgYXBwcm92 ZWQgZXZlbiBhZnRlciB3ZSBoYXZlIGEgc3RhbmRhcmRpemVkIFBRIG9wdGlvbi4gU28sIHdlIGhh dmUgdG8gZG8gc29tZSBzb3J0IG9mIGNvbXBvc2l0ZSBSU0ErcG9zdC1xdWFudHVtIChOSVNUIGhh cyBwdXQgb3V0IGEgc3RhdGVtZW50IHRoYXQgc2F5cyB0aGF0IGEgY29tcG9zaXRlIHdpbGwgc3Rp bGwgYmUgRklQUyBhcHByb3ZlZCBpZiB0aGUgY2xhc3NpY2FsIHBhcnQgaXMpLiBUaGUgRklQUyBh cmd1bWVudCBpcyBpbXBvcnRhbnQuIFdhaXRpbmcgZm9yIFBRIHN0YW5kYXJkaXphdGlvbiBpcyBv bmUgdGhpbmcsIGJ1dCBGSVBTIGFwcHJvdmFsIHdpbGwgdGFrZSBldmVuIGxvbmdlciBhbmQgdW50 aWwgdGhlbiB3ZSAoQ2lzY28pIHdhbnQgdG8gZG8gc29tZSBzb3J0IG9mIGNvbXBvc2l0ZSBiZWZv cmUgdGhlbi4NCg0KTm90ZSB0aGF0IEkgYW0gbm90IGludGVyZXN0ZWQgaW4gZ2V0dGluZyBhbiBY LjUwOSBPSUQgZm9yIFJTQStIQlMsIEkgd2FudCBhIGRlZmluaXRpb24gb2YgaG93IGNvbXBvc2l0 ZSB3b3VsZCB3b3JrIHNvIEkgY2FuIGVzdGFibGlzaCB0aGUgcmVxdWlyZW1lbnRzIGZvciB0aGVz ZSBmdXR1cmUgY2hpcHMgc3VwcG9ydGluZyBjb21wb3NpdGUgdmVyaWZpY2F0aW9uLg0KDQoNCj4g SXQncyBub3QgYXQgYWxsIGNsZWFyIHRvIG1lIHRoYXQgZGF0YSBpbnRlZ3JpdHkgbm9yIG9yaWdp biBhdXRoZW50aWNhdGlvbiBpbiB0aGF0IHRpbWVmcmFtZSBvdWdodCBiZSB0aWVkIHRvIHguNTA5 IGNlcnRpZmljYXRlcyBhdCBhbGwuDQoNClN0ZXBoZW7igJlzIGNvbW1lbnQgYWJvdXQgbm90IGRv aW5nIGl0IGluIFguNTA5IGlzIHZhbGlkLiBXZSBjb3VsZCB1c2UgYSBjb21wb3NpdGUgYmxvYiBh bmQgdXNlIGl0IGluIG91ciBvd24gY3VzdG9tIHdheS4gVHdvIGlzc3VlcyB3aXRoIHRoYXQ6DQoN CiAgMS4gIFVFRkkgY2hhaW5zIG9mIHRydXN0IGhhdmUgYmVlbiBtb3ZpbmcgdG8gWC41MDkgYW5k IHRvIENNUy9QS0NTIzcgZm9yIHRoZSBzdyBzaWduYXR1cmVzLiBJIGFtIG5vdCBjbGFpbWluZyB0 aGVyZSBhcmUgbm8gY3VzdG9tIGtleXMvc2lnbmF0dXJlIGZvcm1hdHMgbm93aGVyZSwgYnV0IG1v c3QgVUVGSSB2ZW5kb3JzIGhhdmUgYmVlbiBtb3ZpbmcgYXdheSBmcm9tIHRoZW0uIFNvIGdvaW5n IHRvIGN1c3RvbSBrZXkgcmVwcmVzZW50YXRpb25zIG9yIENPU0Ugd291bGQgYmUgYSBzdGVwIGJh Y2t3YXJkcyBvciBzaWRld2F5cy4NCiAgMi4gIEFsc28gT0VNIHZlbmRvcnMgdGhhdCBpbmNsdWRl IHNpZyB2ZXJpZmljYXRpb24gaW4gdGhlaXIgY2hpcHMgb3IgRlBHQXMgc2hvdyBwcmVmZXJlbmNl IGluIHdlbGwtZGVmaW5lZCBzcGVjcyBwcm9iYWJseSBiZWNhdXNlIHRoZXkgY2FuIHJldXNlIHRo ZW0gZm9yIG90aGVyIHVzZWNhc2VzLg0KVGhhdCBpcyB3aHkgd2UgKENpc2NvKSB3b3VsZCBwcmVm ZXIgdG8gc2VlIGEgc3RhbmRhcmQgd2F5IG9mIGRvaW5nIGNvbXBvc2l0ZSBzaWdzIGZvciBVRUZJ IChpbiBYLjUwOSBhbmQgaW4gQ01TIHRvIGJlIGhvbmVzdCkgaW5zdGVhZCBvZiBkZWZpbmluZyBv dXIgb3duLiBXZSBwcm9iYWJseSBkb27igJl0IHdhbnQgdG8gc29sdmUgdGhpcyBtYW55IHRpbWVz LCBvbmNlIGJ5IGVhY2ggdmVuZG9yLCBvbmNlIGluIENNUywgb25jZSBVRUZJIFBLSS4NCg0KSSB0 b3RhbGx5IGFwcHJlY2lhdGUgdGhlIGNvdW50ZXItYXJndW1lbnQgYWJvdXQgY29tcGxleGl0eSBh bmQgcG90ZW50aWFsIGNhbnMgb2Ygd29ybXMsIGJ1dCBJIGFtIGFmcmFpZCB2ZW5kb3JzIHdpbGwg aGF2ZSB0byBhZGRyZXNzIHRoaXMgZWl0aGVyIGluZGl2aWR1YWxseSBvciBhcyBhIGdyb3VwLiBB bmQgbXkgYXJndW1lbnQgd291bGQgZG9pbmcgaXQgYXMgYSBncm91cC4NCg0KUmdzLA0KUGFub3MN Cg0KWzFdIGh0dHBzOi8vZXByaW50LmlhY3Iub3JnLzIwMTkvMTI3Ni5wZGYNClsyXSBodHRwczov L2RvY3MubWljcm9zb2Z0LmNvbS9lbi11cy93aW5kb3dzLWhhcmR3YXJlL21hbnVmYWN0dXJlL2Rl c2t0b3Avd2luZG93cy1zZWN1cmUtYm9vdC1rZXktY3JlYXRpb24tYW5kLW1hbmFnZW1lbnQtZ3Vp ZGFuY2UNCg0KDQoNCkZyb206IEVyaWMgUmVzY29ybGEgPGVrckBydGZtLmNvbTxtYWlsdG86ZWty QHJ0Zm0uY29tPj4NClNlbnQ6IFRodXJzZGF5LCBEZWNlbWJlciAxMiwgMjAxOSAxMTo1MiBBTQ0K VG86IFBhbm9zIEthbXBhbmFraXMgKHBrYW1wYW5hKSA8cGthbXBhbmFAY2lzY28uY29tPG1haWx0 bzpwa2FtcGFuYUBjaXNjby5jb20+Pg0KQ2M6IFN0ZXBoZW4gRmFycmVsbCA8c3RlcGhlbi5mYXJy ZWxsQGNzLnRjZC5pZTxtYWlsdG86c3RlcGhlbi5mYXJyZWxsQGNzLnRjZC5pZT4+OyBJRVRGIFNl Y0Rpc3BhdGNoIDxzZWNkaXNwYXRjaEBpZXRmLm9yZzxtYWlsdG86c2VjZGlzcGF0Y2hAaWV0Zi5v cmc+Pg0KU3ViamVjdDogUmU6IFtTZWNkaXNwYXRjaF0gW0VYVEVSTkFMXVJlOiBDbGFyaWZpY2F0 aW9uIFF1ZXN0aW9uIGZvciB0aGUgQ29tbWVudCBmcm9tIEVyaWMgUmVzY29ybGEgKA0KDQoNCg0K T24gVGh1LCBEZWMgMTIsIDIwMTkgYXQgODozMyBBTSBQYW5vcyBLYW1wYW5ha2lzIChwa2FtcGFu YSkgPHBrYW1wYW5hQGNpc2NvLmNvbTxtYWlsdG86cGthbXBhbmFAY2lzY28uY29tPj4gd3JvdGU6 DQpIaSwNCg0KPiBTb3JyeSBpZiBJJ3ZlIG1pc3NlZCBpdCwgYnV0IHdobyBkbyB3ZSBoYXZlIHRo YXQgaXMgY2FsbGluZyBmb3IgYSBwb3N0LXF1YW50dW0gUEtJIHNvbHV0aW9uIHRvIGJlIGRldmVs b3BlZCBub3csIGJ1dCB3aG8gaXMgbm90IHByb21vdGluZyBvbmUgc3VjaD8NCg0KV2UgKENpc2Nv KSB3aWxsIG5lZWQgUFEgUEtJIChub3QgV2ViUEtJKSBzb2x1dGlvbiBmb3IgaW1hZ2Ugc2lnbmlu Zy4gV2hlbiB0YWxraW5nIGFib3V0IGNoaXBzIHRoYXQgYXJlIGRlc2lnbmVkIG5vdyBhbmQgd2ls bCBsaXZlIGluIHRoZSBmaWVsZCBmb3IgZGVjYWRlcywgd2Ugd291bGQgbGlrZSB0byBkZXNpZ24g dG9kYXkgaW5zdGVhZCBvZiB3YWl0IGZvciAyMDMwLiBOb3RlIHdlIGFyZSBzcGVuZGluZyAobm90 IG1ha2luZykgbW9uZXkgb24gUEtJLCBzbyB3ZSBhcmUgbm90IHRyeWluZyB0byBjb3JuZXIgYSBt YXJrZXQuDQoNCklzIHRoZXJlIGEgcmVhc29uIHdoeSB5b3UgZG9uJ3Qgd2FudCB0byBkbyBoYXNo IHNpZ25hdHVyZXM/DQoNCi1Fa3INCg0KSSBoYXZlIHRhbGtlZCB0byBhbm90aGVyIHZlbmRvciBp bnRlcmVzdGVkIGluIHRoZW0gdG8gc2lnbiBpdHMgT1MgYnV0IEkgd2lsbCBub3Qgc3BlYWsgZm9y IHRoZW0uIEkgaGF2ZSBhbHNvIHRhbGtlZCB0byBhdCBsZWFzdCBvbmUgSFNNIHZlbmRvciB0aGF0 IGhhcyBzb21lIGNsaWVudHMgYXNraW5nIGZvciBQUSBQS0kgc3VwcG9ydCB0byBiZSBhZGRlZCBp biB0aGVpciBIU00gYnV0IEkgd2lsbCBub3Qgc3BlYWsgZm9yIHRoZW0gZWl0aGVyLiBJIGRvbid0 IHRoaW5rIGFueSBvZiB0aGVzZSB1c2UtY2FzZXMgYXJlIHRyeWluZyB0byBjb3JuZXIgYSBtYXJr ZXQuDQoNClBhbm9zDQoNCg0KLS0tLS1PcmlnaW5hbCBNZXNzYWdlLS0tLS0NCkZyb206IFNlY2Rp c3BhdGNoIDxzZWNkaXNwYXRjaC1ib3VuY2VzQGlldGYub3JnPG1haWx0bzpzZWNkaXNwYXRjaC1i b3VuY2VzQGlldGYub3JnPj4gT24gQmVoYWxmIE9mIFN0ZXBoZW4gRmFycmVsbA0KU2VudDogU3Vu ZGF5LCBEZWNlbWJlciAwOCwgMjAxOSA5OjA0IFBNDQpUbzogTWlrZSBPdW5zd29ydGggPE1pa2Uu T3Vuc3dvcnRoQGVudHJ1c3RkYXRhY2FyZC5jb208bWFpbHRvOk1pa2UuT3Vuc3dvcnRoQGVudHJ1 c3RkYXRhY2FyZC5jb20+PjsgRXJpYyBSZXNjb3JsYSA8ZWtyQHJ0Zm0uY29tPG1haWx0bzpla3JA cnRmbS5jb20+PjsgRHIuIFBhbGEgPG1hZHdvbGZAb3BlbmNhLm9yZzxtYWlsdG86bWFkd29sZkBv cGVuY2Eub3JnPj4NCkNjOiBJRVRGIFNlY0Rpc3BhdGNoIDxzZWNkaXNwYXRjaEBpZXRmLm9yZzxt YWlsdG86c2VjZGlzcGF0Y2hAaWV0Zi5vcmc+Pg0KU3ViamVjdDogUmU6IFtTZWNkaXNwYXRjaF0g W0VYVEVSTkFMXVJlOiBDbGFyaWZpY2F0aW9uIFF1ZXN0aW9uIGZvciB0aGUgQ29tbWVudCBmcm9t IEVyaWMgUmVzY29ybGEgKA0KDQoNCkhpeWEsDQoNCkN1dHRpbmcgdG8gdGhlIG51YiBvZiBteSBj b25jZXJuLi4uDQoNCk9uIDA5LzEyLzIwMTkgMDE6NDYsIE1pa2UgT3Vuc3dvcnRoIHdyb3RlOg0K PiBJIGhvcGUgdGhhdCBkb2VzbuKAmXQgcHJlY2x1ZGUgYSBwdXNoIGZvciBhIG1vcmUgaW1tZWRp YXRlIHNvbHV0aW9uLg0KDQpJU1RNIHRoZSAicHVzaCIgaXMgbGVzcyBmb3IgYSBzb2x1dGlvbiB0 aGFuIGZvciB1bmRlcnN0YW5kYWJseSBhdHRlbXB0aW5nIHRvIGNvcm5lciBhIG1hcmtldC4gSSBk b24ndCB0aGluayBzdWNoIGF0dGVtcHRzIGFyZSAiYmFkIiB0aGluZ3MsIGJ1dCBJIGRvIHRoaW5r IGZvbGxvd2luZyAnZW0gaXMgbW9yZSBsaWtlbHkgdW53aXNlLg0KDQpTb3JyeSBpZiBJJ3ZlIG1p c3NlZCBpdCwgYnV0IHdobyBkbyB3ZSBoYXZlIHRoYXQgaXMgY2FsbGluZyBmb3IgYSBwb3N0LXF1 YW50dW0gUEtJIHNvbHV0aW9uIHRvIGJlIGRldmVsb3BlZCBub3csIGJ1dCB3aG8gaXMgbm90IHBy b21vdGluZyBvbmUgc3VjaD8NCg0KVGhhbmtzLA0KUy4NCl9fX19fX19fX19fX19fX19fX19fX19f X19fX19fX19fX19fX19fX19fX19fX19fDQpTZWNkaXNwYXRjaCBtYWlsaW5nIGxpc3QNClNlY2Rp c3BhdGNoQGlldGYub3JnPG1haWx0bzpTZWNkaXNwYXRjaEBpZXRmLm9yZz4NCmh0dHBzOi8vd3d3 LmlldGYub3JnL21haWxtYW4vbGlzdGluZm8vc2VjZGlzcGF0Y2gNCg== --_000_CY4PR11MB14306370336BBCA04E9E755F9B520CY4PR11MB1430namp_ Content-Type: text/html; charset="utf-8" Content-Transfer-Encoding: base64 PGh0bWwgeG1sbnM6dj0idXJuOnNjaGVtYXMtbWljcm9zb2Z0LWNvbTp2bWwiIHhtbG5zOm89InVy bjpzY2hlbWFzLW1pY3Jvc29mdC1jb206b2ZmaWNlOm9mZmljZSIgeG1sbnM6dz0idXJuOnNjaGVt YXMtbWljcm9zb2Z0LWNvbTpvZmZpY2U6d29yZCIgeG1sbnM6bT0iaHR0cDovL3NjaGVtYXMubWlj cm9zb2Z0LmNvbS9vZmZpY2UvMjAwNC8xMi9vbW1sIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv VFIvUkVDLWh0bWw0MCI+DQo8aGVhZD4NCjxtZXRhIGh0dHAtZXF1aXY9IkNvbnRlbnQtVHlwZSIg Y29udGVudD0idGV4dC9odG1sOyBjaGFyc2V0PXV0Zi04Ij4NCjxtZXRhIG5hbWU9IkdlbmVyYXRv ciIgY29udGVudD0iTWljcm9zb2Z0IFdvcmQgMTUgKGZpbHRlcmVkIG1lZGl1bSkiPg0KPHN0eWxl PjwhLS0NCi8qIEZvbnQgRGVmaW5pdGlvbnMgKi8NCkBmb250LWZhY2UNCgl7Zm9udC1mYW1pbHk6 IkNhbWJyaWEgTWF0aCI7DQoJcGFub3NlLTE6MiA0IDUgMyA1IDQgNiAzIDIgNDt9DQpAZm9udC1m YWNlDQoJe2ZvbnQtZmFtaWx5OkRlbmdYaWFuOw0KCXBhbm9zZS0xOjIgMSA2IDAgMyAxIDEgMSAx IDE7fQ0KQGZvbnQtZmFjZQ0KCXtmb250LWZhbWlseTpDYWxpYnJpOw0KCXBhbm9zZS0xOjIgMTUg NSAyIDIgMiA0IDMgMiA0O30NCkBmb250LWZhY2UNCgl7Zm9udC1mYW1pbHk6IlxARGVuZ1hpYW4i Ow0KCXBhbm9zZS0xOjIgMSA2IDAgMyAxIDEgMSAxIDE7fQ0KLyogU3R5bGUgRGVmaW5pdGlvbnMg Ki8NCnAuTXNvTm9ybWFsLCBsaS5Nc29Ob3JtYWwsIGRpdi5Nc29Ob3JtYWwNCgl7bWFyZ2luOjBj bTsNCgltYXJnaW4tYm90dG9tOi4wMDAxcHQ7DQoJZm9udC1zaXplOjExLjBwdDsNCglmb250LWZh bWlseToiQ2FsaWJyaSIsc2Fucy1zZXJpZjt9DQphOmxpbmssIHNwYW4uTXNvSHlwZXJsaW5rDQoJ e21zby1zdHlsZS1wcmlvcml0eTo5OTsNCgljb2xvcjpibHVlOw0KCXRleHQtZGVjb3JhdGlvbjp1 bmRlcmxpbmU7fQ0KYTp2aXNpdGVkLCBzcGFuLk1zb0h5cGVybGlua0ZvbGxvd2VkDQoJe21zby1z dHlsZS1wcmlvcml0eTo5OTsNCgljb2xvcjpwdXJwbGU7DQoJdGV4dC1kZWNvcmF0aW9uOnVuZGVy bGluZTt9DQpwLk1zb1BsYWluVGV4dCwgbGkuTXNvUGxhaW5UZXh0LCBkaXYuTXNvUGxhaW5UZXh0 DQoJe21zby1zdHlsZS1wcmlvcml0eTo5OTsNCgltc28tc3R5bGUtbGluazoiUGxhaW4gVGV4dCBD aGFyIjsNCgltYXJnaW46MGNtOw0KCW1hcmdpbi1ib3R0b206LjAwMDFwdDsNCglmb250LXNpemU6 MTEuMHB0Ow0KCWZvbnQtZmFtaWx5OiJDYWxpYnJpIixzYW5zLXNlcmlmO30NCnAuTXNvTGlzdFBh cmFncmFwaCwgbGkuTXNvTGlzdFBhcmFncmFwaCwgZGl2Lk1zb0xpc3RQYXJhZ3JhcGgNCgl7bXNv LXN0eWxlLXByaW9yaXR5OjM0Ow0KCW1hcmdpbi10b3A6MGNtOw0KCW1hcmdpbi1yaWdodDowY207 DQoJbWFyZ2luLWJvdHRvbTowY207DQoJbWFyZ2luLWxlZnQ6MzYuMHB0Ow0KCW1hcmdpbi1ib3R0 b206LjAwMDFwdDsNCglmb250LXNpemU6MTEuMHB0Ow0KCWZvbnQtZmFtaWx5OiJDYWxpYnJpIixz YW5zLXNlcmlmO30NCnAubXNvbm9ybWFsMCwgbGkubXNvbm9ybWFsMCwgZGl2Lm1zb25vcm1hbDAN Cgl7bXNvLXN0eWxlLW5hbWU6bXNvbm9ybWFsOw0KCW1zby1tYXJnaW4tdG9wLWFsdDphdXRvOw0K CW1hcmdpbi1yaWdodDowY207DQoJbXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG87DQoJbWFyZ2lu LWxlZnQ6MGNtOw0KCWZvbnQtc2l6ZToxMS4wcHQ7DQoJZm9udC1mYW1pbHk6IkNhbGlicmkiLHNh bnMtc2VyaWY7fQ0Kc3Bhbi5QbGFpblRleHRDaGFyDQoJe21zby1zdHlsZS1uYW1lOiJQbGFpbiBU ZXh0IENoYXIiOw0KCW1zby1zdHlsZS1wcmlvcml0eTo5OTsNCgltc28tc3R5bGUtbGluazoiUGxh aW4gVGV4dCI7DQoJZm9udC1mYW1pbHk6IkNhbGlicmkiLHNhbnMtc2VyaWY7fQ0Kc3Bhbi5FbWFp bFN0eWxlMjENCgl7bXNvLXN0eWxlLXR5cGU6cGVyc29uYWw7DQoJZm9udC1mYW1pbHk6IkNhbGli cmkiLHNhbnMtc2VyaWY7DQoJY29sb3I6IzFGNDk3RDsNCglmb250LXdlaWdodDpub3JtYWw7DQoJ Zm9udC1zdHlsZTpub3JtYWw7DQoJdGV4dC1kZWNvcmF0aW9uOm5vbmUgbm9uZTt9DQpzcGFuLkVt YWlsU3R5bGUyMg0KCXttc28tc3R5bGUtdHlwZTpwZXJzb25hbDsNCglmb250LWZhbWlseToiQ2Fs aWJyaSIsc2Fucy1zZXJpZjsNCgljb2xvcjojNzAzMEEwO30NCnNwYW4uRW1haWxTdHlsZTIzDQoJ e21zby1zdHlsZS10eXBlOnBlcnNvbmFsLWNvbXBvc2U7DQoJZm9udC1mYW1pbHk6IkNhbGlicmki LHNhbnMtc2VyaWY7DQoJY29sb3I6d2luZG93dGV4dDt9DQouTXNvQ2hwRGVmYXVsdA0KCXttc28t c3R5bGUtdHlwZTpleHBvcnQtb25seTsNCglmb250LXNpemU6MTAuMHB0O30NCkBwYWdlIFdvcmRT ZWN0aW9uMQ0KCXtzaXplOjYxMi4wcHQgNzkyLjBwdDsNCgltYXJnaW46NzIuMHB0IDcyLjBwdCA3 Mi4wcHQgNzIuMHB0O30NCmRpdi5Xb3JkU2VjdGlvbjENCgl7cGFnZTpXb3JkU2VjdGlvbjE7fQ0K LyogTGlzdCBEZWZpbml0aW9ucyAqLw0KQGxpc3QgbDANCgl7bXNvLWxpc3QtaWQ6NTY2NDk3NzE4 Ow0KCW1zby1saXN0LXR5cGU6aHlicmlkOw0KCW1zby1saXN0LXRlbXBsYXRlLWlkczo0NjMzOTM5 MjIgLTExOTcyMDk1MTQgNjc2OTg3MTMgNjc2OTg3MTUgNjc2OTg3MDMgNjc2OTg3MTMgNjc2OTg3 MTUgNjc2OTg3MDMgNjc2OTg3MTMgNjc2OTg3MTU7fQ0KQGxpc3QgbDA6bGV2ZWwxDQoJe21zby1s ZXZlbC10ZXh0OiJcKCUxXCkiOw0KCW1zby1sZXZlbC10YWItc3RvcDpub25lOw0KCW1zby1sZXZl bC1udW1iZXItcG9zaXRpb246bGVmdDsNCgl0ZXh0LWluZGVudDotMTguMHB0O30NCkBsaXN0IGww OmxldmVsMg0KCXttc28tbGV2ZWwtbnVtYmVyLWZvcm1hdDphbHBoYS1sb3dlcjsNCgltc28tbGV2 ZWwtdGFiLXN0b3A6bm9uZTsNCgltc28tbGV2ZWwtbnVtYmVyLXBvc2l0aW9uOmxlZnQ7DQoJdGV4 dC1pbmRlbnQ6LTE4LjBwdDt9DQpAbGlzdCBsMDpsZXZlbDMNCgl7bXNvLWxldmVsLW51bWJlci1m b3JtYXQ6cm9tYW4tbG93ZXI7DQoJbXNvLWxldmVsLXRhYi1zdG9wOm5vbmU7DQoJbXNvLWxldmVs LW51bWJlci1wb3NpdGlvbjpyaWdodDsNCgl0ZXh0LWluZGVudDotOS4wcHQ7fQ0KQGxpc3QgbDA6 bGV2ZWw0DQoJe21zby1sZXZlbC10YWItc3RvcDpub25lOw0KCW1zby1sZXZlbC1udW1iZXItcG9z aXRpb246bGVmdDsNCgl0ZXh0LWluZGVudDotMTguMHB0O30NCkBsaXN0IGwwOmxldmVsNQ0KCXtt c28tbGV2ZWwtbnVtYmVyLWZvcm1hdDphbHBoYS1sb3dlcjsNCgltc28tbGV2ZWwtdGFiLXN0b3A6 bm9uZTsNCgltc28tbGV2ZWwtbnVtYmVyLXBvc2l0aW9uOmxlZnQ7DQoJdGV4dC1pbmRlbnQ6LTE4 LjBwdDt9DQpAbGlzdCBsMDpsZXZlbDYNCgl7bXNvLWxldmVsLW51bWJlci1mb3JtYXQ6cm9tYW4t bG93ZXI7DQoJbXNvLWxldmVsLXRhYi1zdG9wOm5vbmU7DQoJbXNvLWxldmVsLW51bWJlci1wb3Np dGlvbjpyaWdodDsNCgl0ZXh0LWluZGVudDotOS4wcHQ7fQ0KQGxpc3QgbDA6bGV2ZWw3DQoJe21z by1sZXZlbC10YWItc3RvcDpub25lOw0KCW1zby1sZXZlbC1udW1iZXItcG9zaXRpb246bGVmdDsN Cgl0ZXh0LWluZGVudDotMTguMHB0O30NCkBsaXN0IGwwOmxldmVsOA0KCXttc28tbGV2ZWwtbnVt YmVyLWZvcm1hdDphbHBoYS1sb3dlcjsNCgltc28tbGV2ZWwtdGFiLXN0b3A6bm9uZTsNCgltc28t bGV2ZWwtbnVtYmVyLXBvc2l0aW9uOmxlZnQ7DQoJdGV4dC1pbmRlbnQ6LTE4LjBwdDt9DQpAbGlz dCBsMDpsZXZlbDkNCgl7bXNvLWxldmVsLW51bWJlci1mb3JtYXQ6cm9tYW4tbG93ZXI7DQoJbXNv LWxldmVsLXRhYi1zdG9wOm5vbmU7DQoJbXNvLWxldmVsLW51bWJlci1wb3NpdGlvbjpyaWdodDsN Cgl0ZXh0LWluZGVudDotOS4wcHQ7fQ0KQGxpc3QgbDENCgl7bXNvLWxpc3QtaWQ6MTIyNzQ5MzU2 MTsNCgltc28tbGlzdC10ZW1wbGF0ZS1pZHM6LTIxNDE1NjIxMjA7fQ0Kb2wNCgl7bWFyZ2luLWJv dHRvbTowY207fQ0KdWwNCgl7bWFyZ2luLWJvdHRvbTowY207fQ0KLS0+PC9zdHlsZT48IS0tW2lm IGd0ZSBtc28gOV0+PHhtbD4NCjxvOnNoYXBlZGVmYXVsdHMgdjpleHQ9ImVkaXQiIHNwaWRtYXg9 IjEwMjYiIC8+DQo8L3htbD48IVtlbmRpZl0tLT48IS0tW2lmIGd0ZSBtc28gOV0+PHhtbD4NCjxv OnNoYXBlbGF5b3V0IHY6ZXh0PSJlZGl0Ij4NCjxvOmlkbWFwIHY6ZXh0PSJlZGl0IiBkYXRhPSIx IiAvPg0KPC9vOnNoYXBlbGF5b3V0PjwveG1sPjwhW2VuZGlmXS0tPg0KPC9oZWFkPg0KPGJvZHkg bGFuZz0iRU4tVVMiIGxpbms9ImJsdWUiIHZsaW5rPSJwdXJwbGUiPg0KPGRpdiBjbGFzcz0iV29y ZFNlY3Rpb24xIj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJjb2xvcjojNzAz MEEwIj5UaGFua3MgUGFub3MgZm9yIGxheWluZyBvdXQgdGhlIHVzZS1jYXNlcy4gSSB0aGluayB5 b3UgaGl0IGEgYml0IG9uZSBvbiB0aGUgaGVhZDogRklQUyBhcHByb3ZhbC4gT24gMjAxOS0xMC0z MCwgTklTVCBwdWJsaXNoZWQgYSBQUUMgRkFRIHRoYXQgaW5jbHVkZXMgYSBjYWxsIGZvciBoeWJy aWQgbW9kZXMgZm9yIGJvdGgga2V5IGV4Y2hhbmdlIGFuZCBzaWduYXR1cmVzLjxvOnA+PC9vOnA+ PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJjb2xvcjojNzAz MEEwIj5odHRwczovL2NzcmMubmlzdC5nb3YvUHJvamVjdHMvUG9zdC1RdWFudHVtLUNyeXB0b2dy YXBoeS9mYXFzPG86cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNw YW4gc3R5bGU9ImNvbG9yOiM3MDMwQTAiPmRyYWZ0LW91bnN3b3J0aC1wcS1jb21wb3NpdGUtc2ln cyBpbnRlbmRzIHRvIGJlIHRoZSDigJxvYnZpb3Vz4oCdIGltcGxlbWVudGF0aW9uIG9mIE5JU1Ti gJlzIGNhbGwgZm9yIGh5YnJpZCBtb2Rlcy48bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFz cz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iY29sb3I6IzcwMzBBMCI+PG86cD4mbmJzcDs8L286 cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImNvbG9yOiM3 MDMwQTAiPjxvOnA+Jm5ic3A7PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwi PjxzcGFuIHN0eWxlPSJjb2xvcjojNzAzMEEwIj5PbmUgcGxhY2UgdGhhdCB3ZSBkaWZmZXIgZnJv bSBOSVNU4oCZcyBjYWxsIGlzIHRoaXMgcG9pbnQgaW4gdGhlIEZBUTo8bzpwPjwvbzpwPjwvc3Bh bj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iY29sb3I6IzcwMzBBMCI+ PG86cD4mbmJzcDs8L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4g c3R5bGU9ImNvbG9yOiM3MDMwQTAiPiZndDsgPC9zcGFuPlRoZSBtb2RlIGlzIHZhbGlkIGlmIGFu ZCBvbmx5IGlmIGJvdGggc2lnbmF0dXJlcyBhcmUgdmFsaWQuPHNwYW4gc3R5bGU9ImNvbG9yOiM3 MDMwQTAiPjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFu IHN0eWxlPSJjb2xvcjojNzAzMEEwIj48bzpwPiZuYnNwOzwvbzpwPjwvc3Bhbj48L3A+DQo8cCBj bGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iY29sb3I6IzcwMzBBMCI+T25lIG9mIHRoZSBk ZXNpZ24gcmVxdWlyZW1lbnRzIHRoYXQgd2XigJl2ZSBiZWVuIHdvcmtpbmcgd2l0aCBpcyB0aGUg b25lIHB1c2hlZCBieSBNYXggUGFsYSAvIENhYmxlTGFiczsgZGVwbG95IGRldmljZXMgaW4gdGhl IGZpZWxkIHRvZGF5IHRoYXQgdW5kZXJzdGFuZCB0aGUgaHlicmlkIHB1YiBrZXkgLyBzaWduYXR1 cmUgZm9ybWF0LCBidXQgZG8gbm90IG5lY2Vzc2FyaWx5DQogaGF2ZSBhbiBpbXBsZW1lbnRhdGlv biBvZiB0aGUgUFEgYWxnb3JpdGhtIChvciBoYXZlIGFuIG9sZGVyLCBpbmNvbXBhdGlibGUsIGlt cGxlbWVudGF0aW9uIG9mIHRoZSBQUSBhbGcgd2hpbGUgdGhlIE5JU1QgUFFDIGlzIHN0aWxsIHNo YWtpbmcgb3V0IG1hdGhlbWF0aWNhbCBvciBpbXBsZW1lbnRhdGlvbiB2dWxuZXJhYmlsaXRpZXMp LjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxl PSJjb2xvcjojNzAzMEEwIj48bzpwPiZuYnNwOzwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0i TXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iY29sb3I6IzcwMzBBMCI+PG86cD4mbmJzcDs8L286cD48 L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImNvbG9yOiM3MDMw QTAiPkFzIHRvIHRoZSBwaGlsb3NvcGhpY2FsIGRlYmF0ZSBhYm91dCDigJxLZWVwIFguNTA5IG9y IGdvIHRvIHNvbWV0aGluZyBuZXc/4oCdLCBub3RlIHRoYXQgZHJhZnQtb3Vuc3dvcnRoIGFpbXMg dG8gZGVmaW5lIGNvbXBvc2l0ZSBwdWJsaWMga2V5IGFuZCBzaWduYXR1cmUgZm9ybWF0cyB0aGF0 LCBpZiB3ZeKAmXZlIGRvbmUgaXQgcmlnaHQsIGFyZSBjb21wYXRpYmxlIHdpdGgNCiBhbnkgQVNO LjEgcHJvdG9jb2wuIFRoaXMgZHJhZnQgaXMgaW50ZW50aW9uYWxseSBkZWNvdXBsZWQgZnJvbSwg YnV0IGNhbiBiZSB1c2VkIGJ5LCBYLjUwOS4mbmJzcDsgVGhlIGdvYWwgaGVyZSBpcyBub3QgdG8N CjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxl PSJjb2xvcjojNzAzMEEwIj48bzpwPiZuYnNwOzwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0i TXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iY29sb3I6IzcwMzBBMCI+PG86cD4mbmJzcDs8L286cD48 L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImNvbG9yOiM3MDMw QTAiPlJlOiBoYXNoLWJhc2VkIHNpZ25hdHVyZXM6IEZvciBhIENBIHZlbmRvciDigJMgd2hldGhl ciBwcm92aWRpbmcgcHVibGljbHktdHJ1c3RlZCBzZXJ2aWNlcywgb3Igb24tcHJlbSBzb2Z0d2Fy ZSAtLSBwcm9kdWN0IGNhcGFiaWxpdGllcyBhcmUgZHJpdmVuIGJ5IHRoZSBpbmR1c3RyeTsgaWYg dGhlIGluZHVzdHJ5IGlzIGhhcHB5IHdpdGggcHVyZSBoYXNoLWJhc2VkDQogUEtJIGR1cmluZyB0 aGUgdHJhbnNpdGlvbiBwZXJpb2QsIHRoZW4gSSBhZ3JlZSB0aGF0IGh5YnJpZCBtb2RlcyBhcmUg dW5uZWNlc3NhcnkuIEhvd2V2ZXIsIHRoYXTigJlzIG5vdCB3aGF0IEnigJltIHNlZWluZzogdGhl IEhCUyBzY2hlbWVzIGN1cnJlbnRseSBhdmFpbGFibGUgaW4gSUVURiBhcmUgYWxsIHN0YXRlZnVs LCBhbmQgMSkgTklTVOKAmXMgU1AgODAwLTIwOC1kcmFmdCBzYXlzIOKAnFN0YXRlZnVsIEhCUyBz Y2hlbWVzIGFyZSBub3Qgc3VpdGFibGUNCiBmb3IgZ2VuZXJhbCB1c2UgYmVjYXVzZSB0aGV5IHJl cXVpcmUgY2FyZWZ1bCBzdGF0ZSBtYW5hZ2VtZW50IHRoYXQgaXMgb2Z0ZW4gZGlmZmljdWx0IHRv IGFzc3VyZeKAnSwgYW5kIDIpIGNoYXRzIEnigJl2ZSBoYWQgd2l0aCBSeWFuIFNsZWV2aSBhbmQg QWRhbSBMYW5nbGV5IHdobyBzZWVtIHNrZXB0aWNhbCB0aGF0IGFsbCBDQSBvcGVyYXRvcnMgKHB1 YmxpYywgcHJpdmF0ZSwgY29ycG9yYXRlLCBldGMpLCBjYW4gcmVzcG9uc2libHkgbWFuYWdlIGEg c3RhdGVmdWwNCiBwcml2YXRlIGtleS4gMykgRWFybGllciB0aGlzIHllYXIsIFBhbm9zIGhhZCBi ZWVuIHB1c2hpbmcgZm9yIHB1YmxpY2x5LXRydXN0ZWQgSFNCIHJvb3QgQ0FzLCBidXQgZHJvcHBl ZCBpdCBvbiB0aGUgcG9pbnQgdGhhdCwgb25jZSB5b3UgaGF2ZSBhIHN0YXRlZnVsIEhCUyByb290 IENBLCB3aGF0IGRvIHlvdSBkbyB3aXRoIGl0PyBZb3UgZG9u4oCZdCByZWFsbHkgd2FudCBlbmQg ZW50aXRpZXMgKFRMUyBzZXJ2ZXJzLCB0aGUgUy9NSU1FIGNsaWVudA0KIG9uIHlvdXIgcGhvbmUs IFBJViBjYXJkcywgZXRjKSB1c2luZyBzdGF0ZWZ1bCBrZXlzLjxvOnA+PC9vOnA+PC9zcGFuPjwv cD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJjb2xvcjojNzAzMEEwIj5TbyBt YXliZSB0aGUgbWFya2V0IHdpbGwgYmUgc2F0aXNmaWVkIHdpdGggSEJTLW9ubHkgUEtJcyBmb3Ig c29tZSB1c2UtY2FzZXMsIGJ1dCBJIG1haW50YWluIHRoYXQgd2Ugc2hvdWxkIHN0YW5kYXJkaXpl IGEgZnVsbHkgYWxnb3JpdGhtLWFnbm9zdGljIGh5YnJpZCBtZWNoYW5pc20gYW55d2F5LjxvOnA+ PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJjb2xv cjojNzAzMEEwIj48bzpwPiZuYnNwOzwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9y bWFsIj48c3BhbiBzdHlsZT0iY29sb3I6IzcwMzBBMCI+PG86cD4mbmJzcDs8L286cD48L3NwYW4+ PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImNvbG9yOiM3MDMwQTAiPjxv OnA+Jm5ic3A7PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0 eWxlPSJjb2xvcjojNzAzMEEwIj5QUyAtIEnigJlsbCB0YWtlIHlvdXIgYmFpdCBvbiB0aGUg4oCc Y29ybmVyIHRoZSBtYXJrZXTigJ0gY29tbWVudDsgSU1ITyBhIFBLSSBpcyB1c2VsZXNzIGlmIGl0 cyBjb3JlIGZ1bmN0aW9uYWxpdHkg4oCTIHB1YmxpYyBrZXlzIGFuZCBzaWduYXR1cmVzIC0tZG8g bm90IGludGVyb3BlcmF0ZSB3aXRoIG90aGVyIHZlbmRvcnMuIE5vIGNvcm5lcmluZyBvZiB0aGUg bWFya2V0IGlzDQogaW50ZW5kZWQsIHNpbXBseSBsb29raW5nIGZvciBhIHNpbXBsZS1pc2ggc29s dXRpb24gcXVpY2tseS1pc2guPG86cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05v cm1hbCI+PHNwYW4gc3R5bGU9ImNvbG9yOiM3MDMwQTAiPjxvOnA+Jm5ic3A7PC9vOnA+PC9zcGFu PjwvcD4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj4tLS08YnI+DQpNaWtlIE91bnN3b3J0 aDxicj4NClNvZnR3YXJlIFNlY3VyaXR5IEFyY2hpdGVjdCwgRW50cnVzdCBEYXRhY2FyZDxvOnA+ PC9vOnA+PC9wPg0KPC9kaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iY29s b3I6IzcwMzBBMCI+PG86cD4mbmJzcDs8L286cD48L3NwYW4+PC9wPg0KPGRpdj4NCjxkaXYgc3R5 bGU9ImJvcmRlcjpub25lO2JvcmRlci10b3A6c29saWQgI0UxRTFFMSAxLjBwdDtwYWRkaW5nOjMu MHB0IDBjbSAwY20gMGNtIj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxiPkZyb206PC9iPiBTZWNk aXNwYXRjaCAmbHQ7c2VjZGlzcGF0Y2gtYm91bmNlc0BpZXRmLm9yZyZndDsgPGI+T24gQmVoYWxm IE9mDQo8L2I+UGFub3MgS2FtcGFuYWtpcyAocGthbXBhbmEpPGJyPg0KPGI+U2VudDo8L2I+IERl Y2VtYmVyIDEyLCAyMDE5IDk6NTYgUE08YnI+DQo8Yj5Ubzo8L2I+IEVyaWMgUmVzY29ybGEgJmx0 O2VrckBydGZtLmNvbSZndDs7IFN0ZXBoZW4gRmFycmVsbCAmbHQ7c3RlcGhlbi5mYXJyZWxsQGNz LnRjZC5pZSZndDs7IE1pY2hhZWwgUmljaGFyZHNvbiAmbHQ7bWNyJiM0MztpZXRmQHNhbmRlbG1h bi5jYSZndDs8YnI+DQo8Yj5DYzo8L2I+IElFVEYgU2VjRGlzcGF0Y2ggJmx0O3NlY2Rpc3BhdGNo QGlldGYub3JnJmd0Ozxicj4NCjxiPlN1YmplY3Q6PC9iPiBSZTogW1NlY2Rpc3BhdGNoXSBbRVhU RVJOQUxdUmU6IENsYXJpZmljYXRpb24gUXVlc3Rpb24gZm9yIHRoZSBDb21tZW50IGZyb20gRXJp YyBSZXNjb3JsYSAoPG86cD48L286cD48L3A+DQo8L2Rpdj4NCjwvZGl2Pg0KPHAgY2xhc3M9Ik1z b05vcm1hbCI+PG86cD4mbmJzcDs8L286cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3Bh biBzdHlsZT0iY29sb3I6IzFGNDk3RCI+SGkgRWtyLCBTdGVwaGVuLCBNaWtlLDxvOnA+PC9vOnA+ PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJjb2xvcjojMUY0 OTdEIj48bzpwPiZuYnNwOzwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvUGxhaW5UZXh0 Ij4mZ3Q7IEFzIGEgdmFyaWF0aW9uIG9mIHdoYXQgRUtSIGFza2VkLCB5b3UgYXJlIGFza2luZyBm b3IgUFEtUEtJLCBidXQgeW91ciB1c2UgY2FzZSBpcyBpbWFnZSBzaWduaW5nLjxvOnA+PC9vOnA+ PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImNvbG9yOiMxRjQ5N0QiPjxv OnA+Jm5ic3A7PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0 eWxlPSJjb2xvcjojMUY0OTdEIj5VRUZJIFNlY3VyZSBCb290IChpbiBlc3NlbmNlIHdoYXQgSSBt ZWFudCBieSBpbWFnZSBzaW5naW5nKSAmbmJzcDt1c2VzIGEgUEtJIGFyY2hpdGVjdHVyZS4gVGhl cmUgaXMgYSBQcm9kdWN0IEtleSBQSyAocm9vdCBDQSkgdGhhdCBlc3RhYmxpc2hlcyBhIHRydXN0 IHJlbGF0aW9uc2hpcCBiZXR3ZWVuIHRoZSBwbGF0Zm9ybSBvd25lciBhbmQgdGhlIHBsYXRmb3Jt IGZpcm13YXJlLg0KIFRoZSBQSyBzaWducyBLRUtzIHdoaWNoIGVzdGFibGlzaGVkIGEgdHJ1c3Qg cmVsYXRpb25zaGlwIGJldHdlZW4gdGhlIHBsYXRmb3JtIGZpcm13YXJlIGFuZCB0aGUgb3BlcmF0 aW5nIHN5c3RlbS4gVGhlc2UgYXJlIG1vc3RseSBpbiBYLjUwOSB0b2RheS4gTW9yZSBpbiBbMl0u DQo8bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHls ZT0iY29sb3I6IzFGNDk3RCI+PG86cD4mbmJzcDs8L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9 Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImNvbG9yOiMxRjQ5N0QiPiZndDsgPC9zcGFuPklzIHRo ZXJlIGEgcmVhc29uIHdoeSB5b3UgZG9uJ3Qgd2FudCB0byBkbyBoYXNoIHNpZ25hdHVyZXM/PG86 cD48L286cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iY29sb3I6IzFG NDk3RCI+PG86cD4mbmJzcDs8L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+ PHNwYW4gc3R5bGU9ImNvbG9yOiMxRjQ5N0QiPkhCUyBpbmRlZWQgbG9va3MgbGlrZSB0aGUgYmVz dCBvcHRpb24gZm9yIHRoaXMgdXNlY2FzZS4gTm90IG5lY2Vzc2FyaWx5IHN0YXRlZnVsLiBXZSBo YXZlIHNvbWUgcHJlbGltaW5hcnkgYW5hbHlzaXMgb24gdGhpcyBpcyBpbiBTZWN0aW9uIDMgaW4g WzFdLiBNb3JlIHRvIGNvbWUgc29vbi4NCjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNz PSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJjb2xvcjojMUY0OTdEIj48bzpwPiZuYnNwOzwvbzpw Pjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iY29sb3I6IzFG NDk3RCI+QnV0IHdlIGNhbuKAmXQgZ28gZGlyZWN0bHkgdG8gcHVyZSBIQlMgYmVjYXVzZSBhbHJl YWR5IGRlcGxveWVkIG1hY2hpbmVzIGluIHRoZSBmaWVsZCB3aWxsIG5vdCBib290IGF0IGFsbCBh bmQgdXBncmFkaW5nIEJJT1MgaXMgbm90IHNpbXBsZS4gQWxzbywgd2UgY2Fu4oCZdCBnbyB0byBw dXJlIEhCUyBiZWNhdXNlIGl0IHdpbGwgbm90IGJlIEZJUFMgYXBwcm92ZWQgZXZlbg0KIGFmdGVy IHdlIGhhdmUgYSBzdGFuZGFyZGl6ZWQgUFEgb3B0aW9uLiBTbywgd2UgaGF2ZSB0byBkbyBzb21l IHNvcnQgb2YgY29tcG9zaXRlIFJTQSYjNDM7cG9zdC1xdWFudHVtIChOSVNUIGhhcyBwdXQgb3V0 IGEgc3RhdGVtZW50IHRoYXQgc2F5cyB0aGF0IGEgY29tcG9zaXRlIHdpbGwgc3RpbGwgYmUgRklQ UyBhcHByb3ZlZCBpZiB0aGUgY2xhc3NpY2FsIHBhcnQgaXMpLiBUaGUgRklQUyBhcmd1bWVudCBp cyBpbXBvcnRhbnQuIFdhaXRpbmcgZm9yIFBRDQogc3RhbmRhcmRpemF0aW9uIGlzIG9uZSB0aGlu ZywgYnV0IEZJUFMgYXBwcm92YWwgd2lsbCB0YWtlIGV2ZW4gbG9uZ2VyIGFuZCB1bnRpbCB0aGVu IHdlIChDaXNjbykgd2FudCB0byBkbyBzb21lIHNvcnQgb2YgY29tcG9zaXRlIGJlZm9yZSB0aGVu Lg0KPG86cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5 bGU9ImNvbG9yOiMxRjQ5N0QiPjxvOnA+Jm5ic3A7PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNz PSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJjb2xvcjojMUY0OTdEIj5Ob3RlIHRoYXQgSSBhbSBu b3QgaW50ZXJlc3RlZCBpbiBnZXR0aW5nIGFuIFguNTA5IE9JRCBmb3IgUlNBJiM0MztIQlMsIEkg d2FudCBhIGRlZmluaXRpb24gb2YgaG93IGNvbXBvc2l0ZSB3b3VsZCB3b3JrIHNvIEkgY2FuIGVz dGFibGlzaCB0aGUgcmVxdWlyZW1lbnRzIGZvciB0aGVzZSBmdXR1cmUgY2hpcHMgc3VwcG9ydGlu ZyBjb21wb3NpdGUgdmVyaWZpY2F0aW9uLg0KPG86cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xh c3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImNvbG9yOiMxRjQ5N0QiPjxvOnA+Jm5ic3A7PC9v OnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29QbGFpblRleHQiPjxzcGFuIHN0eWxlPSJjb2xv cjojMUY0OTdEIj4mZ3Q7IDwvc3Bhbj5JdCdzIG5vdCBhdCBhbGwgY2xlYXIgdG8gbWUgdGhhdCBk YXRhIGludGVncml0eSBub3Igb3JpZ2luIGF1dGhlbnRpY2F0aW9uIGluIHRoYXQgdGltZWZyYW1l IG91Z2h0IGJlIHRpZWQgdG8geC41MDkgY2VydGlmaWNhdGVzIGF0IGFsbC4NCjxvOnA+PC9vOnA+ PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImNvbG9yOiMxRjQ5N0QiPjxv OnA+Jm5ic3A7PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0 eWxlPSJjb2xvcjojMUY0OTdEIj5TdGVwaGVu4oCZcyBjb21tZW50IGFib3V0IG5vdCBkb2luZyBp dCBpbiBYLjUwOSBpcyB2YWxpZC4gV2UgY291bGQgdXNlIGEgY29tcG9zaXRlIGJsb2IgYW5kIHVz ZSBpdCBpbiBvdXIgb3duIGN1c3RvbSB3YXkuIFR3byBpc3N1ZXMgd2l0aCB0aGF0Og0KPG86cD48 L286cD48L3NwYW4+PC9wPg0KPG9sIHN0eWxlPSJtYXJnaW4tdG9wOjBjbSIgc3RhcnQ9IjEiIHR5 cGU9IjEiPg0KPGxpIGNsYXNzPSJNc29MaXN0UGFyYWdyYXBoIiBzdHlsZT0iY29sb3I6IzFGNDk3 RDttYXJnaW4tbGVmdDowY207bXNvLWxpc3Q6bDAgbGV2ZWwxIGxmbzMiPg0KVUVGSSBjaGFpbnMg b2YgdHJ1c3QgaGF2ZSBiZWVuIG1vdmluZyB0byBYLjUwOSBhbmQgdG8gQ01TL1BLQ1MjNyBmb3Ig dGhlIHN3IHNpZ25hdHVyZXMuIEkgYW0gbm90IGNsYWltaW5nIHRoZXJlIGFyZSBubyBjdXN0b20g a2V5cy9zaWduYXR1cmUgZm9ybWF0cyBub3doZXJlLCBidXQgbW9zdCBVRUZJIHZlbmRvcnMgaGF2 ZSBiZWVuIG1vdmluZyBhd2F5IGZyb20gdGhlbS4gU28gZ29pbmcgdG8gY3VzdG9tIGtleSByZXBy ZXNlbnRhdGlvbnMgb3IgQ09TRQ0KIHdvdWxkIGJlIGEgc3RlcCBiYWNrd2FyZHMgb3Igc2lkZXdh eXMuIDxvOnA+PC9vOnA+PC9saT48bGkgY2xhc3M9Ik1zb0xpc3RQYXJhZ3JhcGgiIHN0eWxlPSJj b2xvcjojMUY0OTdEO21hcmdpbi1sZWZ0OjBjbTttc28tbGlzdDpsMCBsZXZlbDEgbGZvMyI+DQpB bHNvIE9FTSB2ZW5kb3JzIHRoYXQgaW5jbHVkZSBzaWcgdmVyaWZpY2F0aW9uIGluIHRoZWlyIGNo aXBzIG9yIEZQR0FzIHNob3cgcHJlZmVyZW5jZSBpbiB3ZWxsLWRlZmluZWQgc3BlY3MgcHJvYmFi bHkgYmVjYXVzZSB0aGV5IGNhbiByZXVzZSB0aGVtIGZvciBvdGhlciB1c2VjYXNlcy4NCjxvOnA+ PC9vOnA+PC9saT48L29sPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImNvbG9y OiMxRjQ5N0QiPlRoYXQgaXMgd2h5IHdlIChDaXNjbykgd291bGQgcHJlZmVyIHRvIHNlZSBhIHN0 YW5kYXJkIHdheSBvZiBkb2luZyBjb21wb3NpdGUgc2lncyBmb3IgVUVGSSAoaW4gWC41MDkgYW5k IGluIENNUyB0byBiZSBob25lc3QpIGluc3RlYWQgb2YgZGVmaW5pbmcgb3VyIG93bi4gV2UgcHJv YmFibHkgZG9u4oCZdCB3YW50IHRvIHNvbHZlIHRoaXMgbWFueSB0aW1lcywgb25jZQ0KIGJ5IGVh Y2ggdmVuZG9yLCBvbmNlIGluIENNUywgb25jZSBVRUZJIFBLSS4gPG86cD48L286cD48L3NwYW4+ PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImNvbG9yOiMxRjQ5N0QiPjxv OnA+Jm5ic3A7PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0 eWxlPSJjb2xvcjojMUY0OTdEIj5JIHRvdGFsbHkgYXBwcmVjaWF0ZSB0aGUgY291bnRlci1hcmd1 bWVudCBhYm91dCBjb21wbGV4aXR5IGFuZCBwb3RlbnRpYWwgY2FucyBvZiB3b3JtcywgYnV0IEkg YW0gYWZyYWlkIHZlbmRvcnMgd2lsbCBoYXZlIHRvIGFkZHJlc3MgdGhpcyBlaXRoZXIgaW5kaXZp ZHVhbGx5IG9yIGFzIGEgZ3JvdXAuIEFuZCBteSBhcmd1bWVudCB3b3VsZCBkb2luZyBpdCBhcyBh DQogZ3JvdXAuIDxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxz cGFuIHN0eWxlPSJjb2xvcjojMUY0OTdEIj48bzpwPiZuYnNwOzwvbzpwPjwvc3Bhbj48L3A+DQo8 cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iY29sb3I6IzFGNDk3RCI+UmdzLDxvOnA+ PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJjb2xv cjojMUY0OTdEIj5QYW5vczxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3Jt YWwiPjxzcGFuIHN0eWxlPSJjb2xvcjojMUY0OTdEIj48bzpwPiZuYnNwOzwvbzpwPjwvc3Bhbj48 L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iY29sb3I6IzFGNDk3RCI+WzFd IDwvc3Bhbj48YSBocmVmPSJodHRwczovL2VwcmludC5pYWNyLm9yZy8yMDE5LzEyNzYucGRmIj5o dHRwczovL2VwcmludC5pYWNyLm9yZy8yMDE5LzEyNzYucGRmPC9hPjxzcGFuIHN0eWxlPSJjb2xv cjojMUY0OTdEIj4NCjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwi PjxzcGFuIHN0eWxlPSJjb2xvcjojMUY0OTdEIj5bMl0gPC9zcGFuPjxhIGhyZWY9Imh0dHBzOi8v ZG9jcy5taWNyb3NvZnQuY29tL2VuLXVzL3dpbmRvd3MtaGFyZHdhcmUvbWFudWZhY3R1cmUvZGVz a3RvcC93aW5kb3dzLXNlY3VyZS1ib290LWtleS1jcmVhdGlvbi1hbmQtbWFuYWdlbWVudC1ndWlk YW5jZSI+aHR0cHM6Ly9kb2NzLm1pY3Jvc29mdC5jb20vZW4tdXMvd2luZG93cy1oYXJkd2FyZS9t YW51ZmFjdHVyZS9kZXNrdG9wL3dpbmRvd3Mtc2VjdXJlLWJvb3Qta2V5LWNyZWF0aW9uLWFuZC1t YW5hZ2VtZW50LWd1aWRhbmNlPC9hPg0KPHNwYW4gc3R5bGU9ImNvbG9yOiMxRjQ5N0QiPjxvOnA+ PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJjb2xv cjojMUY0OTdEIj48bzpwPiZuYnNwOzwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9y bWFsIj48c3BhbiBzdHlsZT0iY29sb3I6IzFGNDk3RCI+PG86cD4mbmJzcDs8L286cD48L3NwYW4+ PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImNvbG9yOiMxRjQ5N0QiPjxv OnA+Jm5ic3A7PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxiPkZyb206 PC9iPiBFcmljIFJlc2NvcmxhICZsdDs8YSBocmVmPSJtYWlsdG86ZWtyQHJ0Zm0uY29tIj5la3JA cnRmbS5jb208L2E+Jmd0Ow0KPGJyPg0KPGI+U2VudDo8L2I+IFRodXJzZGF5LCBEZWNlbWJlciAx MiwgMjAxOSAxMTo1MiBBTTxicj4NCjxiPlRvOjwvYj4gUGFub3MgS2FtcGFuYWtpcyAocGthbXBh bmEpICZsdDs8YSBocmVmPSJtYWlsdG86cGthbXBhbmFAY2lzY28uY29tIj5wa2FtcGFuYUBjaXNj by5jb208L2E+Jmd0Ozxicj4NCjxiPkNjOjwvYj4gU3RlcGhlbiBGYXJyZWxsICZsdDs8YSBocmVm PSJtYWlsdG86c3RlcGhlbi5mYXJyZWxsQGNzLnRjZC5pZSI+c3RlcGhlbi5mYXJyZWxsQGNzLnRj ZC5pZTwvYT4mZ3Q7OyBJRVRGIFNlY0Rpc3BhdGNoICZsdDs8YSBocmVmPSJtYWlsdG86c2VjZGlz cGF0Y2hAaWV0Zi5vcmciPnNlY2Rpc3BhdGNoQGlldGYub3JnPC9hPiZndDs8YnI+DQo8Yj5TdWJq ZWN0OjwvYj4gUmU6IFtTZWNkaXNwYXRjaF0gW0VYVEVSTkFMXVJlOiBDbGFyaWZpY2F0aW9uIFF1 ZXN0aW9uIGZvciB0aGUgQ29tbWVudCBmcm9tIEVyaWMgUmVzY29ybGEgKDxvOnA+PC9vOnA+PC9w Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PG86cD4mbmJzcDs8L286cD48L3A+DQo8ZGl2Pg0KPGRp dj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxvOnA+Jm5ic3A7PC9vOnA+PC9wPg0KPC9kaXY+DQo8 cCBjbGFzcz0iTXNvTm9ybWFsIj48bzpwPiZuYnNwOzwvbzpwPjwvcD4NCjxkaXY+DQo8ZGl2Pg0K PHAgY2xhc3M9Ik1zb05vcm1hbCI+T24gVGh1LCBEZWMgMTIsIDIwMTkgYXQgODozMyBBTSBQYW5v cyBLYW1wYW5ha2lzIChwa2FtcGFuYSkgJmx0OzxhIGhyZWY9Im1haWx0bzpwa2FtcGFuYUBjaXNj by5jb20iPnBrYW1wYW5hQGNpc2NvLmNvbTwvYT4mZ3Q7IHdyb3RlOjxvOnA+PC9vOnA+PC9wPg0K PC9kaXY+DQo8YmxvY2txdW90ZSBzdHlsZT0iYm9yZGVyOm5vbmU7Ym9yZGVyLWxlZnQ6c29saWQg I0NDQ0NDQyAxLjBwdDtwYWRkaW5nOjBjbSAwY20gMGNtIDYuMHB0O21hcmdpbi1sZWZ0OjQuOHB0 O21hcmdpbi10b3A6NS4wcHQ7bWFyZ2luLXJpZ2h0OjBjbTttYXJnaW4tYm90dG9tOjUuMHB0Ij4N CjxwIGNsYXNzPSJNc29Ob3JtYWwiPkhpLDxicj4NCjxicj4NCiZndDsgU29ycnkgaWYgSSd2ZSBt aXNzZWQgaXQsIGJ1dCB3aG8gZG8gd2UgaGF2ZSB0aGF0IGlzIGNhbGxpbmcgZm9yIGEgcG9zdC1x dWFudHVtIFBLSSBzb2x1dGlvbiB0byBiZSBkZXZlbG9wZWQgbm93LCBidXQgd2hvIGlzIG5vdCBw cm9tb3Rpbmcgb25lIHN1Y2g/PGJyPg0KPGJyPg0KV2UgKENpc2NvKSB3aWxsIG5lZWQgUFEgUEtJ IChub3QgV2ViUEtJKSBzb2x1dGlvbiBmb3IgaW1hZ2Ugc2lnbmluZy4gV2hlbiB0YWxraW5nIGFi b3V0IGNoaXBzIHRoYXQgYXJlIGRlc2lnbmVkIG5vdyBhbmQgd2lsbCBsaXZlIGluIHRoZSBmaWVs ZCBmb3IgZGVjYWRlcywgd2Ugd291bGQgbGlrZSB0byBkZXNpZ24gdG9kYXkgaW5zdGVhZCBvZiB3 YWl0IGZvciAyMDMwLiBOb3RlIHdlIGFyZSBzcGVuZGluZyAobm90IG1ha2luZykgbW9uZXkgb24g UEtJLA0KIHNvIHdlIGFyZSBub3QgdHJ5aW5nIHRvIGNvcm5lciBhIG1hcmtldC48bzpwPjwvbzpw PjwvcD4NCjwvYmxvY2txdW90ZT4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48bzpwPiZu YnNwOzwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPklzIHRo ZXJlIGEgcmVhc29uIHdoeSB5b3UgZG9uJ3Qgd2FudCB0byBkbyBoYXNoIHNpZ25hdHVyZXM/PG86 cD48L286cD48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48bzpwPiZu YnNwOzwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPi1Fa3I8 bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxvOnA+ Jm5ic3A7PC9vOnA+PC9wPg0KPC9kaXY+DQo8YmxvY2txdW90ZSBzdHlsZT0iYm9yZGVyOm5vbmU7 Ym9yZGVyLWxlZnQ6c29saWQgI0NDQ0NDQyAxLjBwdDtwYWRkaW5nOjBjbSAwY20gMGNtIDYuMHB0 O21hcmdpbi1sZWZ0OjQuOHB0O21hcmdpbi10b3A6NS4wcHQ7bWFyZ2luLXJpZ2h0OjBjbTttYXJn aW4tYm90dG9tOjUuMHB0Ij4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPkkgaGF2ZSB0YWxrZWQgdG8g YW5vdGhlciB2ZW5kb3IgaW50ZXJlc3RlZCBpbiB0aGVtIHRvIHNpZ24gaXRzIE9TIGJ1dCBJIHdp bGwgbm90IHNwZWFrIGZvciB0aGVtLiBJIGhhdmUgYWxzbyB0YWxrZWQgdG8gYXQgbGVhc3Qgb25l IEhTTSB2ZW5kb3IgdGhhdCBoYXMgc29tZSBjbGllbnRzIGFza2luZyBmb3IgUFEgUEtJIHN1cHBv cnQgdG8gYmUgYWRkZWQgaW4gdGhlaXIgSFNNIGJ1dCBJIHdpbGwgbm90IHNwZWFrDQogZm9yIHRo ZW0gZWl0aGVyLiBJIGRvbid0IHRoaW5rIGFueSBvZiB0aGVzZSB1c2UtY2FzZXMgYXJlIHRyeWlu ZyB0byBjb3JuZXIgYSBtYXJrZXQuPGJyPg0KPGJyPg0KUGFub3M8YnI+DQo8YnI+DQo8YnI+DQot LS0tLU9yaWdpbmFsIE1lc3NhZ2UtLS0tLTxicj4NCkZyb206IFNlY2Rpc3BhdGNoICZsdDs8YSBo cmVmPSJtYWlsdG86c2VjZGlzcGF0Y2gtYm91bmNlc0BpZXRmLm9yZyIgdGFyZ2V0PSJfYmxhbmsi PnNlY2Rpc3BhdGNoLWJvdW5jZXNAaWV0Zi5vcmc8L2E+Jmd0OyBPbiBCZWhhbGYgT2YgU3RlcGhl biBGYXJyZWxsPGJyPg0KU2VudDogU3VuZGF5LCBEZWNlbWJlciAwOCwgMjAxOSA5OjA0IFBNPGJy Pg0KVG86IE1pa2UgT3Vuc3dvcnRoICZsdDs8YSBocmVmPSJtYWlsdG86TWlrZS5PdW5zd29ydGhA ZW50cnVzdGRhdGFjYXJkLmNvbSIgdGFyZ2V0PSJfYmxhbmsiPk1pa2UuT3Vuc3dvcnRoQGVudHJ1 c3RkYXRhY2FyZC5jb208L2E+Jmd0OzsgRXJpYyBSZXNjb3JsYSAmbHQ7PGEgaHJlZj0ibWFpbHRv OmVrckBydGZtLmNvbSIgdGFyZ2V0PSJfYmxhbmsiPmVrckBydGZtLmNvbTwvYT4mZ3Q7OyBEci4g UGFsYSAmbHQ7PGEgaHJlZj0ibWFpbHRvOm1hZHdvbGZAb3BlbmNhLm9yZyIgdGFyZ2V0PSJfYmxh bmsiPm1hZHdvbGZAb3BlbmNhLm9yZzwvYT4mZ3Q7PGJyPg0KQ2M6IElFVEYgU2VjRGlzcGF0Y2gg Jmx0OzxhIGhyZWY9Im1haWx0bzpzZWNkaXNwYXRjaEBpZXRmLm9yZyIgdGFyZ2V0PSJfYmxhbmsi PnNlY2Rpc3BhdGNoQGlldGYub3JnPC9hPiZndDs8YnI+DQpTdWJqZWN0OiBSZTogW1NlY2Rpc3Bh dGNoXSBbRVhURVJOQUxdUmU6IENsYXJpZmljYXRpb24gUXVlc3Rpb24gZm9yIHRoZSBDb21tZW50 IGZyb20gRXJpYyBSZXNjb3JsYSAoPGJyPg0KPGJyPg0KPGJyPg0KSGl5YSw8YnI+DQo8YnI+DQpD dXR0aW5nIHRvIHRoZSBudWIgb2YgbXkgY29uY2Vybi4uLjxicj4NCjxicj4NCk9uIDA5LzEyLzIw MTkgMDE6NDYsIE1pa2UgT3Vuc3dvcnRoIHdyb3RlOjxicj4NCiZndDsgSSBob3BlIHRoYXQgZG9l c27igJl0IHByZWNsdWRlIGEgcHVzaCBmb3IgYSBtb3JlIGltbWVkaWF0ZSBzb2x1dGlvbi48YnI+ DQo8YnI+DQpJU1RNIHRoZSAmcXVvdDtwdXNoJnF1b3Q7IGlzIGxlc3MgZm9yIGEgc29sdXRpb24g dGhhbiBmb3IgdW5kZXJzdGFuZGFibHkgYXR0ZW1wdGluZyB0byBjb3JuZXIgYSBtYXJrZXQuIEkg ZG9uJ3QgdGhpbmsgc3VjaCBhdHRlbXB0cyBhcmUgJnF1b3Q7YmFkJnF1b3Q7IHRoaW5ncywgYnV0 IEkgZG8gdGhpbmsgZm9sbG93aW5nICdlbSBpcyBtb3JlIGxpa2VseSB1bndpc2UuPGJyPg0KPGJy Pg0KU29ycnkgaWYgSSd2ZSBtaXNzZWQgaXQsIGJ1dCB3aG8gZG8gd2UgaGF2ZSB0aGF0IGlzIGNh bGxpbmcgZm9yIGEgcG9zdC1xdWFudHVtIFBLSSBzb2x1dGlvbiB0byBiZSBkZXZlbG9wZWQgbm93 LCBidXQgd2hvIGlzIG5vdCBwcm9tb3Rpbmcgb25lIHN1Y2g/PGJyPg0KPGJyPg0KVGhhbmtzLDxi cj4NClMuPGJyPg0KX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19f X188YnI+DQpTZWNkaXNwYXRjaCBtYWlsaW5nIGxpc3Q8YnI+DQo8YSBocmVmPSJtYWlsdG86U2Vj ZGlzcGF0Y2hAaWV0Zi5vcmciIHRhcmdldD0iX2JsYW5rIj5TZWNkaXNwYXRjaEBpZXRmLm9yZzwv YT48YnI+DQo8YSBocmVmPSJodHRwczovL3d3dy5pZXRmLm9yZy9tYWlsbWFuL2xpc3RpbmZvL3Nl Y2Rpc3BhdGNoIiB0YXJnZXQ9Il9ibGFuayI+aHR0cHM6Ly93d3cuaWV0Zi5vcmcvbWFpbG1hbi9s aXN0aW5mby9zZWNkaXNwYXRjaDwvYT48bzpwPjwvbzpwPjwvcD4NCjwvYmxvY2txdW90ZT4NCjwv ZGl2Pg0KPC9kaXY+DQo8L2Rpdj4NCjwvYm9keT4NCjwvaHRtbD4NCg== --_000_CY4PR11MB14306370336BBCA04E9E755F9B520CY4PR11MB1430namp_-- From nobody Sat Dec 21 14:46:37 2019 Return-Path: X-Original-To: secdispatch@ietfa.amsl.com Delivered-To: secdispatch@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E651112007C for ; Sat, 21 Dec 2019 14:46:34 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.2 X-Spam-Level: X-Spam-Status: No, score=-4.2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Ql84qXdtobcO for ; Sat, 21 Dec 2019 14:46:33 -0800 (PST) Received: from tuna.sandelman.ca (tuna.sandelman.ca [IPv6:2607:f0b0:f:3:216:3eff:fe7c:d1f3]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EF306120088 for ; Sat, 21 Dec 2019 14:46:32 -0800 (PST) Received: from sandelman.ca (obiwan.sandelman.ca [IPv6:2607:f0b0:f:2::247]) by tuna.sandelman.ca (Postfix) with ESMTP id 6A38F3897E; Sat, 21 Dec 2019 17:46:24 -0500 (EST) Received: from localhost (localhost [IPv6:::1]) by sandelman.ca (Postfix) with ESMTP id ADDAD3FB; Sat, 21 Dec 2019 17:46:30 -0500 (EST) From: Michael Richardson To: IETF SecDispatch CC: "Panos Kampanakis \(pkampana\)" In-Reply-To: References: <12eed4ff-edd2-7f70-9460-fc86dcbab927@openca.org> <7999ebac-c9c1-eb4f-d9f7-2ba814a3b331@cs.tcd.ie> <78997490-c5ae-c856-6e26-0f79c7733ca3@openca.org> <2feb1778-7770-8a09-2066-a84663ff6b2e@cs.tcd.ie> X-Mailer: MH-E 8.6; nmh 1.7+dev; GNU Emacs 24.5.1 X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m Archived-At: Subject: Re: [Secdispatch] [EXTERNAL]Re: Clarification Question for the Comment from Eric Rescorla ( X-BeenThere: secdispatch@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Dispatch List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 21 Dec 2019 22:46:35 -0000 --=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Panos Kampanakis (pkampana) wrote: > UEFI Secure Boot (in essence what I meant by image singing) uses a PKI > architecture. There is a Product Key PK (root CA) that establishes a > trust relationship between the platform owner and the platform > firmware. The PK signs KEKs which established a trust relationship > between the platform firmware and the operating system. These are > mostly in X.509 today. More in [2]. >> Is there a reason why you don't want to do hash signatures? > HBS indeed looks like the best option for this usecase. Not necessari= ly > stateful. We have some preliminary analysis on this is in Section 3 in > [1]. More to come soon. > But we can=E2=80=99t go directly to pure HBS because already deployed= machines > in the field will not boot at all and upgrading BIOS is not > simple. Also, we can=E2=80=99t go to pure HBS because it will not be = FIPS > approved even after we have a standardized PQ option. So, we have to = do > some sort of composite RSA+post-quantum (NIST has put out a statement > that says that a composite will still be FIPS approved if the classic= al > part is). The FIPS argument is important. Waiting for PQ > standardization is one thing, but FIPS approval will take even longer > and until then we (Cisco) want to do some sort of composite before > then. okay, I understand now. You need to have a structure that makes use of all the existing, and previously validated FIPS mechanisms and structures, but which adds a post-quantum signature *in addition*. It seems that such a solution needs to live within the ASN.1/DER-encoded PK= IX rules. There have been proposals to add a HBS, and the hash-public-keys as an extension in a certificate, which I think is really ugly, but would work. I seem to recall a conversation at IETF106 about whether such a thing should live within the certificate structure, or should wrap it. It seems that you need it to live within the certificate structure, and needs to provide a parallel signature chain. =2D- ] Never tell me the odds! | ipv6 mesh network= s [ ] Michael Richardson, Sandelman Software Works | IoT architect = [ ] mcr@sandelman.ca http://www.sandelman.ca/ | ruby on rails = [ =2D- Michael Richardson , Sandelman Software Works -=3D IPv6 IoT consulting =3D- --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQEzBAEBCAAdFiEEbsyLEzg/qUTA43uogItw+93Q3WUFAl3+oMYACgkQgItw+93Q 3WVNOQgAi1SiQ/n0E8c8VNSRuNyKfljJ0G+VBxE+pV9AWiMYKAVlD9saUh99AYmL pGu3hD3WJE3462rutWFbraHa4GfmTySR9U4zfTm068oHIMNU+sNOZZe4McQrL2rM IUEjdq+5Ua0sw+P4KKdbqKuUOYMLSWv/Bjn8UWYfilfmSYqBlAZUoX8hADzYAZj8 zBkZAdKXDrB3j5aAafbGdQkw/j0VYNQdK3zapTdX1m0zXLhgunykytV4xBbR0/bv uzXkRcUWPKGRblA3+wkPfPCIn3FBriqdg64THIsS88bcAPQoAOo1/9m/KG59WB9Z mMJFc2JZ1ovkFo7jYgLsKaftimc01Q== =ZKol -----END PGP SIGNATURE----- --=-=-=-- From nobody Mon Dec 23 20:38:54 2019 Return-Path: X-Original-To: secdispatch@ietfa.amsl.com Delivered-To: secdispatch@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 938BB120045 for ; Mon, 23 Dec 2019 20:38:53 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.447 X-Spam-Level: X-Spam-Status: No, score=-2.447 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=icloud.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id i4Gj5KsvTwzD for ; Mon, 23 Dec 2019 20:38:51 -0800 (PST) Received: from mr85p00im-ztdg06021801.me.com (mr85p00im-ztdg06021801.me.com [17.58.23.195]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CE4C5120041 for ; Mon, 23 Dec 2019 20:38:51 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=icloud.com; s=1a1hai; t=1577162331; bh=7qiOZvE6d6woxNIZ0YTOJp5MqUiD+dw4WcfGrlMSHUw=; h=From:Message-Id:Content-Type:Subject:Date:To; b=B/7iwI44NKbHWARD7BZw/K9kuvzr4wIGjHmRzTpPjMbT/73SU3DxyI8kYujvxYx0O KOsmml+Xvf/KgQ226r3kRFEqVagb2TazOdOYm26L8d9hOOUnNtU2sa97dDfwfUib6/ JCWXzjXMgDaniyMte4Qi5wXqKQrNAI5gA1zQUAzHsIfGGGpMKIlqWLNnYNIn7PerY/ 6p8u3JYVHz3WYJAjnJLOf1OL2GPzLMQaUIq5FrRSJ8/sNVtjyFjupGJPpFfD1Vm5d1 S3YZG57jBDxdZx2w5z1pPL4g85NG5Xs7re0eX+AaNiU3v30Ff4BzFx+K+dO6f8UsO/ CXsTy2f9nWz9g== Received: from [17.234.126.120] (unknown [17.234.126.120]) by mr85p00im-ztdg06021801.me.com (Postfix) with ESMTPSA id 22A921809C0; Tue, 24 Dec 2019 04:38:51 +0000 (UTC) From: Carrick Bartle Message-Id: <07119213-1702-4742-A34F-EDEDBF294FCF@icloud.com> Content-Type: multipart/alternative; boundary="Apple-Mail=_B4C28A95-A9D8-4CB7-9F22-02EB59394A9E" Mime-Version: 1.0 (Mac OS X Mail 13.4 \(3608.80.3\)) Date: Mon, 23 Dec 2019 20:38:46 -0800 In-Reply-To: Cc: "Salz, Rich" , "Dr. Pala" , IETF SecDispatch , Stephen Farrell To: Eric Rescorla References: <12eed4ff-edd2-7f70-9460-fc86dcbab927@openca.org> <7999ebac-c9c1-eb4f-d9f7-2ba814a3b331@cs.tcd.ie> <78997490-c5ae-c856-6e26-0f79c7733ca3@openca.org> <95B2FAB7-66FA-44F2-84F8-FA23737AA38F@akamai.com> X-Mailer: Apple Mail (2.3608.80.3) X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:, , definitions=2019-12-23_10:, , signatures=0 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=0 malwarescore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1011 mlxscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1908290000 definitions=main-1912240038 Archived-At: Subject: Re: [Secdispatch] Clarification Question for the Comment from Eric Rescorla ( X-BeenThere: secdispatch@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Dispatch List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 24 Dec 2019 04:38:54 -0000 --Apple-Mail=_B4C28A95-A9D8-4CB7-9F22-02EB59394A9E Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=utf-8 > WebPKI doesn't want it How can it be true that it's too early to start developing a protocol = for composite keys and signatures for Web PKI when Cloudflare and Google = have already finished a round of experiments with hybrid key exchanges? = Maybe I'm reading too much into it, but the existence of those = experiments suggested to me that the need for hybrid/composite = implementations was imminent. (I understand that the draft in question = concerns signatures, not key exchanges, but apparently there isn't even = a draft for the latter yet.) If not now, when? After NIST crowns a winner? I don't see why it's = necessary to wait that long given that the proposed solutions are = algorithm-independent. And since the standardization process takes a = while, won't waiting until then mean that there won't be a standard = until after it's needed? Carrick > On Nov 19, 2019, at 11:37 PM, Eric Rescorla wrote: >=20 >=20 >=20 > On Tue, Nov 19, 2019 at 11:34 PM Salz, Rich > wrote: > What I was trying to say in the meeting is that I don't think this is = probably to be of much use in the WebPKI at this time. > =20 >=20 > I agree with that. >=20 > =20 >=20 > But of course that=E2=80=99s not a =E2=80=9Cveto=E2=80=9D on doing = this work, which OF COURSE you are not saying. >=20 >=20 > Agreed. I think the relevant question is if there is enough demand, so = just because WebPKI doesn't want it doesn't mean that someone doesn't. >=20 > -Ekr >=20 > _______________________________________________ > Secdispatch mailing list > Secdispatch@ietf.org > https://www.ietf.org/mailman/listinfo/secdispatch = > _______________________________________________ > Secdispatch mailing list > Secdispatch@ietf.org > https://www.ietf.org/mailman/listinfo/secdispatch = --Apple-Mail=_B4C28A95-A9D8-4CB7-9F22-02EB59394A9E Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=utf-8
WebPKI doesn't = want it

How can it be true that it's too early to start = developing a protocol for composite keys and signatures for Web PKI when = Cloudflare and Google have already finished a round of experiments with = hybrid key exchanges? Maybe I'm reading too much into it, but the = existence of those experiments suggested to me that the need for = hybrid/composite implementations was imminent. (I understand that the = draft in question concerns signatures, not key exchanges, but apparently = there isn't even a draft for the latter yet.)

If not now, when? After NIST crowns a = winner? I don't see why it's necessary to wait that long given that the = proposed solutions are algorithm-independent. And since the = standardization process takes a while, won't waiting until then mean = that there won't be a standard until after it's needed?

Carrick



On Nov 19, 2019, at 11:37 PM, Eric Rescorla = <ekr@rtfm.com> = wrote:



On Tue, Nov 19, 2019 at 11:34 PM Salz, Rich <rsalz@akamai.com> = wrote:
  • What I was trying to say in the meeting is = that I don't think this is probably to be of much use in the WebPKI at = this time.

 

I agree with that.

 

But of course that=E2=80=99s = not a =E2=80=9Cveto=E2=80=9D on doing this work, which OF COURSE you are = not saying.


Agreed. I think the relevant question = is if there is enough demand, so just because WebPKI doesn't want it = doesn't mean that someone doesn't.
-Ekr

___________________________________________= ____
Secdispatch mailing list
Secdispatch@ietf.org
https://www.ietf.org/mailman/listinfo/secdispatch
_______________________________________________
Secdispatch mailing = list
Secdispatch@ietf.org
https://www.ietf.org/mailman/listinfo/secdispatch

= --Apple-Mail=_B4C28A95-A9D8-4CB7-9F22-02EB59394A9E-- From nobody Wed Dec 25 13:52:39 2019 Return-Path: X-Original-To: secdispatch@ietfa.amsl.com Delivered-To: secdispatch@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0A5031200E7; Wed, 25 Dec 2019 13:52:30 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.702 X-Spam-Level: X-Spam-Status: No, score=-2.702 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=dell.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TrbYQiAfBfUv; Wed, 25 Dec 2019 13:52:26 -0800 (PST) Received: from mx0a-00154904.pphosted.com (mx0a-00154904.pphosted.com [148.163.133.20]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 21013120025; Wed, 25 Dec 2019 13:52:25 -0800 (PST) Received: from pps.filterd (m0170392.ppops.net [127.0.0.1]) by mx0a-00154904.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id xBPLj43R010723; Wed, 25 Dec 2019 16:52:23 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=dell.com; h=from : to : cc : subject : date : message-id : references : in-reply-to : content-type : content-transfer-encoding : mime-version; s=smtpout1; bh=JcIOBGEgc8/5cyWmlK/mO7AXrzoFvloWDeRMnMtYNnU=; b=oNP5yQXGI1v5Khhe1DzPphTkKZfNWTBSwsWMZItmc42pgqWreqDSACbjL80M1+MsqyZn iJtuZa5b+5Egi90V6vnKPuDWiyiBM+IC5WGVjRoPpdgUKRYTy0hw/kA5QD280kGLP5qY Ve3xZwTFyMPFHw/9iidhhx6L4worO+X3BXBQVx2EcQ8YAH4d3Ud2ClrPKn8cnLvNHqGw OM9dmxdqgqXdcdTSD588UYg2WTALI5rXvXHL4ngxgDVzbx6RoBN6GIetSmomqTKcAnob MX4lX/K4T6/NYzXVkqA0OUkgZUEzk8UYBX+N4nt7iwqJX/F1vIOmq9NOrgFZdbpYd4SF yQ== Received: from mx0b-00154901.pphosted.com (mx0b-00154901.pphosted.com [67.231.157.37]) by mx0a-00154904.pphosted.com with ESMTP id 2x1fej9wjd-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 25 Dec 2019 16:52:23 -0500 Received: from pps.filterd (m0134318.ppops.net [127.0.0.1]) by mx0a-00154901.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id xBPLlq7o095243; Wed, 25 Dec 2019 16:52:22 -0500 Received: from ausxipps310.us.dell.com (AUSXIPPS310.us.dell.com [143.166.148.211]) by mx0a-00154901.pphosted.com with ESMTP id 2x1ewjfbb9-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 25 Dec 2019 16:52:22 -0500 X-LoopCount0: from 10.166.136.216 X-PREM-Routing: D-Outbound X-IronPort-AV: E=Sophos;i="5.60,349,1549951200"; d="scan'208";a="464709363" From: To: CC: , , Thread-Topic: New Version Notification for draft-faibish-iot-ddos-usecases-01.txt Thread-Index: AQHVu2eQmpLQttK5yE+1FHWFMMTBsqfLWOXg Date: Wed, 25 Dec 2019 21:52:20 +0000 Message-ID: <1f98a6aed319418fa139dcaf37c317d2@x13pwdurdag1001.AMER.DELL.COM> References: <157730815035.29082.3329281957041349799.idtracker@ietfa.amsl.com> In-Reply-To: <157730815035.29082.3329281957041349799.idtracker@ietfa.amsl.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: msip_labels: MSIP_Label_17cb76b2-10b8-4fe1-93d4-2202842406cd_Enabled=True; MSIP_Label_17cb76b2-10b8-4fe1-93d4-2202842406cd_SiteId=945c199a-83a2-4e80-9f8c-5a91be5752dd; MSIP_Label_17cb76b2-10b8-4fe1-93d4-2202842406cd_Owner=faibish_sorin@emc.com; MSIP_Label_17cb76b2-10b8-4fe1-93d4-2202842406cd_SetDate=2019-12-25T21:52:18.7002186Z; MSIP_Label_17cb76b2-10b8-4fe1-93d4-2202842406cd_Name=External Public; MSIP_Label_17cb76b2-10b8-4fe1-93d4-2202842406cd_Application=Microsoft Azure Information Protection; MSIP_Label_17cb76b2-10b8-4fe1-93d4-2202842406cd_Extended_MSFT_Method=Manual; aiplabel=External Public x-ms-exchange-transport-fromentityheader: Hosted x-originating-ip: [10.146.130.80] Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 MIME-Version: 1.0 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.95,18.0.572 definitions=2019-12-25_07:2019-12-24,2019-12-25 signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 adultscore=0 spamscore=0 lowpriorityscore=0 malwarescore=0 mlxlogscore=999 phishscore=0 suspectscore=0 mlxscore=0 bulkscore=0 clxscore=1011 priorityscore=1501 impostorscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-1910280000 definitions=main-1912250191 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 bulkscore=0 lowpriorityscore=0 malwarescore=0 suspectscore=0 mlxlogscore=999 impostorscore=0 spamscore=0 phishscore=0 mlxscore=0 priorityscore=1501 adultscore=0 clxscore=1015 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-1910280000 definitions=main-1912250191 Archived-At: Subject: [Secdispatch] FW: New Version Notification for draft-faibish-iot-ddos-usecases-01.txt X-BeenThere: secdispatch@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Dispatch List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 25 Dec 2019 21:52:30 -0000 VGVhbSwNCg0KQmFzZWQgb24gdGhlIGNvbW1lbnRzIG9mIFRFRVAgV0cgaXNzdWUgIzY1IHdhcyBj bG9zZWQgd2l0aCByZWNvbW1lbmRhdGlvbnMgdG8gbW92ZSB0aGlzIGRyYWZ0IHRvIGEgZGlmZmVy ZW50IFdHLiBCdXQgSSBqdXN0IHdhbnRlZCB0byBhZGQgbW9yZSBkZXRhaWxzIG9uIHRoZSBwcm9w b3NlZCB1c2VkIGNhc2VzIGFkZGluZyB0aGUgcmVsYXRpb24gdG8gTVVEIGFuZCBiZWZvcmUgbW92 aW5nIHRvIGEgZGlmZmVyZW50IFdHIEkgd2FudCB0byBoYXZlIGEgbmV3IHJldmlldyBvZiB0aGUg ZHJhZnQuIA0KDQpBZnRlciBkaXNjdXNzaW9ucyBpbiB0aGUgam9pbnQgY2FsbCB3aXRoIFNVSVQg V0cgSSBhbSBjb25zaWRlcmluZyBwZXJoYXBzIG1vdmluZyB0aGUgZHJhZnQgdG8gU1VJVCBvciBS QVRTIGJhc2VkIG9uIERhdmUncyByZWNvbW1lbmRhdGlvbnMuIFlldCBpbiBvcmRlciB0byBiZSBz dXJlIHRoaXMgZHJhZnQgd2lsbCBub3QgZ28gdG8gd2FzdGUgSSB3aWxsIGFzayB0byBtb3ZlIGl0 IHRvIFNFQ0RJU1BBVENIIGZvciB0aGUgZmluYWwgZGVjaXNpb24gYmVmb3JlIEkgdG9zcyBpdC4g SSBzaW5jZXJlbHkgYmVsaWV2ZSB0aGF0IHRoaXMgZHJhZnQgaXMgZmFsbGluZyBiZXR3ZWVuIHNl Y3VyaXR5IFdHcyBjaGFpcnMgYW5kIGl0IGlzIHZlcnkgcmVsZXZhbnQgZm9yIHRoZSBjdXJyZW50 IHN0YXRlIG9mIGludGVybmV0IHNlY3VyaXR5LiANCg0KSSBhZ3JlZSB0byBEYXZlIHRoYXQgcGVy aGFwczoNCuKAoglURUVQIG1hbmFnZXMgdGhlIFRFRSBpbiBhIGRldmljZSwgbm90IHRoZSBSRUUg aW4gYSBkZXZpY2UuDQrigKIJVGhpcyBtYXkgYmUgcmVsZXZhbnQgdG8gUkFUUyB0aG91Z2ggDQoN CkJ1dCBJIGRpc2FncmVlIHRvIGNsb3NlIGl0IGRlYWQgYXMgaXQgaXMgaW1wb3J0YW50IGZyb20g bXkgdmlldy4NCuKAoglQcm9wb3NlIGNsb3NpbmcgaXNzdWVzIGFzIG91dCBvZiBzY29wZQ0KDQpB ZGRpdGlvbmFsIHRvIHRoaXMgSSBhbSB3b3JraW5nIHRvIGV4cGFuZCB0aGUgcHl0aG9uIHRvb2wg dGhhdCBJIHVzZWQgdG8gdGVzdHMgVEVFUCBJb1QgZGV2aWNlcyB0aGF0IGNvdWxkIGJlIHVzZWQg Zm9yIEREb1MgYXR0YWNrcy4gSSB3b3VsZCBhc2sgdGhlIFRFRVAgV0cgdG8gY29udGludWUgdGVz dGluZyB2dWxuZXJhYmlsaXR5IG9mIGRldmljZXMgdG8gRERvUyAocmVmbGVjdGVkIHRyYWZmaWMp IGR1cmluZyBuZXh0IElFVEYgbWVldGluZyBhbmQgSSB3YW50IHRvIGhhdmUgMTAgbWludXRlcyB0 byBtYWtlIG15IGNhc2UgYmVmb3JlIEkgZ28gdG8gdGhlIFNFQ0RJU1BBVENIIFdHLiBJIHdpbGwg b2ZmZXIgdG8gY29udGludWUgdG8gY2hlY2sgVEVFUCBkZXZpY2VzIHZ1bG5lcmFiaWxpdHkgaW4g VmFuY291dmVyIGhhY2thdGhvbi4gDQoNCkFuZCBmaW5hbGx5IEkgd2lsbCBhc2sgYW5kIGFwcHJl Y2lhdGUgYW55IGNvbW1lbnRzIGFuZCByZXZpZXcgb2YgdGhlIG5ldyBkcmFmdC4gVGhhbmsgeW91 DQoNCi4vU29yaW4NCg0KDQogDQotLS0tLU9yaWdpbmFsIE1lc3NhZ2UtLS0tLQ0KRnJvbTogaW50 ZXJuZXQtZHJhZnRzQGlldGYub3JnIDxpbnRlcm5ldC1kcmFmdHNAaWV0Zi5vcmc+IA0KU2VudDog V2VkbmVzZGF5LCBEZWNlbWJlciAyNSwgMjAxOSA0OjA5IFBNDQpUbzogZmFpYmlzaCwgc29yaW4N ClN1YmplY3Q6IE5ldyBWZXJzaW9uIE5vdGlmaWNhdGlvbiBmb3IgZHJhZnQtZmFpYmlzaC1pb3Qt ZGRvcy11c2VjYXNlcy0wMS50eHQNCg0KDQpbRVhURVJOQUwgRU1BSUxdIA0KDQoNCkEgbmV3IHZl cnNpb24gb2YgSS1ELCBkcmFmdC1mYWliaXNoLWlvdC1kZG9zLXVzZWNhc2VzLTAxLnR4dA0KaGFz IGJlZW4gc3VjY2Vzc2Z1bGx5IHN1Ym1pdHRlZCBieSBTb3JpbiBGYWliaXNoIGFuZCBwb3N0ZWQg dG8gdGhlIElFVEYgcmVwb3NpdG9yeS4NCg0KTmFtZToJCWRyYWZ0LWZhaWJpc2gtaW90LWRkb3Mt dXNlY2FzZXMNClJldmlzaW9uOgkwMQ0KVGl0bGU6CQlVc2VjYXNlcyBkZWZpbml0aW9uIGZvciBJ b1QgRERvUyBhdHRhY2tzIHByZXZlbnRpb24NCkRvY3VtZW50IGRhdGU6CTIwMTktMTItMjUNCkdy b3VwOgkJSW5kaXZpZHVhbCBTdWJtaXNzaW9uDQpQYWdlczoJCTkNClVSTDogICAgICAgICAgICBo dHRwczovL3d3dy5pZXRmLm9yZy9pbnRlcm5ldC1kcmFmdHMvZHJhZnQtZmFpYmlzaC1pb3QtZGRv cy11c2VjYXNlcy0wMS50eHQNClN0YXR1czogICAgICAgICBodHRwczovL2RhdGF0cmFja2VyLmll dGYub3JnL2RvYy9kcmFmdC1mYWliaXNoLWlvdC1kZG9zLXVzZWNhc2VzLw0KSHRtbGl6ZWQ6ICAg ICAgIGh0dHBzOi8vdG9vbHMuaWV0Zi5vcmcvaHRtbC9kcmFmdC1mYWliaXNoLWlvdC1kZG9zLXVz ZWNhc2VzLTAxDQpIdG1saXplZDogICAgICAgaHR0cHM6Ly9kYXRhdHJhY2tlci5pZXRmLm9yZy9k b2MvaHRtbC9kcmFmdC1mYWliaXNoLWlvdC1kZG9zLXVzZWNhc2VzDQpEaWZmOiAgICAgICAgICAg aHR0cHM6Ly93d3cuaWV0Zi5vcmcvcmZjZGlmZj91cmwyPWRyYWZ0LWZhaWJpc2gtaW90LWRkb3Mt dXNlY2FzZXMtMDENCg0KQWJzdHJhY3Q6DQogICBUaGlzIGRvY3VtZW50IHNwZWNpZmllcyBzZXZl cmFsIHVzZWNhc2VzIHJlbGF0ZWQgdG8gdGhlIGRpZmZlcmVudA0KICAgd2F5cyBJb1QgZGV2aWNl cyBhcmUgZXhwbG9pdGVkIGJ5IG1hbGljaW91cyBhZHZlcnNhcmllcyB0bw0KICAgaW5zdGFudGlh dGUgRGlzdHJpYnV0ZWQgRGVuaWFsIG9mIFNlcnZpY2VzIChERG9TKSBhdHRhY2tzLiBUaGUNCiAg IGF0dGFja3MgYXJlIGdlbmVydGVkIGZyb20gSW9UIGRldmljZXMgdGhhdCBoYXZlIG5vIHByb3Bl ciBwcm90ZWN0aW9uDQogICBhZ2FpbnN0IGdlbmVyYXRpbmcgdW5zb2xpY2l0ZWQgY29tbXVuaWNh dGlvbiBtZXNzYWdlcyB0YXJnZXRpbmcgYQ0KICAgY2VydGFpbiBuZXR3b3JrIGFuZCBjcmVhdGlu ZyBsYXJnZSBhbW91bnRzIG9mIG5ldHdvcmsgdHJhZmZpYy4gVGhlDQogICBhdHRhY2tlcnMgdGFr ZSBhZHZhbnRhZ2Ugb2YgYnJlYWNoZXMgaW4gdGhlIGNvbmZpZ3VyYXRpb24gZGF0YSBpbg0KICAg dW5wcm90ZWN0ZWQgSW9UIGRldmljZXMgZXhwbG9pdGVkIGZvciBERG9TIGF0dGFja3MuIFRoZSBh dHRhY2tlcnMNCiAgIHRha2UgYWR2YW50YWdlIG9mIHRoZSBJb1QgZGV2aWNlcyB0aGF0IGNhbiBz ZW5kIG5ldHdvcmsgcGFja2V0cw0KICAgdGhhdCB3ZXJlIGdlbmVyYXRlZCBieSBtYWxpY2lvdXMg Y29kZSB0aGF0IGludGVyYWN0cyB3aXRoIGFuIE9TDQogICBpbXBsZW1lbnRhdGlvbiB0aGF0IHJ1 bnMgb24gdGhlIElvVCBkZXZpY2VzLiBUaGUgcHJ1cG9zZSBvZiB0aGlzDQogICBkcmFmdCBpcyB0 byBwcmVzZW50IHBvc3NpYmxlIElvVCBERG9TIHVzZWNhc2VzIHRoYXQgbmVlZCB0byBiZQ0KICAg cHJldmVudGVkIGJ5IFRFRS4gVGhlIG1ham9yIGVuYWJsZXIgb2Ygc3VjaCBhdHRhY2tzIGlzIHJl bGF0ZWQgdG8NCiAgIElvVCBkZXZpY2VzIHRoYXQgaGF2ZSBubyBPUyBvciB1bnByb3RlY3RlZCBF RSBPUyBhbmQgcnVuDQogICBjb2RlIHRoYXQgaXMgZG93bmxvYWRlZCB0byB0aGVtIGZyb20gdGhl IFRBIGFuZCBtb2RpZmllZCBieQ0KICAgbWFuLWluLXRoZS1taWRkbGUgdGhhdCBpbnNlcnRzIG1h bGljaW91cyBjb2RlIGluIHRoZSBPUy4NCg0KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIA0KDQoN ClBsZWFzZSBub3RlIHRoYXQgaXQgbWF5IHRha2UgYSBjb3VwbGUgb2YgbWludXRlcyBmcm9tIHRo ZSB0aW1lIG9mIHN1Ym1pc3Npb24gdW50aWwgdGhlIGh0bWxpemVkIHZlcnNpb24gYW5kIGRpZmYg YXJlIGF2YWlsYWJsZSBhdCB0b29scy5pZXRmLm9yZy4NCg0KVGhlIElFVEYgU2VjcmV0YXJpYXQN Cg0K From nobody Wed Dec 25 17:58:02 2019 Return-Path: X-Original-To: secdispatch@ietfa.amsl.com Delivered-To: secdispatch@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 989AF1200DE for ; Wed, 25 Dec 2019 17:58:00 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.896 X-Spam-Level: X-Spam-Status: No, score=-1.896 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=rtfm-com.20150623.gappssmtp.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2pyVwvtfX8yd for ; Wed, 25 Dec 2019 17:57:58 -0800 (PST) Received: from mail-lj1-x22b.google.com (mail-lj1-x22b.google.com [IPv6:2a00:1450:4864:20::22b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 064BF1200B5 for ; Wed, 25 Dec 2019 17:57:58 -0800 (PST) Received: by mail-lj1-x22b.google.com with SMTP id a13so23621155ljm.10 for ; Wed, 25 Dec 2019 17:57:57 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rtfm-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=59mm5u8OJ3JQK/NstsGDyAKnRO8OOAqAcl5FvuICpdo=; b=CJMijBSB8egxURCPZoJgexiByU52GCcZIJPcpjgIOfqcXVTAGG0dDagPPaFNlWUnu0 UYAQDsWlXORLm6DC0qfe5BtCTifySQLgIOA0Pl0GEGevkdG62yJNlKFA2y0LZ0w3pMB/ B5YR4qF/Mhl+o1q9DBMd4Ly3eF30nvcyQ5h/Ea6ogZLCUu/yx1Ti061JMxTnFONm6k8c wOV6fLZaDr3nt29AYCdCS5yX9FHGBbryyEl+uQuzQeS4Uv7NEjE4HONJ5qQ6cLaXhVuF m+X0o/D/BOIrA9Gld7u33o3Yf5WzwzvSRUJlH/NZUC+zlFRdykNS0iEJPUu+dwM1h9Zi Z8Qw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=59mm5u8OJ3JQK/NstsGDyAKnRO8OOAqAcl5FvuICpdo=; b=T2U0RRkJNmWhhv4q8ycRPpS3oA4sHZmeRVh/R+tB/fe8oOeQ8/VnouJqgO3W5gaUhX JcwAdZzTXitQfjYWOwWzT+QL9TCRpptgEdAFR0YBB+hQEEjEQtOwSsaYHogiuZ0cVrpL 8UAPd0I2aqPvc8m1mQQXyq1eI5WxZvG0e5TXHi0WigbQRJaUaPMzm70/ZBtOJod4n/d6 uH1m4HGcHawhWII8dpnlZKndW6FzfbZvyFeq/vL7vEWeOriUL/LkEeuf5FF0Vy37M2HH Jcrq8US+icFF/BOq3JVnRD91zT1Cfel+Kg6BUpvwS53Rg0VvvYE3PXe7xW0ngCrUSMNr l9Bg== X-Gm-Message-State: APjAAAUsqbhLWGFeX7VIJNTV6yURNj8oUkKZQx+3fKtyKkqaoQmHzv76 fKfO2E/unkMHkqt9BeKgtK3oYNiV609u1Trp/snedA== X-Google-Smtp-Source: APXvYqz1bJgIjdBLLAnMmHzA2A2SqcFWTzR7yYkGDwRwf3eXqQmjEWiOKANnwT8m0nmr87I0zAoWbY+rFHSnHPVlrNA= X-Received: by 2002:a2e:95c4:: with SMTP id y4mr24661644ljh.38.1577325476077; Wed, 25 Dec 2019 17:57:56 -0800 (PST) MIME-Version: 1.0 References: <12eed4ff-edd2-7f70-9460-fc86dcbab927@openca.org> <7999ebac-c9c1-eb4f-d9f7-2ba814a3b331@cs.tcd.ie> <78997490-c5ae-c856-6e26-0f79c7733ca3@openca.org> <95B2FAB7-66FA-44F2-84F8-FA23737AA38F@akamai.com> <07119213-1702-4742-A34F-EDEDBF294FCF@icloud.com> In-Reply-To: <07119213-1702-4742-A34F-EDEDBF294FCF@icloud.com> From: Eric Rescorla Date: Wed, 25 Dec 2019 17:57:19 -0800 Message-ID: To: Carrick Bartle Cc: "Salz, Rich" , "Dr. Pala" , IETF SecDispatch , Stephen Farrell Content-Type: multipart/alternative; boundary="000000000000b2780b059a91b49c" Archived-At: Subject: Re: [Secdispatch] Clarification Question for the Comment from Eric Rescorla ( X-BeenThere: secdispatch@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Dispatch List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 26 Dec 2019 01:58:01 -0000 --000000000000b2780b059a91b49c Content-Type: text/plain; charset="UTF-8" On Mon, Dec 23, 2019 at 8:38 PM Carrick Bartle wrote: > How can it be true that it's too early to start developing a protocol > for composite keys and signatures for Web PKI when Cloudflare and > Google have already finished a round of experiments with composite key > exchanges? Maybe I'm reading too much into it, but the existence of > those experiments suggested to me that the need for composite/composite > implementations was imminent. (I understand that the draft in question > concerns signatures, not key exchanges, but apparently there isn't > even a draft for the latter yet.) ISTM that these cases are pretty different, in a number of respects. First, the primary rationale for doing composite key exchange now is to defend against retrospective attacks in case a quantum computer exists in the future. In this setting, it isn't critically important to have the PQ algorithm be the one we eventually land on, because each connection is separately negotiated and as long as the PQ algorithm has some security, you're getting benegit,. The primary rationale for doing PQ authentication now (or for that matter composite authentication) is to be prepared for the day when QC exists and we are therefore unable to rely on classical algorithms. However, it's not useful to be prepared in that fashion unless the algorithm that you are deploying is the one that is eventually selected, because otherwise you just have to start over once the selection is made. Moreover, in order to be truly prepared, what you need isn't principally relying party deployment, but rather authenticating party (in the case of the WebPKI, server-side) deployment. The reason for this is that in the world where a QC exists, you don't have protection until the relying party refuses to accept the classical credential [0], and at present, any client which does so will effectively be unable to communicate. And in order to make that happen, relying parties will have to require a post-quantum algorithm (most likely as a composite) and that's something I don't expect them to be willing to do until there's widespread agreement on what that algorithm should be. > If not now, when? After NIST crowns a winner? I don't see why it's > necessary to wait that long given that the proposed solutions are > algorithm-independent. And since the standardization process takes a > while, won't waiting until then mean that there won't be a standard > until after it's needed? No, i don't think so. For the reasons above, ISTM that real deployment will have to wait until we have a selected algorithm. One could, as you suggest, deploy some sort of multi-algorithm container, but IMO we will be far better off just deploying new composite algorithms as if the were single new algorithms, in the same way as we have done for key establishment. For this reason, I think we ought to wait until there is a consensus PQ signature algorithm, at least for the WebPKI. -Ekr [0] This is why this kind of composite isn't helpful in the world where a secret QC exists not. > --000000000000b2780b059a91b49c Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
On Mon, Dec 23, 2019 at = 8:38 PM Carrick Bartle <cbartle= 891@icloud.com> wrote:
> How can it be true= that it's too early to start developing a protocol
> for composi= te keys and signatures for Web PKI when Cloudflare and
> Google have = already finished a round of experiments with composite key
> exchange= s? Maybe I'm reading too much into it, but the existence of
> tho= se experiments suggested to me that the need for composite/composite
>= ; implementations was imminent. (I understand that the draft in question> concerns signatures, not key exchanges, but apparently there isn'= t
> even a draft for the latter yet.)

ISTM that these cases ar= e pretty different, in a number of respects.

First, the primary rati= onale for doing composite key exchange now is to
defend against retrospe= ctive attacks in case a quantum computer exists
in the future. In this s= etting, it isn't critically important to have
the PQ algorithm be th= e one we eventually land on, because each
connection is separately negot= iated and as long as the PQ algorithm
has some security, you're gett= ing benegit,.

The primary rationale for doing PQ authentication now = (or for that
matter composite authentication) is to be prepared for the = day when QC
exists and we are therefore unable to rely on classical
a= lgorithms. However, it's not useful to be prepared in that fashion
u= nless the algorithm that you are deploying is the one that is
eventually= selected, because otherwise you just have to start over
once the select= ion is made.

Moreover, in order to be truly prepared, what you need = isn't
principally relying party deployment, but rather authenticatin= g party
(in the case of the WebPKI, server-side) deployment. The reason = for
this is that in the world where a QC exists, you don't have prot= ection
until the relying party refuses to accept the classical credentia= l
[0], and at present, any client which does so will effectively be
u= nable to communicate. And in order to make that happen, relying
parties = will have to require a post-quantum algorithm (most likely as
a composit= e) and that's something I don't expect them to be willing to do
= until there's widespread agreement on what that algorithm should be.

> If not now, when? After NIST crowns a winner? I don't see= why it's
> necessary to wait that long given that the proposed s= olutions are
> algorithm-independent. And since the standardization p= rocess takes a
> while, won't waiting until then mean that there = won't be a standard
> until after it's needed?

No, i d= on't think so.

For the reasons above, ISTM that real deployment = will have to wait
until we have a selected algorithm. One could, as you = suggest, deploy
some sort of multi-algorithm container, but IMO we will = be far better
off just deploying new composite algorithms as if the were= single
new algorithms, in the same way as we have done for key establis= hment.

For this reason, I think we ought to wait until there is a co= nsensus
PQ signature algorithm, at least for the WebPKI.

-Ekr
=
[0] This is why this kind of composite isn't helpful in the worldwhere a secret QC exists not.


--000000000000b2780b059a91b49c--