From nobody Tue Dec 1 05:11:27 2015 Return-Path: X-Original-To: anima-bootstrap@ietfa.amsl.com Delivered-To: anima-bootstrap@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 86B731B2CFB for ; Tue, 1 Dec 2015 05:11:25 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.601 X-Spam-Level: X-Spam-Status: No, score=-2.601 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yDCAkvXAeZs3 for ; Tue, 1 Dec 2015 05:11:22 -0800 (PST) Received: from lb1-smtp-cloud3.xs4all.net (lb1-smtp-cloud3.xs4all.net [194.109.24.22]) (using TLSv1 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4BCCD1B2CF7 for ; Tue, 1 Dec 2015 05:11:22 -0800 (PST) Received: from webmail.xs4all.nl ([194.109.20.203]) by smtp-cloud3.xs4all.net with ESMTP id oDBK1r00E4NtgTm01DBKCd; Tue, 01 Dec 2015 14:11:20 +0100 Received: from [2001:983:a264:1:283d:d071:7c17:cbc6] by webmail.xs4all.nl with HTTP (HTTP/1.1 POST); Tue, 01 Dec 2015 14:11:19 +0100 MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII; format=flowed Content-Transfer-Encoding: 7bit Date: Tue, 01 Dec 2015 14:11:19 +0100 From: peter van der Stok To: Michael Richardson Organization: vanderstok consultancy Mail-Reply-To: consultancy@vanderstok.org In-Reply-To: <28804.1448919598@sandelman.ca> References: <13717.1448463285@sandelman.ca> <688d88e6dc86ae236e3c987d1526fb40@xs4all.nl> <28804.1448919598@sandelman.ca> Message-ID: X-Sender: stokcons@xs4all.nl (6lgvrTR4SonzoX6Cv8aXr+CSnBwXRA8O) User-Agent: XS4ALL Webmail Archived-At: Cc: anima-bootstrap , consultancy@vanderstok.org Subject: Re: [Anima-bootstrap] IoT and scope of bootstrap X-BeenThere: anima-bootstrap@ietf.org X-Mailman-Version: 2.1.15 Precedence: list Reply-To: consultancy@vanderstok.org List-Id: Mailing list for the bootstrap design team of the ANIMA WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 01 Dec 2015 13:11:25 -0000 HI Michael, The use case I like to be covered seems less complex than the ones you describe below. Suppose: A new building is installed with building equipment such as HVAC, lighting, etc. Or an existing building is retrofit. Cables are laid out, connected to equipment, Access Points are installed, 6LBRs are installed, and wireless equipment connecting to the 6LBRs and APs is installed. Cabling is tested and wrong connections are removed. Assuming the cabling, the 6LBRs and APs are correctly installed, the network is powered up. Assume most equipment is ANIMA enabled. The network is bootstrapped with factory security in place. After bootstrap this is a perfect moment to decide whether the network (ACP) works or not. Once the network is declared to work (satisfies the specification), additional service discovery, group declarations, application specific keying material can be installed. Such a network will be composed of LLNs, and includes constrained devices. Sleepy nodes (energy harvesting sensors) may include ANIMA services, but special provisions to include them in the network are more likely to be deployed. For the moment I have no idea what ACP and Anima bootstrapping implies in terms of resources and resource consumption. But excluding everything smaller than a tablet may be premature. Peter Michael Richardson schreef op 2015-11-30 22:39: > peter van der Stok wrote: > > Hi Michael, > > > Your text proposal does not help me much. > > Oh, I am sad. > > peter van der Stok wrote: > >> +
> >> + > >> + Questions have been posed as to whether this > solution is suitable > >> + in general for Internet of Things (IoT) networks. > In general the > >> + answer is no, but the terminology of target="RFC7228" /> is > >> + best used to describe the boundaries. > >> + > > > The above text is much more restrictive than the text below. > > So, my intention is to make people argue why IoT should be covered, > rather > than assume it is unless not specified. > > >> + > >> + Specifically, there are protocol aspects described > here which might > >> + result in congestion collapse or energy-exhaustion > of intermediate > >> + battery powered routers in an LLN. Those types of > networks SHOULD > >> + NOT use this solution. > >> + > >> +
> > > I think the text about battery-powered or energy harvesting > devices is the > > more appropriate. > > Agreed. > > > What about text that formulates unwanted side effects coming from > energy > > exhausted ("dead") nodes? > > I don't think the dying of a node is allowed to jeopardize the > functioning > > for other nodes or cause congestion, as your text suggests. > > > Some effort on getting this right is worthwhile, because I think > the use of > > the anima Bootstrap may be interesting for the installation of > large control > > networks, where > > the verification of the correct functioning of the network as > such is clearly > > separated from the correct functioning of the (control-) > > application on top. > > Here is a use case that I imagine. > > There is an existing LLN with a 6LBR and a backbone connection. > By construction, it has some energy constrained nodes in it, which > function > just fine. > > The LLN is to be expanded to service some new requirement. While the > existing > 6LBR can reach the new space, it won't work reliably enough, so a new > 6LBR is > installed in the new space. The 6LBR is ANIMA capable, and is mains > powered, > and the new backhaul will be 802.11. The new device doesn't have > WEP/WPA > keys (and the AP doesn't speak ANIMA), but it does speak the 6tisch > join > protocol, so it joins the existing LLN as a leaf. Then, using the LLN, > it > performs an *ANIMA* enrollment, with the LLN acting as a single "link" > from > the ANIMA point of view. > > Once enrolled, it has a domain specific certificate, has been > provisioned > with the right WEP key, and can now enable the wifi as backbone. > > Another use case might be a BFR in a cabinet that is being cabled up, > but > said cables are not yet "lit". It has been given a BTLE USB key into > one of > it's USB slots usually intended for firmware updates. The BFR does a > pairing > over BTLE with the installers' smartphone, and using rfc7688, and > connects to > the ACP that the smartphone is part of. The BFR is now "up" enough for > the > experts in the NOC to bring things up. They might need to configure > the > right lambdas for the 100G link to turn on... or instruct the cabling > people > which cable goes into which port. (cables *never* get mis-labelled..) > > In this context, the smartphone is energy constrained, and getting the > ACP > off of it ASAP would be important. > > -- > Michael Richardson , Sandelman Software Works > -= IPv6 IoT consulting =- > > > > > _______________________________________________ > Anima-bootstrap mailing list > Anima-bootstrap@ietf.org > https://www.ietf.org/mailman/listinfo/anima-bootstrap From nobody Tue Dec 1 11:11:20 2015 Return-Path: X-Original-To: anima-bootstrap@ietfa.amsl.com Delivered-To: anima-bootstrap@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9DCCD1B2F4D for ; Tue, 1 Dec 2015 11:11:19 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2 X-Spam-Level: X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id majUgu_YBaTw for ; Tue, 1 Dec 2015 11:11:15 -0800 (PST) Received: from mail-pa0-x22d.google.com (mail-pa0-x22d.google.com [IPv6:2607:f8b0:400e:c03::22d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B25311B2F48 for ; Tue, 1 Dec 2015 11:11:15 -0800 (PST) Received: by padhx2 with SMTP id hx2so13937662pad.1 for ; Tue, 01 Dec 2015 11:11:15 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=subject:to:references:from:organization:message-id:date:user-agent :mime-version:in-reply-to:content-type:content-transfer-encoding; bh=8fS8+xVX7e1W0PPuVTyC3DnOzi+hAQ+esbMGozVyoro=; b=diG1brjr5H4IFpLVqAhzErqSfM6+hFwNo4RSiTRc6HGNZnR4/HjkmKerueMMLLADyW vmFjQSS9rbfcSuWXvTyQM04McexelXjcktAmOu8BG2Ge4V3LZ+oFrTWRhxuL4jySZXD5 9FmxLwvuu1Sr2JHXTDCDMEzIFvKAa109dzM+a+YWIXF5IQp0Jx9lxbhQLOyEg4Sxl5zy QzzbAj3hxMLYNYa3e5bznsEvTy3YDsxYyi7w8wGxOdkRgpYa/zmz1DKFTljUboNjAKnZ yUfK5lymle0QF5sgHkYvbbpTflz3eQJ2DdCxNTcWqUvFdApuzjEjdUwCyTsem00wzbJM gueQ== X-Received: by 10.98.14.75 with SMTP id w72mr83479625pfi.166.1448997075240; Tue, 01 Dec 2015 11:11:15 -0800 (PST) Received: from ?IPv6:2406:e007:633a:1:28cc:dc4c:9703:6781? ([2406:e007:633a:1:28cc:dc4c:9703:6781]) by smtp.gmail.com with ESMTPSA id 70sm59451111pfr.2.2015.12.01.11.11.12 for (version=TLSv1/SSLv3 cipher=OTHER); Tue, 01 Dec 2015 11:11:13 -0800 (PST) To: anima-bootstrap@ietf.org References: <13717.1448463285@sandelman.ca> <688d88e6dc86ae236e3c987d1526fb40@xs4all.nl> <28804.1448919598@sandelman.ca> From: Brian E Carpenter Organization: University of Auckland Message-ID: <565DF0D5.1050508@gmail.com> Date: Wed, 2 Dec 2015 08:11:17 +1300 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:38.0) Gecko/20100101 Thunderbird/38.4.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit Archived-At: Subject: Re: [Anima-bootstrap] IoT and scope of bootstrap X-BeenThere: anima-bootstrap@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Mailing list for the bootstrap design team of the ANIMA WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 01 Dec 2015 19:11:19 -0000 Hi Peter, On 02/12/2015 02:11, peter van der Stok wrote: ... > Such a network will be composed of LLNs, and includes constrained devices. > Sleepy nodes (energy harvesting sensors) may include ANIMA services, but special provisions to include them in the network are > more likely to be deployed. > > For the moment I have no idea what ACP and Anima bootstrapping implies in terms of resources and resource consumption. > But excluding everything smaller than a tablet may be premature. ANs are basically nodes that participate in management actions that historically would have been carried out by a centralised NMS or NOC. So in my view an individual light switch isn't an AN but should be managed by an AN. The lighting controller for a section of a building could be an AN. Or to say it another way, a node that just does what it's told isn't an AN. (It may of course need a security bootstrap anyway.) However, indeed the resource question is important. An AN is going to need a multi-threading OS, a full network stack, and a heap of software on top. For example, GRASP alone is about 2500 lines of C (in the now-obsolete BUPT prototype) and looks as if it will also be a couple of thousand lines of Python. Add to that the ACP, the security bootstrap, and all the supporting code, before you install any ASAs. Brian From nobody Tue Dec 1 15:56:55 2015 Return-Path: X-Original-To: anima-bootstrap@ietfa.amsl.com Delivered-To: anima-bootstrap@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D1AAD1B2B01 for ; Tue, 1 Dec 2015 15:56:45 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -14.51 X-Spam-Level: X-Spam-Status: No, score=-14.51 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mZpNNrE396rr for ; Tue, 1 Dec 2015 15:56:43 -0800 (PST) Received: from alln-iport-8.cisco.com (alln-iport-8.cisco.com [173.37.142.95]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 56AC81B2AE0 for ; Tue, 1 Dec 2015 15:56:43 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=180034; q=dns/txt; s=iport; t=1449014203; x=1450223803; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=nG3uL+xmnDWg1yAPhlwOaIDfkCqNSTgk/Z0aCwbRTXg=; b=KkueS5YO2Wj4XjANBgeU070JvqXKTPoV8FCfkEOC1hqf6dUR8Zf6HXNw it4vRt6o0aAFPzn3ccLdjeHEi8cQ5wJq1Rz5//deFi+6pZIOo5cubmFnx ETpYFM6d0y9s5bNbhRdqoxQ9bP6O6GieMN6TevoHBZlfpQoIXIXgZEeBh M=; X-Files: Screen Shot 2015-11-30 at 4.20.07 PM.jpg : 122731 X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0ABAgD9Ml5W/4MNJK1egztTbwa+NAENg?= =?us-ascii?q?WYXAQmFbgIcgSw4FAEBAQEBAQGBCoQ1AQEEAQEBAh5LCxACAQgdAQEBChUDAgI?= =?us-ascii?q?CBRABCQUBCxQRAgQOBAEGCIgLAxINrRKMIA2ETAEBAQEBAQEBAQEBAQEBAQEBA?= =?us-ascii?q?QEBAQ8JiGSCboJTgVcRATUigmIvgRUFjSKJNQGEQGmGF4F3gVtJg3mObYNlg3E?= =?us-ascii?q?BHwEBQoIRHYFWcgGELzqBBwEBAQ?= X-IronPort-AV: E=Sophos;i="5.20,370,1444694400"; d="jpg'145?scan'145,208,217,145";a="213862664" Received: from alln-core-1.cisco.com ([173.36.13.131]) by alln-iport-8.cisco.com with ESMTP/TLS/DHE-RSA-AES256-SHA; 01 Dec 2015 23:56:42 +0000 Received: from XCH-RCD-004.cisco.com (xch-rcd-004.cisco.com [173.37.102.14]) by alln-core-1.cisco.com (8.14.5/8.14.5) with ESMTP id tB1NugSl009716 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Tue, 1 Dec 2015 23:56:42 GMT Received: from xch-aln-013.cisco.com (173.36.7.23) by XCH-RCD-004.cisco.com (173.37.102.14) with Microsoft SMTP Server (TLS) id 15.0.1104.5; Tue, 1 Dec 2015 17:56:41 -0600 Received: from xch-aln-013.cisco.com ([173.36.7.23]) by XCH-ALN-013.cisco.com ([173.36.7.23]) with mapi id 15.00.1104.000; Tue, 1 Dec 2015 17:56:41 -0600 From: "Max Pritikin (pritikin)" To: Brian E Carpenter Thread-Topic: [Anima-bootstrap] DOODLE POLL: Bootstrap Design Meeting Rescheduling Thread-Index: AQHRI9S5FmJRmb6U5kmz2FigH3LtsZ6r+P0AgAAfb4CAAANWgIALKP2A Date: Tue, 1 Dec 2015 23:56:41 +0000 Message-ID: <4C23A411-F644-46BE-BB22-F821F7A86D52@cisco.com> References: <31DBE67A-30DD-48E9-A533-B854A5B4C79C@cisco.com> <1049515D-3512-441F-B14B-ED8FBE3A1EF6@cisco.com> <5654D44B.60906@gmail.com> <66260958-ED53-4308-9D20-B70BEB38641C@cisco.com> In-Reply-To: <66260958-ED53-4308-9D20-B70BEB38641C@cisco.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: yes X-MS-TNEF-Correlator: x-ms-exchange-messagesentrepresentingtype: 1 x-ms-exchange-transport-fromentityheader: Hosted x-originating-ip: [10.99.106.4] Content-Type: multipart/related; boundary="_004_4C23A411F64446BEBB22F821F7A86D52ciscocom_"; type="multipart/alternative" MIME-Version: 1.0 Archived-At: Cc: "Toerless Eckert \(eckert\)" , anima-bootstrap , Kent Watsen Subject: Re: [Anima-bootstrap] DOODLE POLL: Bootstrap Design Meeting Rescheduling X-BeenThere: anima-bootstrap@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Mailing list for the bootstrap design team of the ANIMA WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 01 Dec 2015 23:56:46 -0000 --_004_4C23A411F64446BEBB22F821F7A86D52ciscocom_ Content-Type: multipart/alternative; boundary="_000_4C23A411F64446BEBB22F821F7A86D52ciscocom_" --_000_4C23A411F64446BEBB22F821F7A86D52ciscocom_ Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 SSBkb27igJl0IHRoaW5rIHdl4oCZcmUgZ2V0dGluZyBhbnkgbW9yZSB1cGRhdGVzLg0KDQpPZiB0 aGVzZSBUSFVSU0RBWSBhdCAxMGFtIChjZW50cmFsKSBsb29rcyBsaWtlIHRoZSBiZXN0IGJldC4g VW5mb3J0dW5hdGVseSB0aGlzIGlzIGJhZCBmb3IgVG9lcmxlc3Mgc28gSeKAmW0gbG9hdGggdG8g Y2xhaW0gd2UgaGF2ZSBhIHdpbm5lci4NCg0KRm9sa3MsIHBsZWFzZSBsZXQgdXMga25vdyBpZiB5 b3UgY2FuIHN0cmV0Y2ggdG8gam9pbiBvbmUgb2YgdGhlIG90aGVyIGNhbGxzLg0KDQpJZiBJIGRv buKAmXQgaGVhciBhbnl0aGluZyBp4oCZbGwgc2V0dXAgYSB3ZWJleCBhbmQgbGV0IGV2ZXJ5Ym9k eSBrbm93IHRoZSBkZXRhaWxzIGJlZm9yZSB0aGUgVEhVUlNEQVkgMTBhbSAoY2VudHJhbCkgc2xv dC4NCg0KLSBtYXgNCg0KW2NpZDpDQzNFNzEyQS0zMTEwLTQ3RjktQkYyNy1FQzI3RDkyNDQ1MTlA Y2lzY28uY29tXQ0KLSBtYXgNCg0KT24gTm92IDI0LCAyMDE1LCBhdCAyOjMxIFBNLCBNYXggUHJp dGlraW4gKHByaXRpa2luKSA8cHJpdGlraW5AY2lzY28uY29tPG1haWx0bzpwcml0aWtpbkBjaXNj by5jb20+PiB3cm90ZToNCg0KVGhhbmtzLiBBcyB5b3UgYWxsIGNhbiB0ZWxsIHRoZXJlIGlzbuKA mXQgYW4gb2J2aW91cyB3aW5uZXINCg0KPFNjcmVlbiBTaG90IDIwMTUtMTEtMjQgYXQgMi4yOC4z MCBQTS5qcGVnPg0KLSBtYXgNCg0KT24gTm92IDI0LCAyMDE1LCBhdCAyOjE5IFBNLCBCcmlhbiBF IENhcnBlbnRlciA8YnJpYW4uZS5jYXJwZW50ZXJAZ21haWwuY29tPG1haWx0bzpicmlhbi5lLmNh cnBlbnRlckBnbWFpbC5jb20+PiB3cm90ZToNCg0KSSd2ZSByZXNwb25kZWQsIGJ1dCBwbGVhc2Ug ZG9uJ3QgdGFrZSBteSAidm90ZSIgYXMgdmVyeQ0KaW1wb3J0YW50IC0gSSdtIGhlcmUgbWFpbmx5 IHRvIHdhdGNoIGZvciBpc3N1ZXMgdGhhdA0KZGlyZWN0bHkgYWZmZWN0IEdSQVNQLCByYXRoZXIg dGhhbiB0byBjb250cmlidXRlLg0KDQpSZWdhcmRzDQogIEJyaWFuDQoNCk9uIDI1LzExLzIwMTUg MDg6MjYsIE1heCBQcml0aWtpbiAocHJpdGlraW4pIHdyb3RlOg0KDQpGb2xrcywNCg0KQ3VycmVu dGx5IDMgcGVvcGxlIGluIGFkZGl0aW9uIHRvIG15c2VsZiBoYXZlIGZpbGxlZCBvdXQgdGhlIGRv b2RsZSBwb2xsLg0KDQpUaGUgb25seSBzbG90IHRoYXQgaGFzIGV2ZXJ5Ym9keSBhYmxlIHRvIGF0 dGVuZCBzbyBmYXIgaXMgVGh1cnNkYXkgYXQgMTBhbSAodGhpcyB3ZWVrIHRoYXQgaXMgb2YgY291 cnNlIFRoYW5rc2dpdmluZyBhbmQgSSBkb27igJl0IGV4cGVjdCBhbnlib2R5IHdvdWxkIGJlIHRo ZXJlKS4gV2hlbiB5b3UgZmlsbCB5b3VyIGluZm9ybWF0aW9uIGluIHBsZWFzZSBzdHJhaW4gdG8g aGVscCBmaW5kIGEgc2xvdCBldmVyeWJvZHkgY2FuIGpvaW4uDQoNCknigJl2ZSBhZGRlZCBhIGNv dXBsZSBtb3JlIHBlb3BsZSB0byB0aGlzIGVtYWlsIGJ1dCBwZXJoYXBzIFRvZXJsZXNzIG9yIFNo ZW5nIGhhcyBkaXJlY3QgZW1haWxzIGZvciB0aGUgb3RoZXIg4oCcdGVhbSBtZW1iZXJz4oCdIGFu ZCBjb3VsZCBwaW5nIHRoZW0gZGlyZWN0bHk/IChUaGVpciBlbWFpbCBhZGRyIGlzbuKAmXQgbGlz dGVkIG9uIHRoZSBib290c3RyYXAgd2lraSkuDQoNCi0gbWF4DQoNCk9uIE5vdiAyMCwgMjAxNSwg YXQgMTo0NyBQTSwgTWF4IFByaXRpa2luIChwcml0aWtpbikgPHByaXRpa2luQGNpc2NvLmNvbTxt YWlsdG86cHJpdGlraW5AY2lzY28uY29tPj4gd3JvdGU6DQoNCg0KQU5JTUEgYm9vdHN0cmFwIGRl c2lnbiB0ZWFtIGhhcyBiZWVuIG1lZXRpbmcgb24gV2VkIG1vcm5pbmcgYnV0IGF0dGVuZGFuY2Ug aGFzIGJlZW4gbGlnaHQgd2l0aCBtdWx0aXBsZSBjb25mbGljdHMgbGF0ZWx5LiBUaGlzIHBvbGwg aXMgdG8gc2VlIGlmIGEgbmV3IHRpbWUgY2FuIGJlIGZvdW5kLg0KDQpQbGVhc2UgZmlsbCBpbiB0 aGlzIHBvbGwgaWYgeW914oCZZCBsaWtlIHRvIGJlIGpvaW5pbmcgdGhlIGJvb3RzdHJhcCBkZXNp Z24gdGVhbSBjYWxscyBidXQgaGF2ZW7igJl0IGJlZW4gYWJsZSB0byBkdWUgdG8gc2NoZWR1bGlu ZyBjb25mbGljdHMuDQoNClNvbWUgbm90ZXM6DQoNCkkgYXJiaXRyYXJpbHkgYmxvY2tlZCBzb21l IHRpbWVzIGZvciB0aGUgbWVldGluZ3MuIElmIE5PTkUgb2YgdGhlc2Ugd29yayB3ZSBjYW4gdHJ5 IHRvIGZpbmQgc29tZSBvdGhlciBzbG90cyAocGxlYXNlIHN1Z2dlc3QpLg0KDQpUaGUgcG9sbCBp cyBmb3IgYW4gZW50aXJlIHdlZWsgb2YgZGF5cy4uLiBidXQgdGhlIGRhdGUgaXRzZWxmIGRvZXNu 4oCZdCBtYXR0ZXIuIFBsZWFzZSBzZWxlY3QgdGhlIHRpbWUgdGhhdCB3b3JrcyBtb3N0IG9mdGVu IGZvciB5b3UgZm9yIGEgcmVjdXJyaW5nIG1lZXRpbmcuDQoNClRoZSB0aW1lem9uZSBpcyBzZXQg Zm9yIGNlbnRyYWwgdGltZeKApiBidXQgdGltZSB6b25lIHN1cHBvcnQgaXMgZW5hYmxlZC4gSnVz dCByZW1lbWJlciB0byBzd2l0Y2ggdGhpcyB0byB5b3VyIHRpbWUgem9uZSBiZWZvcmUgZmlsbGlu ZyBpbiB3aGljaCB0aW1lcyB5b3Ugd291bGQgYmUgYXZhaWxhYmxlLg0KDQpQbGVhc2UgZW50ZXIg eW91ciBuYW1lIGluIHRoZSBpbnB1dCBmaWVsZCBhbmQgY2hlY2sgdGhlIGJveCBmb3IgdGltZXMg dGhhdCB5b3UgYXJlIGF2YWlsYWJsZS4NCg0KaHR0cDovL2Rvb2RsZS5jb20vcG9sbC84OXQ2djdt cnZ0djl0eGc3DQoNCg0KLSBtYXgNCl9fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19f X19fX19fX19fX19fDQpBbmltYS1ib290c3RyYXAgbWFpbGluZyBsaXN0DQpBbmltYS1ib290c3Ry YXBAaWV0Zi5vcmc8bWFpbHRvOkFuaW1hLWJvb3RzdHJhcEBpZXRmLm9yZz4NCmh0dHBzOi8vd3d3 LmlldGYub3JnL21haWxtYW4vbGlzdGluZm8vYW5pbWEtYm9vdHN0cmFwDQoNCg0KDQoNCg== --_000_4C23A411F64446BEBB22F821F7A86D52ciscocom_ Content-Type: text/html; charset="utf-8" Content-ID: Content-Transfer-Encoding: base64 PGh0bWw+DQo8aGVhZD4NCjxtZXRhIGh0dHAtZXF1aXY9IkNvbnRlbnQtVHlwZSIgY29udGVudD0i dGV4dC9odG1sOyBjaGFyc2V0PXV0Zi04Ij4NCjwvaGVhZD4NCjxib2R5IHN0eWxlPSJ3b3JkLXdy YXA6IGJyZWFrLXdvcmQ7IC13ZWJraXQtbmJzcC1tb2RlOiBzcGFjZTsgLXdlYmtpdC1saW5lLWJy ZWFrOiBhZnRlci13aGl0ZS1zcGFjZTsiIGNsYXNzPSIiPg0KSSBkb27igJl0IHRoaW5rIHdl4oCZ cmUgZ2V0dGluZyBhbnkgbW9yZSB1cGRhdGVzLiZuYnNwOw0KPGRpdiBjbGFzcz0iIj48YnIgY2xh c3M9IiI+DQo8L2Rpdj4NCjxkaXYgY2xhc3M9IiI+T2YgdGhlc2UgVEhVUlNEQVkgYXQgMTBhbSAo Y2VudHJhbCkgbG9va3MgbGlrZSB0aGUgYmVzdCBiZXQuIFVuZm9ydHVuYXRlbHkgdGhpcyBpcyBi YWQgZm9yIFRvZXJsZXNzIHNvIEnigJltIGxvYXRoIHRvIGNsYWltIHdlIGhhdmUgYSB3aW5uZXIu Jm5ic3A7PC9kaXY+DQo8ZGl2IGNsYXNzPSIiPjxiciBjbGFzcz0iIj4NCjwvZGl2Pg0KPGRpdiBj bGFzcz0iIj5Gb2xrcywgcGxlYXNlIGxldCB1cyBrbm93IGlmIHlvdSBjYW4gc3RyZXRjaCB0byBq b2luIG9uZSBvZiB0aGUgb3RoZXIgY2FsbHMuJm5ic3A7PC9kaXY+DQo8ZGl2IGNsYXNzPSIiPjxi ciBjbGFzcz0iIj4NCjwvZGl2Pg0KPGRpdiBjbGFzcz0iIj5JZiBJIGRvbuKAmXQgaGVhciBhbnl0 aGluZyBp4oCZbGwgc2V0dXAgYSB3ZWJleCBhbmQgbGV0IGV2ZXJ5Ym9keSBrbm93IHRoZSBkZXRh aWxzIGJlZm9yZSB0aGUgVEhVUlNEQVkgMTBhbSAoY2VudHJhbCkgc2xvdC4mbmJzcDs8L2Rpdj4N CjxkaXYgY2xhc3M9IiI+PGJyIGNsYXNzPSIiPg0KPC9kaXY+DQo8ZGl2IGNsYXNzPSIiPi0gbWF4 PC9kaXY+DQo8ZGl2IGNsYXNzPSIiPjxiciBjbGFzcz0iIj4NCjwvZGl2Pg0KPGRpdiBjbGFzcz0i Ij48aW1nIGFwcGxlLWlubGluZT0ieWVzIiBpZD0iRTIwNTQ0RTYtNTRCOS00OTA1LTlFOEYtMkI0 RjAzRTcyNTUzIiBoZWlnaHQ9IjE1OSIgd2lkdGg9Ijg1OCIgYXBwbGUtd2lkdGg9InllcyIgYXBw bGUtaGVpZ2h0PSJ5ZXMiIHNyYz0iY2lkOkNDM0U3MTJBLTMxMTAtNDdGOS1CRjI3LUVDMjdEOTI0 NDUxOUBjaXNjby5jb20iIGNsYXNzPSIiPjwvZGl2Pg0KPGRpdiBjbGFzcz0iIj4tIG1heDwvZGl2 Pg0KPGRpdiBjbGFzcz0iIj48YnIgY2xhc3M9IiI+DQo8ZGl2Pg0KPGJsb2NrcXVvdGUgdHlwZT0i Y2l0ZSIgY2xhc3M9IiI+DQo8ZGl2IGNsYXNzPSIiPk9uIE5vdiAyNCwgMjAxNSwgYXQgMjozMSBQ TSwgTWF4IFByaXRpa2luIChwcml0aWtpbikgJmx0OzxhIGhyZWY9Im1haWx0bzpwcml0aWtpbkBj aXNjby5jb20iIGNsYXNzPSIiPnByaXRpa2luQGNpc2NvLmNvbTwvYT4mZ3Q7IHdyb3RlOjwvZGl2 Pg0KPGJyIGNsYXNzPSJBcHBsZS1pbnRlcmNoYW5nZS1uZXdsaW5lIj4NCjxkaXYgY2xhc3M9IiI+ DQo8ZGl2IHN0eWxlPSJ3b3JkLXdyYXA6IGJyZWFrLXdvcmQ7IC13ZWJraXQtbmJzcC1tb2RlOiBz cGFjZTsgLXdlYmtpdC1saW5lLWJyZWFrOiBhZnRlci13aGl0ZS1zcGFjZTsiIGNsYXNzPSIiPg0K VGhhbmtzLiBBcyB5b3UgYWxsIGNhbiB0ZWxsIHRoZXJlIGlzbuKAmXQgYW4gb2J2aW91cyB3aW5u ZXINCjxkaXYgY2xhc3M9IiI+PGJyIGNsYXNzPSIiPg0KPC9kaXY+DQo8ZGl2IGNsYXNzPSIiPjxz cGFuIGlkPSJjaWQ6MTVDQTY1OUItQkE0MC00RTA5LThEQ0EtOUQ0RDc0NUNFQkU3QGNpc2NvLmNv bSI+Jmx0O1NjcmVlbiBTaG90IDIwMTUtMTEtMjQgYXQgMi4yOC4zMCBQTS5qcGVnJmd0Ozwvc3Bh bj48L2Rpdj4NCjxkaXYgY2xhc3M9IiI+LSBtYXg8L2Rpdj4NCjxkaXYgY2xhc3M9IiI+PGJyIGNs YXNzPSIiPg0KPGJsb2NrcXVvdGUgdHlwZT0iY2l0ZSIgY2xhc3M9IiI+T24gTm92IDI0LCAyMDE1 LCBhdCAyOjE5IFBNLCBCcmlhbiBFIENhcnBlbnRlciAmbHQ7PGEgaHJlZj0ibWFpbHRvOmJyaWFu LmUuY2FycGVudGVyQGdtYWlsLmNvbSIgY2xhc3M9IiI+YnJpYW4uZS5jYXJwZW50ZXJAZ21haWwu Y29tPC9hPiZndDsgd3JvdGU6PGJyIGNsYXNzPSIiPg0KPGJyIGNsYXNzPSIiPg0KSSd2ZSByZXNw b25kZWQsIGJ1dCBwbGVhc2UgZG9uJ3QgdGFrZSBteSAmcXVvdDt2b3RlJnF1b3Q7IGFzIHZlcnk8 YnIgY2xhc3M9IiI+DQppbXBvcnRhbnQgLSBJJ20gaGVyZSBtYWlubHkgdG8gd2F0Y2ggZm9yIGlz c3VlcyB0aGF0PGJyIGNsYXNzPSIiPg0KZGlyZWN0bHkgYWZmZWN0IEdSQVNQLCByYXRoZXIgdGhh biB0byBjb250cmlidXRlLjxiciBjbGFzcz0iIj4NCjxiciBjbGFzcz0iIj4NClJlZ2FyZHM8YnIg Y2xhc3M9IiI+DQombmJzcDsgQnJpYW48YnIgY2xhc3M9IiI+DQo8YnIgY2xhc3M9IiI+DQpPbiAy NS8xMS8yMDE1IDA4OjI2LCBNYXggUHJpdGlraW4gKHByaXRpa2luKSB3cm90ZTo8YnIgY2xhc3M9 IiI+DQo8YmxvY2txdW90ZSB0eXBlPSJjaXRlIiBjbGFzcz0iIj48YnIgY2xhc3M9IiI+DQpGb2xr cywmbmJzcDs8YnIgY2xhc3M9IiI+DQo8YnIgY2xhc3M9IiI+DQpDdXJyZW50bHkgMyBwZW9wbGUg aW4gYWRkaXRpb24gdG8gbXlzZWxmIGhhdmUgZmlsbGVkIG91dCB0aGUgZG9vZGxlIHBvbGwuJm5i c3A7PGJyIGNsYXNzPSIiPg0KPGJyIGNsYXNzPSIiPg0KVGhlIG9ubHkgc2xvdCB0aGF0IGhhcyBl dmVyeWJvZHkgYWJsZSB0byBhdHRlbmQgc28gZmFyIGlzIFRodXJzZGF5IGF0IDEwYW0gKHRoaXMg d2VlayB0aGF0IGlzIG9mIGNvdXJzZSBUaGFua3NnaXZpbmcmbmJzcDthbmQgSSBkb27igJl0IGV4 cGVjdCBhbnlib2R5IHdvdWxkIGJlIHRoZXJlKS4gV2hlbiB5b3UgZmlsbCB5b3VyIGluZm9ybWF0 aW9uIGluIHBsZWFzZSBzdHJhaW4gdG8gaGVscCBmaW5kIGEgc2xvdCZuYnNwO2V2ZXJ5Ym9keSBj YW4gam9pbi4mbmJzcDs8YnIgY2xhc3M9IiI+DQo8YnIgY2xhc3M9IiI+DQpJ4oCZdmUgYWRkZWQg YSBjb3VwbGUgbW9yZSBwZW9wbGUgdG8gdGhpcyBlbWFpbCBidXQgcGVyaGFwcyBUb2VybGVzcyBv ciBTaGVuZyBoYXMgZGlyZWN0IGVtYWlscyBmb3IgdGhlIG90aGVyIOKAnHRlYW0mbmJzcDttZW1i ZXJz4oCdIGFuZCBjb3VsZCBwaW5nIHRoZW0gZGlyZWN0bHk/IChUaGVpciBlbWFpbCBhZGRyIGlz buKAmXQgbGlzdGVkIG9uIHRoZSBib290c3RyYXAgd2lraSkuICZuYnNwOzxiciBjbGFzcz0iIj4N CjxiciBjbGFzcz0iIj4NCi0gbWF4PGJyIGNsYXNzPSIiPg0KPGJyIGNsYXNzPSIiPg0KPGJsb2Nr cXVvdGUgdHlwZT0iY2l0ZSIgY2xhc3M9IiI+T24gTm92IDIwLCAyMDE1LCBhdCAxOjQ3IFBNLCBN YXggUHJpdGlraW4gKHByaXRpa2luKSAmbHQ7PGEgaHJlZj0ibWFpbHRvOnByaXRpa2luQGNpc2Nv LmNvbSIgY2xhc3M9IiI+cHJpdGlraW5AY2lzY28uY29tPC9hPiZndDsgd3JvdGU6PGJyIGNsYXNz PSIiPg0KPGJyIGNsYXNzPSIiPg0KPGJyIGNsYXNzPSIiPg0KQU5JTUEgYm9vdHN0cmFwIGRlc2ln biB0ZWFtIGhhcyBiZWVuIG1lZXRpbmcgb24gV2VkIG1vcm5pbmcgYnV0IGF0dGVuZGFuY2UgaGFz IGJlZW4gbGlnaHQgd2l0aCBtdWx0aXBsZSBjb25mbGljdHMmbmJzcDtsYXRlbHkuIFRoaXMgcG9s bCBpcyB0byBzZWUgaWYgYSBuZXcgdGltZSBjYW4gYmUgZm91bmQuPGJyIGNsYXNzPSIiPg0KPGJy IGNsYXNzPSIiPg0KUGxlYXNlIGZpbGwgaW4gdGhpcyBwb2xsIGlmIHlvdeKAmWQgbGlrZSB0byBi ZSBqb2luaW5nIHRoZSBib290c3RyYXAgZGVzaWduIHRlYW0gY2FsbHMgYnV0IGhhdmVu4oCZdCBi ZWVuIGFibGUgdG8gZHVlIHRvJm5ic3A7c2NoZWR1bGluZyBjb25mbGljdHMuJm5ic3A7PGJyIGNs YXNzPSIiPg0KPGJyIGNsYXNzPSIiPg0KU29tZSBub3Rlczo8YnIgY2xhc3M9IiI+DQo8YnIgY2xh c3M9IiI+DQpJIGFyYml0cmFyaWx5IGJsb2NrZWQgc29tZSB0aW1lcyBmb3IgdGhlIG1lZXRpbmdz LiBJZiBOT05FIG9mIHRoZXNlIHdvcmsgd2UgY2FuIHRyeSB0byBmaW5kIHNvbWUgb3RoZXIgc2xv dHMgKHBsZWFzZSZuYnNwO3N1Z2dlc3QpLiZuYnNwOzxiciBjbGFzcz0iIj4NCjxiciBjbGFzcz0i Ij4NClRoZSBwb2xsIGlzIGZvciBhbiBlbnRpcmUgd2VlayBvZiBkYXlzLi4uIGJ1dCB0aGUgZGF0 ZSBpdHNlbGYgZG9lc27igJl0IG1hdHRlci4gUGxlYXNlIHNlbGVjdCB0aGUgdGltZSB0aGF0IHdv cmtzIG1vc3QmbmJzcDtvZnRlbiBmb3IgeW91IGZvciBhIHJlY3VycmluZyBtZWV0aW5nLiZuYnNw OzxiciBjbGFzcz0iIj4NCjxiciBjbGFzcz0iIj4NClRoZSB0aW1lem9uZSBpcyBzZXQgZm9yIGNl bnRyYWwgdGltZeKApiBidXQgdGltZSB6b25lIHN1cHBvcnQgaXMgZW5hYmxlZC4gSnVzdCByZW1l bWJlciB0byBzd2l0Y2ggdGhpcyB0byB5b3VyIHRpbWUmbmJzcDt6b25lIGJlZm9yZSBmaWxsaW5n IGluIHdoaWNoIHRpbWVzIHlvdSB3b3VsZCBiZSBhdmFpbGFibGUuJm5ic3A7PGJyIGNsYXNzPSIi Pg0KPGJyIGNsYXNzPSIiPg0KUGxlYXNlIGVudGVyIHlvdXIgbmFtZSBpbiB0aGUgaW5wdXQgZmll bGQgYW5kIGNoZWNrIHRoZSBib3ggZm9yIHRpbWVzIHRoYXQgeW91IGFyZSBhdmFpbGFibGUuPGJy IGNsYXNzPSIiPg0KPGJyIGNsYXNzPSIiPg0KPGEgaHJlZj0iaHR0cDovL2Rvb2RsZS5jb20vcG9s bC84OXQ2djdtcnZ0djl0eGc3IiBjbGFzcz0iIj5odHRwOi8vZG9vZGxlLmNvbS9wb2xsLzg5dDZ2 N21ydnR2OXR4Zzc8L2E+PGJyIGNsYXNzPSIiPg0KPGJyIGNsYXNzPSIiPg0KPGJyIGNsYXNzPSIi Pg0KLSBtYXg8YnIgY2xhc3M9IiI+DQpfX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19f X19fX19fX19fX19fXzxiciBjbGFzcz0iIj4NCkFuaW1hLWJvb3RzdHJhcCBtYWlsaW5nIGxpc3Q8 YnIgY2xhc3M9IiI+DQo8YSBocmVmPSJtYWlsdG86QW5pbWEtYm9vdHN0cmFwQGlldGYub3JnIiBj bGFzcz0iIj5BbmltYS1ib290c3RyYXBAaWV0Zi5vcmc8L2E+PGJyIGNsYXNzPSIiPg0KaHR0cHM6 Ly93d3cuaWV0Zi5vcmcvbWFpbG1hbi9saXN0aW5mby9hbmltYS1ib290c3RyYXA8YnIgY2xhc3M9 IiI+DQo8L2Jsb2NrcXVvdGU+DQo8YnIgY2xhc3M9IiI+DQo8L2Jsb2NrcXVvdGU+DQo8YnIgY2xh c3M9IiI+DQo8L2Jsb2NrcXVvdGU+DQo8YnIgY2xhc3M9IiI+DQo8L2Rpdj4NCjwvZGl2Pg0KPC9k aXY+DQo8L2Jsb2NrcXVvdGU+DQo8L2Rpdj4NCjxiciBjbGFzcz0iIj4NCjwvZGl2Pg0KPC9ib2R5 Pg0KPC9odG1sPg0K --_000_4C23A411F64446BEBB22F821F7A86D52ciscocom_-- --_004_4C23A411F64446BEBB22F821F7A86D52ciscocom_ Content-Type: image/jpeg; name="Screen Shot 2015-11-30 at 4.20.07 PM.jpg" Content-Description: Screen Shot 2015-11-30 at 4.20.07 PM.jpg Content-Disposition: inline; filename="Screen Shot 2015-11-30 at 4.20.07 PM.jpg"; size=122731; creation-date="Tue, 01 Dec 2015 23:56:41 GMT"; modification-date="Tue, 01 Dec 2015 23:56:41 GMT" Content-ID: Content-Transfer-Encoding: base64 /9j/4AAQSkZJRgABAQEASABIAAD/4QB0RXhpZgAATU0AKgAAAAgABAEaAAUAAAABAAAAPgEbAAUA AAABAAAARgEoAAMAAAABAAIAAIdpAAQAAAABAAAATgAAAAAAAABIAAAAAQAAAEgAAAABAAKgAgAE AAAAAQAAB6CgAwAEAAAAAQAAAWgAAAAA/+0AOFBob3Rvc2hvcCAzLjAAOEJJTQQEAAAAAAAAOEJJ TQQlAAAAAAAQ1B2M2Y8AsgTpgAmY7PhCfv/iGNhJQ0NfUFJPRklMRQABAQAAGMhhcHBsAhAAAG1u dHJSR0IgWFlaIAffAAkACAAMAAkAKWFjc3BBUFBMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD2 1gABAAAAANMtYXBwbAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAEWRlc2MAAAFQAAAAYmRzY20AAAG0AAABzGNwcnQAAAOAAAAAI3d0cHQAAAOkAAAAFHJYWVoA AAO4AAAAFGdYWVoAAAPMAAAAFGJYWVoAAAPgAAAAFHJUUkMAAAP0AAAIDGFhcmcAAAwAAAAAIHZj Z3QAAAwgAAAGEm5kaW4AABI0AAAGPmNoYWQAABh0AAAALG1tb2QAABigAAAAKGJUUkMAAAP0AAAI DGdUUkMAAAP0AAAIDGFhYmcAAAwAAAAAIGFhZ2cAAAwAAAAAIGRlc2MAAAAAAAAACERpc3BsYXkA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAABtbHVjAAAAAAAAACIAAAAMaHJIUgAAACQAAAGoa29LUgAA ACQAAAGobmJOTwAAACQAAAGoaWQAAAAAACQAAAGoaHVIVQAAACQAAAGoY3NDWgAAACQAAAGoZGFE SwAAACQAAAGodWtVQQAAACQAAAGoYXIAAAAAACQAAAGoaXRJVAAAACQAAAGocm9STwAAACQAAAGo ZXNFUwAAACQAAAGoaGVJTAAAACQAAAGobmxOTAAAACQAAAGoZmlGSQAAACQAAAGoemhUVwAAACQA AAGodmlWTgAAACQAAAGoc2tTSwAAACQAAAGoemhDTgAAACQAAAGocnVSVQAAACQAAAGoZnJGUgAA ACQAAAGobXMAAAAAACQAAAGoY2FFUwAAACQAAAGodGhUSAAAACQAAAGoZXNYTAAAACQAAAGoZGVE RQAAACQAAAGoZW5VUwAAACQAAAGocHRCUgAAACQAAAGocGxQTAAAACQAAAGoZWxHUgAAACQAAAGo c3ZTRQAAACQAAAGodHJUUgAAACQAAAGoamFKUAAAACQAAAGocHRQVAAAACQAAAGoAEwARQBEACAA QwBpAG4AZQBtAGEAIABEAGkAcwBwAGwAYQB5dGV4dAAAAABDb3B5cmlnaHQgQXBwbGUgSW5jLiwg MjAxNQAAWFlaIAAAAAAAAPNSAAEAAAABFs9YWVogAAAAAAAAcXQAADo5AAACnVhZWiAAAAAAAABh KwAAuiwAABSsWFlaIAAAAAAAACQ2AAALmwAAu+NjdXJ2AAAAAAAABAAAAAAFAAoADwAUABkAHgAj ACgALQAyADYAOwBAAEUASgBPAFQAWQBeAGMAaABtAHIAdwB8AIEAhgCLAJAAlQCaAJ8AowCoAK0A sgC3ALwAwQDGAMsA0ADVANsA4ADlAOsA8AD2APsBAQEHAQ0BEwEZAR8BJQErATIBOAE+AUUBTAFS AVkBYAFnAW4BdQF8AYMBiwGSAZoBoQGpAbEBuQHBAckB0QHZAeEB6QHyAfoCAwIMAhQCHQImAi8C OAJBAksCVAJdAmcCcQJ6AoQCjgKYAqICrAK2AsECywLVAuAC6wL1AwADCwMWAyEDLQM4A0MDTwNa A2YDcgN+A4oDlgOiA64DugPHA9MD4APsA/kEBgQTBCAELQQ7BEgEVQRjBHEEfgSMBJoEqAS2BMQE 0wThBPAE/gUNBRwFKwU6BUkFWAVnBXcFhgWWBaYFtQXFBdUF5QX2BgYGFgYnBjcGSAZZBmoGewaM Bp0GrwbABtEG4wb1BwcHGQcrBz0HTwdhB3QHhgeZB6wHvwfSB+UH+AgLCB8IMghGCFoIbgiCCJYI qgi+CNII5wj7CRAJJQk6CU8JZAl5CY8JpAm6Cc8J5Qn7ChEKJwo9ClQKagqBCpgKrgrFCtwK8wsL CyILOQtRC2kLgAuYC7ALyAvhC/kMEgwqDEMMXAx1DI4MpwzADNkM8w0NDSYNQA1aDXQNjg2pDcMN 3g34DhMOLg5JDmQOfw6bDrYO0g7uDwkPJQ9BD14Peg+WD7MPzw/sEAkQJhBDEGEQfhCbELkQ1xD1 ERMRMRFPEW0RjBGqEckR6BIHEiYSRRJkEoQSoxLDEuMTAxMjE0MTYxODE6QTxRPlFAYUJxRJFGoU ixStFM4U8BUSFTQVVhV4FZsVvRXgFgMWJhZJFmwWjxayFtYW+hcdF0EXZReJF64X0hf3GBsYQBhl GIoYrxjVGPoZIBlFGWsZkRm3Gd0aBBoqGlEadxqeGsUa7BsUGzsbYxuKG7Ib2hwCHCocUhx7HKMc zBz1HR4dRx1wHZkdwx3sHhYeQB5qHpQevh7pHxMfPh9pH5Qfvx/qIBUgQSBsIJggxCDwIRwhSCF1 IaEhziH7IiciVSKCIq8i3SMKIzgjZiOUI8Ij8CQfJE0kfCSrJNolCSU4JWgllyXHJfcmJyZXJocm tyboJxgnSSd6J6sn3CgNKD8ocSiiKNQpBik4KWspnSnQKgIqNSpoKpsqzysCKzYraSudK9EsBSw5 LG4soizXLQwtQS12Last4S4WLkwugi63Lu4vJC9aL5Evxy/+MDUwbDCkMNsxEjFKMYIxujHyMioy YzKbMtQzDTNGM38zuDPxNCs0ZTSeNNg1EzVNNYc1wjX9Njc2cjauNuk3JDdgN5w31zgUOFA4jDjI OQU5Qjl/Obw5+To2OnQ6sjrvOy07azuqO+g8JzxlPKQ84z0iPWE9oT3gPiA+YD6gPuA/IT9hP6I/ 4kAjQGRApkDnQSlBakGsQe5CMEJyQrVC90M6Q31DwEQDREdEikTORRJFVUWaRd5GIkZnRqtG8Ec1 R3tHwEgFSEtIkUjXSR1JY0mpSfBKN0p9SsRLDEtTS5pL4kwqTHJMuk0CTUpNk03cTiVObk63TwBP SU+TT91QJ1BxULtRBlFQUZtR5lIxUnxSx1MTU19TqlP2VEJUj1TbVShVdVXCVg9WXFapVvdXRFeS V+BYL1h9WMtZGllpWbhaB1pWWqZa9VtFW5Vb5Vw1XIZc1l0nXXhdyV4aXmxevV8PX2Ffs2AFYFdg qmD8YU9homH1YklinGLwY0Njl2PrZEBklGTpZT1lkmXnZj1mkmboZz1nk2fpaD9olmjsaUNpmmnx akhqn2r3a09rp2v/bFdsr20IbWBtuW4SbmtuxG8eb3hv0XArcIZw4HE6cZVx8HJLcqZzAXNdc7h0 FHRwdMx1KHWFdeF2Pnabdvh3VnezeBF4bnjMeSp5iXnnekZ6pXsEe2N7wnwhfIF84X1BfaF+AX5i fsJ/I3+Ef+WAR4CogQqBa4HNgjCCkoL0g1eDuoQdhICE44VHhauGDoZyhteHO4efiASIaYjOiTOJ mYn+imSKyoswi5aL/IxjjMqNMY2Yjf+OZo7OjzaPnpAGkG6Q1pE/kaiSEZJ6kuOTTZO2lCCUipT0 lV+VyZY0lp+XCpd1l+CYTJi4mSSZkJn8mmia1ZtCm6+cHJyJnPedZJ3SnkCerp8dn4uf+qBpoNih R6G2oiailqMGo3aj5qRWpMelOKWpphqmi6b9p26n4KhSqMSpN6mpqhyqj6sCq3Wr6axcrNCtRK24 ri2uoa8Wr4uwALB1sOqxYLHWskuywrM4s660JbSctRO1irYBtnm28Ldot+C4WbjRuUq5wro7urW7 LrunvCG8m70VvY++Cr6Evv+/er/1wHDA7MFnwePCX8Lbw1jD1MRRxM7FS8XIxkbGw8dBx7/IPci8 yTrJuco4yrfLNsu2zDXMtc01zbXONs62zzfPuNA50LrRPNG+0j/SwdNE08bUSdTL1U7V0dZV1tjX XNfg2GTY6Nls2fHadtr724DcBdyK3RDdlt4c3qLfKd+v4DbgveFE4cziU+Lb42Pj6+Rz5PzlhOYN 5pbnH+ep6DLovOlG6dDqW+rl63Dr++yG7RHtnO4o7rTvQO/M8Fjw5fFy8f/yjPMZ86f0NPTC9VD1 3vZt9vv3ivgZ+Kj5OPnH+lf65/t3/Af8mP0p/br+S/7c/23//3BhcmEAAAAAAAMAAAACZmYAAPKn AAANWQAAE9AAAAoOdmNndAAAAAAAAAAAAAMBAAACAAAAVgEuAesCnQNeBCkFBwXxBukH1wjfCeEK 9wwFDSYOSw90EKAR1xMLFD4VehavF+cZKhphG5cczx4FHzUgZSGOIrIj0iTuJgInDigPKQsqAir5 K+0s4S3TLsMvtTCkMZAyfTNqNFY1QDYqNxM3/DjlOcw6tDucPIM9aj5SPz5ALEEfQhZDEEQJRQRF /Ub3R/BI6EngSthLzkzFTbxOs0+tUKpRqVKqU61Ur1WxVrNXs1i0WbRas1uyXLFdr16vX7JguGHB Ysxj2WTmZfRm/2gLaRZqImsrbDVtP25Jb1VwZXF3co1zpnS/ddh28XgJeSB6N3tOfGN9eH6Kf5eA oIGhgp+DmISPhYaGe4dxiGaJWopOi0GMNY0ojhyPEpALkQmSC5MQlBiVIZYrlzSYPZlFmk2bVZxb nWOea590oIChkKKho7WkyqXfpvSoCKkcqi+rQqxVrWeueK+IsJaxorKrs7O0urW/tsW3ybjNudG6 1bvYvNu9377kv+vA9cIDwxXEKMU8xlDHY8h3yYrKnMuvzMHN0c7gz+3Q9dH60vzT+9T41fXW8dft 2OjZ49re29jc0t3N3sjfxeDG4cri0uPd5Onl9ecB6AzpGOoj6y7sOe1D7knvS/BE8TLyF/Ly88f0 mfVr9jz3Dvff+K/5gPpR+yH78fzB/ZH+YP8w//8AAABWAS4B6wKdA14ELgUgBfMG6QfqCOIJ8QsK DCUNRQ5oD48QwhHzEy0UXxWZFtQYDRlNGoUbwBz2HisfXyCMIbQi1iP0JQ8mHCcmKCEpGCoLKvgr 4izOLbouoy+MMHYxYDJJMzA0FzT9NeQ2yjevOJQ5ejpeO0I8Jj0IPes+0T+4QKNBkUKCQ3dEbEVi RlZHS0g+STFKI0sVTAdM+E3qTtxP0VDIUcJSvlO7VLhVtVawV6tYplmhWppblFyNXYdegl9/YH9h gmKKY5NknGWnZrBnuGjAachqz2vVbNxt5G7sb/hxBnIXcyx0QnVYdm53g3iXeax6v3vSfOR99X8C gAqBDoIMgwaD/oT0hemG3YfRiMWJuIqri56MkI2CjnePbZBnkWeSapNylHqVg5aLl5OYm5mimqmb sJy1nbyewp/LoNah5KL1pAalGKYqpzyoTqlfqnCrgKyQraCur6+9sMqx1bLfs+i08LX4tv+4BrkN uhS7GrwgvSa+LL8zwD3BSsJZw2zEf8WTxqfHusjNyeDK8swEzRbOJs810ELRTNJT01fUWtVc1l7X X9hg2WDaYdth3GHdYd5h32PgaOFw4nzjiuSa5avmu+fM6N3p7er87AztGu4m7y7wL/En8hfy//Ph 9MH1oPZ+91z4OvkY+fb60/uw/I39av5G/yP//wAAAFYBLgHrAp0DXgQpBQcF8QbpB9cI3wnhCvcM BQ0mDksPdBCgEc4TChQ8FXMWrxfvGSoaYxubHNQeDR88IGshlyK+I+Ik/iYRJyEoKikpKicrISwa LRAuCS8AL/Mw5zHYMsgztjSmNZU2gzdxOF05Szo3OyM8Djz4PeM+0D/AQLNBqEKgQ5tElUWORodH gEh4SXBKZ0teTFRNSU4+TzZQL1EpUiZTJFQiVSFWH1ccWBlZFloSWwxcB10BXf1e+V/3YPhh+2MC ZAhlD2YWZxxoIWkmaiprL2wybTVuOW8/cEdxUXJfc3B0gHWRdqF3sXjAec963XvrfPh+An8KgAyB CYIBgvSD5ITUhcKGr4ediIqJdYphi02MOI0jjg+O/Y/tkOKR3JLYk9eU2JXZltiX2JjXmdaa1JvT nNGdz57Nn86g0aHWot2j5qTwpfqnBKgNqRWqHqsmrC6tNK46rz+wQ7FEskWzRLRCtUC2Pbc6uDe5 M7ovuyu8Jr0ivh6/G8AbwR7CJMMtxDfFQsZNx1fIYslsynbLf8yIzZHOmM+e0KHRotKg05zUl9WR 1ovXhNh92Xfab9to3GDdWd5T31DgUeFX4mLjceSC5ZXmqOe76M3p4Ory7ATtFO4k7zLwPfFE8kbz RvRD9T/2O/c2+DH5K/om+yD8Gf0T/g3/Bv//AABuZGluAAAAAAAABjYAAKTQAABVhwAATJEAAJ47 AAAmCgAADA4AAFANAABUOQACQo8AAjMzAAIwowADAQAAAgAAAAEABAAJABAAGAAhACsANwBDAFEA XwBvAH8AkACiALUAyQDdAPMBCgEhAToBVAFvAYoBpwHGAeUCBgIoAkwCcQKYAsEC7AMZA0gDegOv A+gEJARjBKQE6AUuBXcFwgYPBmAGswcIB2AHuwgYCHgI2gk/CacKEQp+Cu0LXwvRDEQMtw0qDZ4O FQ6NDwgPhRAFEIcRDBGTEh0SqRM3E8cUVxTnFXkWCxagFzcX0BhsGQoZqxpOGvQbnBxHHPMdoB5N HvofpyBVIQUhtiJqIyEj2iSVJVImEybVJ5ooYCknKe0qsyt5LD8tBi3PLpsvaDA4MQsx3zK2M5A0 bDVMNjI3HjgTOQ46EDsXPCE9Lz4/P1NAakGEQqFDwUTjRgdHKkhLSWlKhUugTLtN2E73UBlRPVJl U49Uu1XrVxxYT1mCWrRb5V0WXkZfd2CrYeBjGWRTZZFm0WgTaVhqoGvsbTtujm/ncUVyp3QNdXd2 5HhUecd7PXy2fjJ/sIExgrKEM4Wxhy2Ipooei5iNE46RkBGRlJMalKKWLZe7mU2a45x/niOf0KGF o0GlA6bJqJKqX6wwrgOv2rG0s5G1cbdRuTC7C7zivrXAhsJYxCzGAsfbybbLlc12z1rRQtMw1SjX MtlV25jd++B24vzlh+gX6qztRu/k8of1L/fc+o79RP//AAAAAQAEAAkAEAAXACEAKwA2AEMAUABe AG0AfQCOAKAAswDGANsA8AEHAR4BNwFQAWsBhgGjAcEB4AIBAiMCRgJrApICuwLmAxMDQgN1A6oD 5AQhBGEEpQTsBTQFfwXNBh0GbwbEBxwHdgfTCDIIlAj5CWAJygo3CqYLGQuNDAMMegzxDWkN4Q5b DtcPVg/XEFsQ4hFrEfcShRMWE6kUPhTTFWkV/xaXFzEXzRhsGQ4ZshpYGwIbrhxcHQ0dvx5yHyUf 2CCKIT0h8iKoI2EkHSTbJZsmXickJ+sotSmAKkwrFyvjLK4teS5GLxQv5TC4MY4yZTNANBw0+zXd NsM3rzihOZo6mzuiPK49vT7QP+ZA/0IbQzpEXEWBRqlH0Uj5Sh5LP0xfTX1OnU++UOJSCVMyVF5V jVa+V/NZKVpiW5tc014KX0FgeGGxYutkKGVnZqln7Wk0an5rym0ZbmtvwHEZcnZz13U8dqR4D3l9 eu58YX3Yf1GAzYJMg82FUIbSiFKJ0YtOjMqOSI/HkUmSzpRVld6Xa5j6moycIZ27n1mg/qKrpF6m F6fUqZWrWq0hruywubKKtF62NLgNuee7v72Uv2XBNMMAxM3GnMhtykDMF83wz8zRq9OO1XbXZ9ln 23rdp9/r4kHkoucK6XXr5e5a8NLzT/XQ+Fb63/1t//8AAAABAAQACQAQABgAIQArADcAQwBRAF8A bwB/AJAAogC1AMkA3gDzAQoBIgE6AVQBbgGKAacBxQHlAgUCJwJLAnAClwK/AuoDFgNFA3cDqwPi BB0EWgSaBNwFIQVnBbAF/AZKBpsG7wdFB50H+AhVCLUJFwl8CeMKTQq6CygLmAwIDHoM7A1fDdQO TA7GD0IPwRBCEMYRTBHVEmES7xN+FA4UoBUyFcYWXBb0F48YLBjMGW4aExq7G2UcEhzAHXAeIB7Q H4EgMiDmIZsiUyMOI8skiyVNJhEm2SeiKG0pOSoFKtErnSxpLTcuBy7ZL64whTFeMjozGTP6NN41 xza1N6s4qDmuOrs7zDzhPfo/FkA1QVhCfkOnRNNGA0czSGNJkEq6S+JNCU4xT1pQh1G3UulUHlVX VpJX0FkQWlNbllzYXhpfW2CcYd5jI2RqZbRnAWhQaaJq92xPbatvCnBtcdVzQnSydid3oHkcept8 HH2ifyqAtYJDg9SFaIb8iJCKIYuwjT2OyZBWkeaTeJUMlqSYPpnbm3udHp7EoG+iH6PWpZWnWqkl qvWsyK6fsHmyV7Q3thu4Arnsu9e9wb+nwYbDX8UxxwHI0MqgzHLOR9Af0fnT1tW215rZgdtu3WLf X+Fn43nlk+ez6djsAO4r8FryjPTC9vv5N/t2/bn//wAAc2YzMgAAAAAAAQxCAAAF3v//8yYAAAeS AAD9kf//+6L///2jAAAD3AAAwGxtbW9kAAAAAAAABhAAAJImAixqKMnFUgAAAAAAAAAAAAAAAAAA AAAA/8AAEQgBaAegAwEiAAIRAQMRAf/EAB8AAAEFAQEBAQEBAAAAAAAAAAABAgMEBQYHCAkKC//E ALUQAAIBAwMCBAMFBQQEAAABfQECAwAEEQUSITFBBhNRYQcicRQygZGhCCNCscEVUtHwJDNicoIJ ChYXGBkaJSYnKCkqNDU2Nzg5OkNERUZHSElKU1RVVldYWVpjZGVmZ2hpanN0dXZ3eHl6g4SFhoeI iYqSk5SVlpeYmZqio6Slpqeoqaqys7S1tre4ubrCw8TFxsfIycrS09TV1tfY2drh4uPk5ebn6Onq 8fLz9PX29/j5+v/EAB8BAAMBAQEBAQEBAQEAAAAAAAABAgMEBQYHCAkKC//EALURAAIBAgQEAwQH BQQEAAECdwABAgMRBAUhMQYSQVEHYXETIjKBCBRCkaGxwQkjM1LwFWJy0QoWJDThJfEXGBkaJico KSo1Njc4OTpDREVGR0hJSlNUVVZXWFlaY2RlZmdoaWpzdHV2d3h5eoKDhIWGh4iJipKTlJWWl5iZ mqKjpKWmp6ipqrKztLW2t7i5usLDxMXGx8jJytLT1NXW19jZ2uLj5OXm5+jp6vLz9PX29/j5+v/b AEMAAgICAgICAwICAwUDAwMFBgUFBQUGCAYGBgYGCAoICAgICAgKCgoKCgoKCgwMDAwMDA4ODg4O Dw8PDw8PDw8PD//bAEMBAgICBAQEBwQEBxALCQsQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQ EBAQEBAQEBAQEBAQEBAQEBAQEBAQEP/dAAQAev/aAAwDAQACEQMRAD8A/eTQ4ojounkoCTbxdv8A YFanlRf3F/Ks/Q/+QJp//XvF/wCgCtSs/ZQ7D5mR+VF/cX8qPKi/uL+VSUUeyh2HzMj8qL+4v5Ue VF/cX8qkoo9lDsHMyPyov7i/lR5UX9xfyqSij2UOwczI/Ki/uL+VHlRf3F/KpKKPZQ7BzMj8qL+4 v5UeVF/cX8qkoo9lDsHMyPyov7i/lR5UX9xfyqSij2UOwczI/Ki/uL+VHlRf3F/KpKKPZQ7BzMj8 qL+4v5UeVF/cX8qkoo9lDsHMyPyov7i/lR5UX9xfyqSij2UOwczI/Ki/uL+VHlRf3F/KpKKPZQ7B zMj8qL+4v5UeVF/cX8qkoo9lDsHMyPyov7i/lR5UX9xfyqSvO/8Ahb3wm/6HXRP/AAZW3/xyuihl 8qt/ZU+a3ZXMauKhTt7SSXq7HoHlRf3F/Kjyov7i/lXn/wDwt74Tf9Dron/gytv/AI5R/wALe+E3 /Q66J/4Mrb/45XR/Ylf/AJ8P/wABf+Rj/adD/n4vvR6B5UX9xfyo8qL+4v5V5/8A8Le+E3/Q66J/ 4Mrb/wCOUf8AC3vhN/0Ouif+DK2/+OUf2JX/AOfD/wDAX/kH9p0P+fi+9HoHlRf3F/Kjyov7i/lX n/8Awt74Tf8AQ66J/wCDK2/+OUf8Le+E3/Q66J/4Mrb/AOOUf2JX/wCfD/8AAX/kH9p0P+fi+9Ho HlRf3F/Kjyov7i/lXn//AAt74Tf9Dron/gytv/jlH/C3vhN/0Ouif+DK2/8AjlH9iV/+fD/8Bf8A kH9p0P8An4vvR6B5UX9xfyo8qL+4v5V5/wD8Le+E3/Q66J/4Mrb/AOOUf8Le+E3/AEOuif8Agytv /jlH9iV/+fD/APAX/kH9p0P+fi+9HoHlRf3F/Kjyov7i/lXn/wDwt74Tf9Dron/gytv/AI5R/wAL e+E3/Q66J/4Mrb/45R/Ylf8A58P/AMBf+Qf2nQ/5+L70egeVF/cX8qPKi/uL+Vef/wDC3vhN/wBD ron/AIMrb/45R/wt74Tf9Dron/gytv8A45R/Ylf/AJ8P/wABf+Qf2nQ/5+L70egeVF/cX8qPKi/u L+Vef/8AC3vhN/0Ouif+DK2/+OUf8Le+E3/Q66J/4Mrb/wCOUf2JX/58P/wF/wCQf2nQ/wCfi+9H oHlRf3F/Kjyov7i/lXn/APwt74Tf9Dron/gytv8A45R/wt74Tf8AQ66J/wCDK2/+OUf2JX/58P8A 8Bf+Qf2nQ/5+L70egeVF/cX8qPKi/uL+Vef/APC3vhN/0Ouif+DK2/8AjlH/AAt74Tf9Dron/gyt v/jlH9iV/wDnw/8AwF/5B/adD/n4vvR6B5UX9xfyo8qL+4v5V5//AMLe+E3/AEOuif8Agytv/jlH /C3vhN/0Ouif+DK2/wDjlH9iV/8Anw//AAF/5B/adD/n4vvR6B5UX9xfyo8qL+4v5V5//wALe+E3 /Q66J/4Mrb/45R/wt74Tf9Dron/gytv/AI5R/Ylf/nw//AX/AJB/adD/AJ+L70egeVF/cX8qPKi/ uL+Vef8A/C3vhN/0Ouif+DK2/wDjlH/C3vhN/wBDron/AIMrb/45R/Ylf/nw/wDwF/5B/adD/n4v vR6B5UX9xfyo8qL+4v5V5/8A8Le+E3/Q66J/4Mrb/wCOUf8AC3vhN/0Ouif+DK2/+OUf2JX/AOfD /wDAX/kH9p0P+fi+9HoHlRf3F/Kjyov7i/lXn/8Awt74Tf8AQ66J/wCDK2/+OUf8Le+E3/Q66J/4 Mrb/AOOUf2JX/wCfD/8AAX/kH9p0P+fi+9HoHlRf3F/Kjyov7i/lXn//AAt74Tf9Dron/gytv/jl H/C3vhN/0Ouif+DK2/8AjlH9iV/+fD/8Bf8AkH9p0P8An4vvR6B5UX9xfyo8qL+4v5V5/wD8Le+E 3/Q66J/4Mrb/AOOUf8Le+E3/AEOuif8Agytv/jlH9iV/+fD/APAX/kH9p0P+fi+9HoHlRf3F/Kjy ov7i/lXn/wDwt74Tf9Dron/gytv/AI5R/wALe+E3/Q66J/4Mrb/45R/Ylf8A58P/AMBf+Qf2nQ/5 +L70egeVF/cX8qPKi/uL+Vef/wDC3vhN/wBDron/AIMrb/45R/wt74Tf9Dron/gytv8A45R/Ylf/ AJ8P/wABf+Qf2nQ/5+L70egeVF/cX8qPKi/uL+Vef/8AC3vhN/0Ouif+DK2/+OUf8Le+E3/Q66J/ 4Mrb/wCOUf2JX/58P/wF/wCQf2nQ/wCfi+9HoHlRf3F/Kjyov7i/lXn/APwt74Tf9Dron/gytv8A 45R/wt74Tf8AQ66J/wCDK2/+OUf2JX/58P8A8Bf+Qf2nQ/5+L70egeVF/cX8qPKi/uL+Vef/APC3 vhN/0Ouif+DK2/8AjlH/AAt74Tf9Dron/gytv/jlH9iV/wDnw/8AwF/5B/adD/n4vvR6B5UX9xfy o8qL+4v5V5//AMLe+E3/AEOuif8Agytv/jlH/C3vhN/0Ouif+DK2/wDjlH9iV/8Anw//AAF/5B/a dD/n4vvR6B5UX9xfyo8qL+4v5V5//wALe+E3/Q66J/4Mrb/45R/wt74Tf9Dron/gytv/AI5R/Ylf /nw//AX/AJB/adD/AJ+L70egeVF/cX8qPKi/uL+Vef8A/C3vhN/0Ouif+DK2/wDjlH/C3vhN/wBD ron/AIMrb/45R/Ylf/nw/wDwF/5B/adD/n4vvR6B5UX9xfyo8qL+4v5V5/8A8Le+E3/Q66J/4Mrb /wCOUf8AC3vhN/0Ouif+DK2/+OUf2JX/AOfD/wDAX/kH9p0P+fi+9HoHlRf3F/Kjyov7i/lXn/8A wt74Tf8AQ66J/wCDK2/+OUf8Le+E3/Q66J/4Mrb/AOOUf2JX/wCfD/8AAX/kH9p0P+fi+9HoHlRf 3F/Kjyov7i/lXn//AAt74Tf9Dron/gytv/jlH/C3vhN/0Ouif+DK2/8AjlH9iV/+fD/8Bf8AkH9p 0P8An4vvR6B5UX9xfyo8qL+4v5V5/wD8Le+E3/Q66J/4Mrb/AOOUf8Le+E3/AEOuif8Agytv/jlH 9iV/+fD/APAX/kH9p0P+fi+9HoHlRf3F/Kjyov7i/lXn/wDwt74Tf9Dron/gytv/AI5R/wALe+E3 /Q66J/4Mrb/45R/Ylf8A58P/AMBf+Qf2nQ/5+L70egeVF/cX8qPKi/uL+Vef/wDC3vhN/wBDron/ AIMrb/45R/wt74Tf9Dron/gytv8A45R/Ylf/AJ8P/wABf+Qf2nQ/5+L70egeVF/cX8qPKi/uL+Ve f/8AC3vhN/0Ouif+DK2/+OUf8Le+E3/Q66J/4Mrb/wCOUf2JX/58P/wF/wCQf2nQ/wCfi+9HoHlR f3F/Kjyov7i/lXn/APwt74Tf9Dron/gytv8A45R/wt74Tf8AQ66J/wCDK2/+OUf2JX/58P8A8Bf+ Qf2nQ/5+L70egeVF/cX8qPKi/uL+Vef/APC3vhN/0Ouif+DK2/8AjlH/AAt74Tf9Dron/gytv/jl H9iV/wDnw/8AwF/5B/adD/n4vvR6B5UX9xfyo8qL+4v5V5//AMLe+E3/AEOuif8Agytv/jlH/C3v hN/0Ouif+DK2/wDjlH9iV/8Anw//AAF/5B/adD/n4vvR6B5UX9xfyo8qL+4v5V5//wALe+E3/Q66 J/4Mrb/45R/wt74Tf9Dron/gytv/AI5R/Ylf/nw//AX/AJB/adD/AJ+L70egeVF/cX8qPKi/uL+V ef8A/C3vhN/0Ouif+DK2/wDjlH/C3vhN/wBDron/AIMrb/45R/Ylf/nw/wDwF/5B/adD/n4vvR6B 5UX9xfyo8qL+4v5V5/8A8Le+E3/Q66J/4Mrb/wCOUf8AC3vhN/0Ouif+DK2/+OUf2JX/AOfD/wDA X/kH9p0P+fi+9HoHlRf3F/Kjyov7i/lXn/8Awt74Tf8AQ66J/wCDK2/+OUf8Le+E3/Q66J/4Mrb/ AOOUf2JX/wCfD/8AAX/kH9p0P+fi+9HoHlRf3F/Kjyov7i/lXn//AAt74Tf9Dron/gytv/jlH/C3 vhN/0Ouif+DK2/8AjlH9iV/+fD/8Bf8AkH9p0P8An4vvR6B5UX9xfyo8qL+4v5V5/wD8Le+E3/Q6 6J/4Mrb/AOOUf8Le+E3/AEOuif8Agytv/jlH9iV/+fD/APAX/kH9p0P+fi+9HoHlRf3F/Kjyov7i /lXn/wDwt74Tf9Dron/gytv/AI5R/wALe+E3/Q66J/4Mrb/45R/Ylf8A58P/AMBf+Qf2nQ/5+L70 egeVF/cX8qPKi/uL+Vef/wDC3vhN/wBDron/AIMrb/45R/wt74Tf9Dron/gytv8A45R/Ylf/AJ8P /wABf+Qf2nQ/5+L70egeVF/cX8qPKi/uL+Vef/8AC3vhN/0Ouif+DK2/+OUf8Le+E3/Q66J/4Mrb /wCOUf2JX/58P/wF/wCQf2nQ/wCfi+9HoHlRf3F/Kjyov7i/lXn/APwt74Tf9Dron/gytv8A45R/ wt74Tf8AQ66J/wCDK2/+OUf2JX/58P8A8Bf+Qf2nQ/5+L70egeVF/cX8qPKi/uL+Vef/APC3vhN/ 0Ouif+DK2/8AjlH/AAt74Tf9Dron/gytv/jlH9iV/wDnw/8AwF/5B/adD/n4vvR6B5UX9xfyo8qL +4v5V5//AMLe+E3/AEOuif8Agytv/jlH/C3vhN/0Ouif+DK2/wDjlH9iV/8Anw//AAF/5B/adD/n 4vvR6B5UX9xfyo8qL+4v5V5//wALe+E3/Q66J/4Mrb/45R/wt74Tf9Dron/gytv/AI5R/Ylf/nw/ /AX/AJB/adD/AJ+L70egeVF/cX8qPKi/uL+Vef8A/C3vhN/0Ouif+DK2/wDjlH/C3vhN/wBDron/ AIMrb/45R/Ylf/nw/wDwF/5B/adD/n4vvR6B5UX9xfyo8qL+4v5V5/8A8Le+E3/Q66J/4Mrb/wCO Uf8AC3vhN/0Ouif+DK2/+OUf2JX/AOfD/wDAX/kH9p0P+fi+9HoHlRf3F/Kjyov7i/lXn/8Awt74 Tf8AQ66J/wCDK2/+OUf8Le+E3/Q66J/4Mrb/AOOUf2JX/wCfD/8AAX/kH9p0P+fi+9HoHlRf3F/K jyov7i/lXn//AAt74Tf9Dron/gytv/jlH/C3vhN/0Ouif+DK2/8AjlH9iV/+fD/8Bf8AkH9p0P8A n4vvR6B5UX9xfyo8qL+4v5V5/wD8Le+E3/Q66J/4Mrb/AOOUf8Le+E3/AEOuif8Agytv/jlH9iV/ +fD/APAX/kH9p0P+fi+9HoHlRf3F/Kjyov7i/lXn/wDwt74Tf9Dron/gytv/AI5R/wALe+E3/Q66 J/4Mrb/45R/Ylf8A58P/AMBf+Qf2nQ/5+L70egeVF/cX8qPKi/uL+Vef/wDC3vhN/wBDron/AIMr b/45R/wt74Tf9Dron/gytv8A45R/Ylf/AJ8P/wABf+Qf2nQ/5+L70egeVF/cX8qPKi/uL+Vef/8A C3vhN/0Ouif+DK2/+OUf8Le+E3/Q66J/4Mrb/wCOUf2JX/58P/wF/wCQf2nQ/wCfi+9HoHlRf3F/ Kjyov7i/lXn/APwt74Tf9Dron/gytv8A45R/wt74Tf8AQ66J/wCDK2/+OUf2JX/58P8A8Bf+Qf2n Q/5+L70egeVF/cX8qPKi/uL+Vef/APC3vhN/0Ouif+DK2/8AjlH/AAt74Tf9Dron/gytv/jlH9iV /wDnw/8AwF/5B/adD/n4vvR6B5UX9xfyo8qL+4v5V5//AMLe+E3/AEOuif8Agytv/jlH/C3vhN/0 Ouif+DK2/wDjlH9iV/8Anw//AAF/5B/adD/n4vvR6B5UX9xfyo8qL+4v5V5//wALe+E3/Q66J/4M rb/45R/wt74Tf9Dron/gytv/AI5R/Ylf/nw//AX/AJB/adD/AJ+L70egeVF/cX8qPKi/uL+Vef8A /C3vhN/0Ouif+DK2/wDjlH/C3vhN/wBDron/AIMrb/45R/Ylf/nw/wDwF/5B/adD/n4vvR6B5UX9 xfyo8qL+4v5V5/8A8Le+E3/Q66J/4Mrb/wCOUf8AC3vhN/0Ouif+DK2/+OUf2JX/AOfD/wDAX/kH 9p0P+fi+9HoHlRf3F/Kjyov7i/lXn/8Awt74Tf8AQ66J/wCDK2/+OUf8Le+E3/Q66J/4Mrb/AOOU f2JX/wCfD/8AAX/kH9p0P+fi+9HoHlRf3F/Kjyov7i/lXn//AAt74Tf9Dron/gytv/jlH/C3vhN/ 0Ouif+DK2/8AjlH9iV/+fD/8Bf8AkH9p0P8An4vvR6B5UX9xfyo8qL+4v5V5/wD8Le+E3/Q66J/4 Mrb/AOOUf8Le+E3/AEOuif8Agytv/jlH9iV/+fD/APAX/kH9p0P+fi+9HoHlRf3F/Kjyov7i/lXn /wDwt74Tf9Dron/gytv/AI5R/wALe+E3/Q66J/4Mrb/45R/Ylf8A58P/AMBf+Qf2nQ/5+L70egeV F/cX8qPKi/uL+Vef/wDC3vhN/wBDron/AIMrb/45R/wt74Tf9Dron/gytv8A45R/Ylf/AJ8P/wAB f+Qf2nQ/5+L70egeVF/cX8qPKi/uL+Vef/8AC3vhN/0Ouif+DK2/+OUf8Le+E3/Q66J/4Mrb/wCO Uf2JX/58P/wF/wCQf2nQ/wCfi+9HoHlRf3F/Kjyov7i/lXn/APwt74Tf9Dron/gytv8A45R/wt74 Tf8AQ66J/wCDK2/+OUf2JX/58P8A8Bf+Qf2nQ/5+L70egeVF/cX8qPKi/uL+Vef/APC3vhN/0Oui f+DK2/8AjlH/AAt74Tf9Dron/gytv/jlH9iV/wDnw/8AwF/5B/adD/n4vvR6B5UX9xfyo8qL+4v5 V5//AMLe+E3/AEOuif8Agytv/jlH/C3vhN/0Ouif+DK2/wDjlH9iV/8Anw//AAF/5B/adD/n4vvR 6B5UX9xfyo8qL+4v5V5//wALe+E3/Q66J/4Mrb/45R/wt74Tf9Dron/gytv/AI5R/Ylf/nw//AX/ AJB/adD/AJ+L70egeVF/cX8qPKi/uL+Vef8A/C3vhN/0Ouif+DK2/wDjlH/C3vhN/wBDron/AIMr b/45R/Ylf/nw/wDwF/5B/adD/n4vvR6B5UX9xfyo8qL+4v5V5/8A8Le+E3/Q66J/4Mrb/wCOUf8A C3vhN/0Ouif+DK2/+OUf2JX/AOfD/wDAX/kH9p0P+fi+9HoHlRf3F/Kjyov7i/lXn/8Awt74Tf8A Q66J/wCDK2/+OUf8Le+E3/Q66J/4Mrb/AOOUf2JX/wCfD/8AAX/kH9p0P+fi+9HoHlRf3F/Kjyov 7i/lXn//AAt74Tf9Dron/gytv/jlH/C3vhN/0Ouif+DK2/8AjlH9iV/+fD/8Bf8AkH9p0P8An4vv R6B5UX9xfyo8qL+4v5V5/wD8Le+E3/Q66J/4Mrb/AOOUf8Le+E3/AEOuif8Agytv/jlH9iV/+fD/ APAX/kH9p0P+fi+9HoHlRf3F/Kjyov7i/lXn/wDwt74Tf9Dron/gytv/AI5R/wALe+E3/Q66J/4M rb/45R/Ylf8A58P/AMBf+Qf2nQ/5+L70egeVF/cX8qPKi/uL+Vef/wDC3vhN/wBDron/AIMrb/45 R/wt74Tf9Dron/gytv8A45R/Ylf/AJ8P/wABf+Qf2nQ/5+L70egeVF/cX8qPKi/uL+Vef/8AC3vh N/0Ouif+DK2/+OUf8Le+E3/Q66J/4Mrb/wCOUf2JX/58P/wF/wCQf2nQ/wCfi+9HoHlRf3F/Kjyo v7i/lXn/APwt74Tf9Dron/gytv8A45R/wt74Tf8AQ66J/wCDK2/+OUf2JX/58P8A8Bf+Qf2nQ/5+ L70egeVF/cX8qPKi/uL+Vef/APC3vhN/0Ouif+DK2/8AjlH/AAt74Tf9Dron/gytv/jlH9iV/wDn w/8AwF/5B/adD/n4vvR6B5UX9xfyo8qL+4v5V5//AMLe+E3/AEOuif8Agytv/jlH/C3vhN/0Ouif +DK2/wDjlH9iV/8Anw//AAF/5B/adD/n4vvR6B5UX9xfyo8qL+4v5V5//wALe+E3/Q66J/4Mrb/4 5R/wt74Tf9Dron/gytv/AI5R/Ylf/nw//AX/AJB/adD/AJ+L70egeVF/cX8qPKi/uL+Vef8A/C3v hN/0Ouif+DK2/wDjlH/C3vhN/wBDron/AIMrb/45R/Ylf/nw/wDwF/5B/adD/n4vvR6B5UX9xfyo 8qL+4v5V5/8A8Le+E3/Q66J/4Mrb/wCOUf8AC3vhN/0Ouif+DK2/+OUf2JX/AOfD/wDAX/kH9p0P +fi+9HoHlRf3F/Kjyov7i/lXn/8Awt74Tf8AQ66J/wCDK2/+OUf8Le+E3/Q66J/4Mrb/AOOUf2JX /wCfD/8AAX/kH9p0P+fi+9HoHlRf3F/Kjyov7i/lXn//AAt74Tf9Dron/gytv/jlH/C3vhN/0Oui f+DK2/8AjlH9iV/+fD/8Bf8AkH9p0P8An4vvR6B5UX9xfyo8qL+4v5V5/wD8Le+E3/Q66J/4Mrb/ AOOUf8Le+E3/AEOuif8Agytv/jlH9iV/+fD/APAX/kH9p0P+fi+9HoHlRf3F/Kjyov7i/lXn/wDw t74Tf9Dron/gytv/AI5R/wALe+E3/Q66J/4Mrb/45R/Ylf8A58P/AMBf+Qf2nQ/5+L70egeVF/cX 8qPKi/uL+Vef/wDC3vhN/wBDron/AIMrb/45R/wt74Tf9Dron/gytv8A45R/Ylf/AJ8P/wABf+Qf 2nQ/5+L70egeVF/cX8qPKi/uL+Vef/8AC3vhN/0Ouif+DK2/+OUf8Le+E3/Q66J/4Mrb/wCOUf2J X/58P/wF/wCQf2nQ/wCfi+9HoHlRf3F/Kjyov7i/lXn/APwt74Tf9Dron/gytv8A45R/wt74Tf8A Q66J/wCDK2/+OUf2JX/58P8A8Bf+Qf2nQ/5+L70egeVF/cX8qPKi/uL+Vef/APC3vhN/0Ouif+DK 2/8AjlH/AAt74Tf9Dron/gytv/jlH9iV/wDnw/8AwF/5B/adD/n4vvR6B5UX9xfyo8qL+4v5V5// AMLe+E3/AEOuif8Agytv/jlH/C3vhN/0Ouif+DK2/wDjlH9iV/8Anw//AAF/5B/adD/n4vvR6B5U X9xfyo8qL+4v5V5//wALe+E3/Q66J/4Mrb/45R/wt74Tf9Dron/gytv/AI5R/Ylf/nw//AX/AJB/ adD/AJ+L70egeVF/cX8qPKi/uL+Vef8A/C3vhN/0Ouif+DK2/wDjlH/C3vhN/wBDron/AIMrb/45 R/Ylf/nw/wDwF/5B/adD/n4vvR6B5UX9xfyo8qL+4v5V5/8A8Le+E3/Q66J/4Mrb/wCOUf8AC3vh N/0Ouif+DK2/+OUf2JX/AOfD/wDAX/kH9p0P+fi+9HoHlRf3F/Kjyov7i/lXn/8Awt74Tf8AQ66J /wCDK2/+OUf8Le+E3/Q66J/4Mrb/AOOUf2JX/wCfD/8AAX/kH9p0P+fi+9HoHlRf3F/Kjyov7i/l Xn//AAt74Tf9Dron/gytv/jlH/C3vhN/0Ouif+DK2/8AjlH9iV/+fD/8Bf8AkH9p0P8An4vvR6B5 UX9xfyo8qL+4v5V5/wD8Le+E3/Q66J/4Mrb/AOOUf8Le+E3/AEOuif8Agytv/jlH9iV/+fD/APAX /kH9p0P+fi+9HoHlRf3F/Kjyov7i/lXn/wDwt74Tf9Dron/gytv/AI5R/wALe+E3/Q66J/4Mrb/4 5R/Ylf8A58P/AMBf+Qf2nQ/5+L70egeVF/cX8qPKi/uL+Vef/wDC3vhN/wBDron/AIMrb/45R/wt 74Tf9Dron/gytv8A45R/Ylf/AJ8P/wABf+Qf2nQ/5+L70egeVF/cX8qPKi/uL+Vef/8AC3vhN/0O uif+DK2/+OUf8Le+E3/Q66J/4Mrb/wCOUf2JX/58P/wF/wCQf2nQ/wCfi+9HoHlRf3F/Kjyov7i/ lXn/APwt74Tf9Dron/gytv8A45R/wt74Tf8AQ66J/wCDK2/+OUf2JX/58P8A8Bf+Qf2nQ/5+L70e geVF/cX8qPKi/uL+Vef/APC3vhN/0Ouif+DK2/8AjlH/AAt74Tf9Dron/gytv/jlH9iV/wDnw/8A wF/5B/adD/n4vvR6B5UX9xfyo8qL+4v5V5//AMLe+E3/AEOuif8Agytv/jlH/C3vhN/0Ouif+DK2 /wDjlH9iV/8Anw//AAF/5B/adD/n4vvR6B5UX9xfyo8qL+4v5V5//wALe+E3/Q66J/4Mrb/45Vmz +Kfwx1C7gsLDxfo9zdXLrFFFFqFu8kkjnaqqquSzMSAAOSaTyWuld0X/AOAv/IFmVF6KovvR2/lR f3F/KsLxLHGukSFVAPmQdB/01SuhrB8Tf8geT/rpB/6NSuFUo9jr5mf/0P3o0P8A5Amn/wDXvF/6 AK1Ky9D/AOQJp/8A17xf+gCtSgAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAo oooAKKKKACv536/ogr+d+v3rwR/5i/8Atz/28/HfFn/mG/7f/wDbQor7K+F3wy8I/EL4ESaZcRwW fizUNXuotJvGQK0k9vbJMLZ5BzskXfgHgHnGQATx58F/D8zW+taveReDNH0Hw5ojX7R2Rmnkvrze mDAjRkuWU72Zsg468kfpz4xwsa8sPUTTi2tr9kmkrt3bsra3R8BDhnESoRrws01ffbunfRWXva6W +Z8a0V9Xaj+yzqaNo7eHteTWYtW1C1tg8dsY/Lsr2LzorxlMhIXaH3IQCCuATkGt+x/ZAvdU06O6 03xIbiW/W5ksGTT5GtJYoi3ktNcrIVh84LkDa+0EAkkgVVTjfK4xUpVrL0l+KtdfOwqfCeYSdo0r /ONvk72fyPjKivrKH9m7wslkH1Xx59ivYdEh1+7g/st5BBZyAbv3izYd1JwFABb2zXS2vwX8B+G/ A3jKLxNrsRsHh0HULLWhpzSXMdvetIQiwb96GQgKwD9ME+gVXjPApe43J3S+GXWSjpprveyu2trj pcLYuTSklFWb1lHS0XLVXutra2tfWx8UUV9kaZ+yDqtzdag9/r5GmxXUNvZXFlYSXr3KTxLMJniW RDDGEdcks3zZAyNpbivHHwC0v4ceFp9X8YeLFtdWa4vLezsIrF5lumtGABE4kAQOrK3zLxuxyQa0 o8ZZbUqKlTq3k7WSjJvVX6Lot+3WwqnCmPhB1J07RXVuNtL+flp36XPmyivsb4E/8IZrmk6f4fm8 GWV7p1qt5P4q1vVIgEtoDnyPs1x5mYmC4GAAzEZAADMOv0rwr8NxfeGPhBB4ctbqDxZ4dm1Y6xKh /tCKeZJZoGSXjYkaxYKkBTnnuG5cZxhGhVqUpUZe7dvVfCuZt76aRulu00+um+C4YdenCpGqrSsu u7aSW2usrN7Jp3PgqivpxtD+G837OV9qvh2ylm1+21Cwjvb67VAVlmVi0NuQcrEvcnBY8nIAx6V8 YPD/AIVvfBmvJ8LYPCepad4fjsvtc1jA51WJD5eZVuFbyZAzgh9oOFJBO7ONp8V01WVJ02rzcbvR K3Lq+1+dWva/qZUuG5ype0U07x5klq3rJWXd+6722Phmiiivqz5sKKKKACiiigAooooAKKKKACii igAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKK ACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooA KKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAo oooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACii igAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKK ACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooA KKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACvRPhD/AMlZ8Ff9hvTf/SmO vO69E+EP/JWfBX/Yb03/ANKY64M1/wB1q/4X+TO3Lv8AeKf+Jfmfu5WD4m/5A8n/AF0g/wDRqVvV g+Jv+QPJ/wBdIP8A0alfw0f1uf/R/ejQ/wDkCaf/ANe8X/oArUrL0P8A5Amn/wDXvF/6AK1KACii igAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAK/nfr+iCv536/evBH/mL /wC3P/bz8d8Wf+Yb/t//ANtO5t/iF4gtPB9j4MsjHb2+m6mdXguI963KXOwRgh920BdoIwoIPOa9 Svf2lfF2uatqF94q0jTNYstXtLa0vLGWKQQS/ZGZ4pRiTcsoZzypC8/d4BHnVr8LvEt58NLz4rW7 QNo1hdizmXe3nq7bAG27du3MijO7OT0pfEvwt8UeE/Bfh/x3q/kpYeJNxtUV2MwVRkM6lQAGX5lw x4POK/Va9DK60+Wai5czj582kmu99E/KyZ+dYermFON6baXLzeXKm1f0u2vm1sdtB+0j8R7TWNd1 ix+yWra7YR6b5MULJDaQQqVh+zKHyjRhm27iw+Y5B4wzQfj/AK9omiaZp82haVqepaFbvaabqV1A z3NtBJkbRhwj7ASE3L8vfOTnwWpre3mu547W2QyTTMERV5LMxwAPcmumfDeAcbOkraeWysrv0081 uYxz/GRfMqr6+mrTem26T8mlbY9buPjb4ruTdmW1s83nh+Pw4+Ek/wCPSPGHH7z/AFpxyxyv+zXS WH7RWvx2cmk634e0jWdNnsdPsJbe4imw0WmBxAwIl4fL5Y4wcDAWq+ufs3/EPRrYPBLp2rXkdzbW d1ZWN2stzZz3jBYUuFIVU3MQuQxGec4ya5v4g/BvxP8ADnToNX1G80/U7KS5kspJtOuRcLBdxDc1 vL8qlZAAcjB6da8qmslxHLTg4vmelnrdWat26NfJo9CSzSjepJSXKtbro7p/k0/R3Ow/4aR8U6jN qP8Awlui6V4is7y6jvoLS7hfyLO4hjWKMwBXBCBFClCSGxycli3B+O/iv4l+Imn2Ona/Faomn3N5 dRtbxmNi16ys6kbiu1doCAKDjqWPNeZUV7OGyDB0ZxqUqSTW3lpbRbLTfv1PMrZ1iqkXCdRtPfz1 v+rt2voe76B8e9Y0HwPZ/D1vDGhalpFo7S7Ly3uJDLKzFjJLtuFV2GcA7eAABjFS2X7Qniax0SCw h0jTP7TsbSfT7LVPJf7XaWc+cxRHftGwMVjYglVyOcknwOionw5gpOTlTWru99W9+vW+vfqXTz3F wUVGpaysttEtV9z1XZ67nbaX4+1vR/B174KskhW0vr23vmlKt56TWwITY27aBzk5Un3r0Hxd8fvE PizRNV0v+xtM0u68Q+V/at7ZwulxeCAgoGLOyqMjLbQNx9ASD4RRXRVyXCzqKrOmnJO9/PT7/hj8 0nujCjm2Ipw9nCbStb5a/wDyUvvfcKKKK9M88KKKKACiiigAooooAKKKKACiiigAooooAKKKKACi iigAooooAKKKKACiiigAooooAKKKKACiiigAorpPFGn2Om38cFhD5EbRBiv2+31H5izDPm2yqi8A fIRuHXoRVvwV4RPjTVn0ldZ0zQ9kLS+fqtyLWA7WUbA5By53ZAxyAfSuVYyHsfby0jv3/K/4HS8L P2vslq9u352OQor2T4lfBbWfhbb7td1/Rby8EqRvZWd4ZbyMSIXV3hZEYJgD5j6j1rxulgcfRxNN VaEuaL6jxmCq4efs60bPsFFTW9vNdzx2tshkmmYIiryWZjgAe5NezeM/gL4y8D6Dd6/qF5pt6ulv DFqNvZ3YmuLB7j/Vi4TA27iQBtLc+3NTicxoUZwp1ZpOWy77L82l6tLqGHwVWrGUqcW1Hfy3f5Jv 0TfQ8Torv/E3w28T+EfCvh3xdrcccNp4nSWS0j3EzeXHtId1wAA4cMmCcg5OK4CtsPiadWPPSldX a07p2f3NWM6+HqUmo1FZtJ/J6oKKKK3MQooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKAC iiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKK6S20+xk8M3eoyQ7rqKUKkn2+3jwCU4+ xspnk6n5kYKP+AtnGtWUEm+rS6dfVr/PsjWlSc726K/Xp6f8Mc3RRXu9j+zt8QtR8a6t4Es/ssl9 pFit+8okf7PLFIqMgifZks2/ABUDIbnjNYYzMqGHV681HRvXsrXf4r7zbC4CtXdqMW9UtO72PCKK 7LUfA+r6V4L0fx1eSQLY65PcQW0Yc+e32YgSOV242BjjO4nPauNroo14VE3B3s2vmnZr5PQxq0Zw tzq11f5MKK7/AMQfDTxP4f8AHEHw8kSK81m5a1SJLd8o73iI8ahnCAH5wCTgA55xzXear+zr4406 90uztL3TNXGpaiNJaWwuvPjtL4jPk3OFDIwAJOFOADntngqZ3hIKDlVS5lda7re51xynEvmtTfu7 +R4JRXonjz4dXPgBraO617R9YknaRGTS71bp4WixkSqACmScDPXB9K87rswuKp1oKrSd4s58Thal Gbp1VZhRRRXQc4UUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRR QAUUUUAFFFFABRRRQAUUUUAFFbGgWltfatBa3kfmwvu3L9qiss4Ukfv5w0acj+Ic/dHJFU9Riit9 QuYIV2Rxyuqr5qT4UMQB5sYCSf76gK3UcGsfbL2ns+tr9P8AO/4W8zX2T5Ofpe3X/hvxuU6K9f8A hp8G9X+KaFNC17RrK9MzQx2V9dmK7m2IJC8cKo7MmCeR6N6U/wAV/BfWvC2gXfiVNd0bW7Cylggk fS7w3WJbjftTIQDcNmWBIIBHXPHBPPMJGt9XlUXPpp66L72dtPJ8TOl7aMG466+iu/uWp47RRXXe B/BOu/EHxFB4Z8PLGbqdXcvM/lxRRxqWeSRz0VQOe/YAnAr0K9eFKDqVHaKV230RwUqcpyUIK7ei Xds5GiveH/Z38cHW7DS7O90u9sdQtJ75NVgvFbTltrUhZ5HmIBAjZlDfLwSPfHn/AI++H+ufDrV4 NK1mS3ulvLaO8tbmzl862ubeXOySJ8DKkgjkDpnoQTwYbOsJWmqdKonJq9vTR/k9N9Dur5TiacHU qU2kuvrb/Nfeu5w9FFFeoecFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFA BRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUV0mt6fY2en6XPaw+VJcxbpG+3293uO1TnyoVV 4Op+WQlu3VWqv4Z8P33ivxFpvhnTGRbvVbiK2iMpKoHlYKpYgEgZPOAfpXPDFQdN1Xolft09Lo2q UJRnyddO/X1sYdFeyeNPgzd+CNLvNRvPF3hzUZrGQRyWVjqImvN5cIwEOxTlD94cYAPpXnb+H5E8 Lx+KPt1oUku2tPsgmBvFKoH81osZERzgNn73GKwwuZ0K0FUpSum7fM2xGX1qU/Z1I2dr/I5+ivc9 I/Z88c614Zt/EVrcack97aSX9rpsl0F1C5tY+TLFDggqQMjLAn0q0v7PPiG48O6n4l0zxN4d1K20 e1N3dJaaiJ5YowpYBlVCAxwQASMnjNcc+JMDFuLqrR2+d7fnp6nVTyLGSScaT1V1+f5NP0afU8Co oor2zyQooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooA KKKKACiiigAooooAKKKKACvRPhD/AMlZ8Ff9hvTf/SmOvO69E+EP/JWfBX/Yb03/ANKY64M1/wB1 q/4X+TO3Lv8AeKf+Jfmfu5WD4m/5A8n/AF0g/wDRqVvVg+Jv+QPJ/wBdIP8A0alfw0f1uf/S/ejQ /wDkCaf/ANe8X/oArUrL0P8A5Amn/wDXvF/6AK1KACiiigAooooAKKKKACiiigAooooAKKKKACii igAooooAKKKKACiiigAooooAK/nfr+iCv536/evBH/mL/wC3P/bz8d8Wf+Yb/t//ANtPt34KeKvB qfB7/hXfifWLSwh8UalqVnc+dNGrWqSWaPBdMjMMKs0YVWOBk9a9hi+J3gbV4ktNI1vTNOvrJtZ0 /wAOtPLEyWcsEENvZTnO4RpII3ZXZdp3bRknB/MGivvsfwHQr1p1nUacm3bS13v66WT8lbqz43Ac Y1cPShSUE+Xrre3b79fXXofo9d/EpfC3g2+uNU8U6Zc/Em10CeO5vLeaCR5JGu1NrEHUBJZoot2V UEr1Ocgn5h+L2tp4x8aeD9YsNWtTquoaNpBvb1Jo41j1AjEjzyR4EbocFycFABwABXz/AEV3ZTwh RwlV1oS9536Jb9F2insumxzZjxPUxFN0XG0dOre1tX3emr82fdnirSfDvh3w5F4V8MePdIe31e9s rjX/ABB/aUV3qtzcCZSjxW6SblhgkbzCfM38Ek8Evy/xel0vS/gvY+EtT1HRp9Wt9YE9n/Ykok+3 WogMZvb0K7gyy9d7HcegGN1fHdFThuFHCVOU6zfLLmeiTb9fTS21rJJWLrcTKSmo0rXjyrV2Sd7+ urvfe+rbuFFFFfYHyoUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFA BRRRQAUUUUAFFFFABRRRQAUUUUAFFFFAHbePLa6tdXhju7ee2cwKQtxpcOkuRubkQwkqw/2zyeR0 UVxI610nij+zP7Qj/sn7D5PlDP8AZ/2zyt25s5+2/vN2MZx8uMY5zXN1w5YmqELrp25fwWx2Y9p1 pNd+9/x6n3he+K/Cd9+1Jrd7FrdkbDVtIaygvPPQ2pnksEjCtMCUHzAqTnrx14rt/A2o+DfBmm+F vDGo61o9z4p0vRNUt7Z4NRgEcF5PdK/lfaSsqQzMh2qzIeQwBI6/mxRXyWJ4GhUpwpe1ajGMY7b8 sZRT9GpO669z6SjxdOE5VPZptyb32u4Nr/ymrPpqfU37Qmp6X4h+IPhj+xb2yg1z7JbQ397BfpPH HdCQqjT3cccSGSIY3yBeABk/KMeo66Ph94B0OLTjr2m+LNCurq1vfE91Dqdvd6xrE0b7o4orcucQ JKQz5k3ld2SMEv8ABFFdr4UXsaNBVWow6d9brW91y/Z3s7PVpW5nxI3Vq1nTXNPT00s9LWd1u9L6 rRNn2V+0J8Qfh98Q/h34c1TSNTvbrVTfX8kVtP8AZle3id0BSeKJ2MahVUQYzuUEsc8n41oor18k yengKH1ek24ptq/S7vb5HmZvms8ZV9tUSTslp1t1CiiivXPLCiiigAooooAKKKKACiiigAooooAK KKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigArtrG2um8D6jcpbztAk 6hpV0uGWFTmPhtQY+bCeR8ijByB/Ga4muktf7M/4Rm7837D9u80eX5n2z7Ztyn+r2f6Lt658z5vv Y521w49NqFl9pdL9fw9eh2YNpOV+z626fj6dTm6++LP41+HvDPw18H+L7HUI38S3b6RpmqWySq9w ljo08zM7JncPPQqCSOQRg8V8D0VxZ1kNHHKnGttF39V2flez+R0ZXm1TCOcqW8k16X6rzXT1P0tt PG3wy074n3HhjwzqVjJb6JoU8WiXH2uKGAX99O086w3bLLHHIysiK21sbWXjJBn1vxfpN5c61beC Nb0jSPiRcaXpiG+a+gmEnkzyfaITeGKOF5wm0PhQWAH9z5fzLor5Z+HlHmUvattJbq92nd3WzjJ6 yjbVt6n0n+vFW0l7NWb6dFZJW6ppL3XfTsfT3xavE8V/tEifRPFNnam5/s9DrMF0kdtC620SyzLM rgKFIbgMDn5ete4rf6F4C1vwxoXgnxb4eh0K11OW6n1K7v49SurzUZrWWMXN1DDLGY4RkoCJMKSr uc5FfnhRXqYjhNVKNLD+092EeW1lrpa/bTondJ62uedR4lcKtSv7P3pO97vTy+fV6NrS6u7/AFR8 d7nTpPB3h+HxHLo1145W6uTPJonleWun4/dLOYMIXLcpxkJ6EnPyvRRXu5RlqwlFUVK+rfZau9ku iXRHk5pmH1mr7Vq2iXdu3Vvqwooor0zzgooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKAC iiigAooooAKKKKACiiigAooooAKKKKACiiigAooooA6TwjDNP4htIreKWeRvMwkNlHqMhwjHi2lI ST1OT8o+YcgVm6yjx6xfRyo0brPKGV4FtnUhjkNAmViI7ovC9BwKm0D7F/a0H9ofZvs/zbvtn2jy PunG/wCy/vuuMbe+M/Lmqeo+T/aFz9m8ryfNfZ5HmeVt3HHl+b+824+7v+bH3uc1wpP6y3b7K6eb +1v8vn1OxtfV0vN9fJdP1+XQ9l/Zu1fStC+NXhvVdbvYdPsoGufMnuJFiiTdbSqNzuQoySAMnqcV 2XgD4l3vgL4P+MJfDGtQ6dr1zrFoYVDRNO8GG3vHG+SV6AsBwDjvXy5RXn5jw/SxNV1KuqfImrJp 8knL8b2Z3YDO6mHpqEFqnJp9fehy/huvM/SzX7nwT4q11W8PeItEt7fRPGlprd00t7BDG1r9ktzN LGc7XzKHBwfv5B718t6Rp2m+MPjz4mgPi6Dwxot7f6k9xqIu0gSazedsxxSFlR/OBAAJKkZbDAYP zvRXm5bwm8LCUIVnrHlTaWm2vZu6vqduO4k9vKMp0/tcz1eurdvLfc/STTPF+h6JqN54H0y/8Mw6 NLot1Z+HbY30N/bCdZEkY6hJ90S3LEMA2UJUqCTy3y/+0Te6FeeIdCXT5bGbVYNJgj1U6WytYreB nLJEE+QEA/NsO3J6ZzXz3RTyrhGGFxCxCqNvW+m7fVu733d95a3DH8TSr0ZUHBJO1vJK2i0W1rLs na3UKKKK+vPmAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiig AooooAKKKKACiiigAooooAKKKKAO28UW11Do+hST288KSwZRpdLhsEcbY+Y54yWuhyPnfB5B6uav /CK+stM+KXhLUNSuI7S1ttUtJJZpXCRxosqlmZmwAAOSScCue1v+zP7P0v7D9h87yv332T7Z5u7a v+v+0/u92c/6n5c7u22ubrysPh/aYV0paX5lslu30/q+/U78TV5a6mtbW636Lr/Vtj7E0j4r6Bqn xz0yO40bw9oum2WvSTHVrWMwySxI0ih5bh5WjKvkMxwATggisv4t/Eqbx98Jx/betW+o6tB4pu/K iRohKtisGImEceD5eSQrkHPqa+T6K8qHCWGjWpVo7wtbrtfq9Ve+voepPiavKFSEtp3v039N7eZ9 u+CtK0/wt4Bt/FmneM9D1Px1faeba2bUtXhVNEsnQ/uYInZmafaxXBCqhJUAgN5njeua7pWgfAjw 74S8PXcEl74mu7m/1oRSq0qi1fy7WCVQdyrj94FYD5vmFeDUVpQ4c5arqVKnN7yltbZS5Y+kW015 q+7bedTPP3ahTha0XHfvbml6tJxfk7bJBRRRX0x4AUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUU UAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABXonwh/5Kz4K/7Dem/wDp THXndeifCH/krPgr/sN6b/6Ux1wZr/utX/C/yZ25d/vFP/EvzP3crB8Tf8geT/rpB/6NSt6sHxN/ yB5P+ukH/o1K/ho/rc//0/3o0P8A5Amn/wDXvF/6AK1Ky9D/AOQJp/8A17xf+gCtSgAorCj8UeGp rlbKLVrR7hn8sRrPGXL5xtChs5zxjrW7QAUUUUAFFUJ9V0u1mtra6vIYZryRooEeRVaWRASyICcs wAJIGSAD6VannhtoZLm5kWKGJS7u5CqqqMkkngADkk0MCWiq9pd2t/aw31jMlzbXCLJHLGwdHRhl WVhkEEcgjrVihoAoopu9C5jDDcACRnkA9Dj8DQA6iiigAooooAKKKKACiiigAooooAKKKKACvO/+ FQ/Cb/oStE/8Ftt/8br0Siuihi6tK/spuN+zaMauHp1Le0in6q553/wqH4Tf9CVon/gttv8A43R/ wqH4Tf8AQlaJ/wCC22/+N1ua1448F+GtU03Q/EWv6fpWpaw2yxtbu6ignunyF2wRyMGkOWAwoPJH rVzxF4m8N+ENJl17xbq1pommW5USXV9PHbQIXIVQ0kpVRkkAZPJOK3/tbFWv7WX/AIE/8zH+zsPe 3s19yOX/AOFQ/Cb/AKErRP8AwW23/wAbo/4VD8Jv+hK0T/wW23/xutTVfiF4B0LT9M1fXPEumafY 60yJYXFxeQwxXbSjcggd3CyFhyoQnI5FdczKil2ICgZJPQCm81xS3qy+9/5iWX4d7U4/cjz3/hUP wm/6ErRP/Bbbf/G6P+FQ/Cb/AKErRP8AwW23/wAbrafx14Ii8PWvi2TxDpyaHfNGtvfm7hFpM0zb IxHNu2MXY7VAJ3Hgc1q3eu6JYanYaJfahb22o6p5v2S2klRJrnyFDS+VGSGfYpBbaDtHJwKP7Vxf /P2X3v8AzGsvw/8Az7j9yOQ/4VD8Jv8AoStE/wDBbbf/ABuo0+EPwo3SbvBWi43cZ020xjA6Yjzj PrznPbFekVDEAHmIAGWGcKVz8o6k/e+o+naj+1sV/wA/Zf8AgTD+zsP/AM+19yOB/wCFQ/Cb/oSt E/8ABbbf/G6P+FQ/Cb/oStE/8Ftt/wDG69AlligieedxHHGCzMxwqqOSSTwABXP+FvGXhDxxpzax 4K1yx8QWCyGI3Gn3MV3CJFAJQvEzLuAIyM55oWa4r/n7L72H9n4f/n3H7kc//wAKh+E3/QlaJ/4L bb/43R/wqH4Tf9CVon/gttv/AI3W9ZeNfBupeI73wdp2vWF1r+nIJLrTorqJ7yBDjDSwKxkQHcuC ygcj1FL4e8Z+D/Fz30fhPXbDWn0uY292LK6iuTbzDOY5RGzbHGD8rYNH9q4r/n7L73/mH9n4f/n3 H7kYH/CofhN/0JWif+C22/8AjdH/AAqH4Tf9CVon/gttv/jddhca3otpqtpoV1f28Op36SyW1q8q LPPHBt81o4ydzqm5dxAIXIzjIqPTvEOgave6hpuk6nbXt3pMiw3sMEySSW0jLvVJkUkxsVIYBgCR z0pf2tiv+fsv/An/AJh/Z+H/AOfcfuRyf/CofhN/0JWif+C22/8AjdRy/CH4UbRs8FaLncv3dNtM 4yM/ejxjHXvjpziuz0XXdE8S6ZDrXhzULfVdOud3lXNpKk8MmxijbZIyynDAg4PBBHWr84BQAgH5 k6qX/iHYfz7de1N5riv+fsvvYf2dh/8An2vuRwP/AAqH4Tf9CVon/gttv/jdH/CofhN/0JWif+C2 2/8AjdeiVSvdT07TfI/tG6itftUqQQ+a6p5k0n3Y03EbnbBwo5PYUv7WxX/P2X/gTD+z8P8A8+4/ cjiP+FQ/Cb/oStE/8Ftt/wDG6P8AhUPwm/6ErRP/AAW23/xut9vGfg9PE6+CG12wHiJ4ftC6YbqL 7aYf+egt93mbOD823FHiTxn4P8GpaSeL9dsNDXUJhb2xvrqK2E8zdI4zKy73PZVyaP7WxX/P2X/g T/zD+z8P/wA+4/cjA/4VD8Jv+hK0T/wW23/xuj/hUPwm/wChK0T/AMFtt/8AG63rzxr4N07xJZeD dQ16wttf1FDJa6dLdRJeTooYlooGYSOoCtkqpHB9DWlrWt6L4b0u41zxDf2+l6daLvmubqVIIIlz jLyOQqjJxkmj+1sVa/tZf+BMf9m0L29mvuRx/wDwqH4Tf9CVon/gttv/AI3R/wAKh+E3/QlaJ/4L bb/43XU3viXw5puqaboeo6raWupaz5osbWWeNJ7vyV3yeRGxDSbFO5toO0cnirEWt6NPq9xoEF/b yapaRRzzWiyobiKKYsI5HjB3KjlGCsRglTjoaf8AauK/5+y/8Cf+Yv7Ow/8Az7X3I47/AIVD8Jv+ hK0T/wAFtt/8bqOL4Q/Cjad/grRc7m+9ptpnGTj7seMY6d8dec16RUMAAQgAD5n6KU/iPY/z79e9 H9rYr/n7L/wJh/Z2H/59r7kcD/wqH4Tf9CVon/gttv8A43R/wqH4Tf8AQlaJ/wCC22/+N16JVLTt T07WLOPUdJuor20lzsmgdZI22kqcMpIOCCDg9Ril/a2K/wCfsv8AwJh/Z+H/AOfcfuRxH/CofhN/ 0JWif+C22/8AjdH/AAqH4Tf9CVon/gttv/jdbOj+O/A/iKXVIPD/AIi07U5NDcx6gtrdwzNZuu7K 3ARiYiNrZD4PB9DVvwz4t8K+NdLGueDdZste05naMXNhcx3UBdPvKJImZcjuM5FP+1cV/wA/Zfew /s/D/wDPuP3I5v8A4VD8Jv8AoStE/wDBbbf/ABuj/hUPwm/6ErRP/Bbbf/G6LH4v/CbVPEZ8HaZ4 10S719ZZIDp0OpW0l4JoiRJH5CyGTehU7l25GDnpXRWni/wlqGkXuv2Gt2NzpemtOl1dxXMT29u1 rnzxLIrFUMWDvDEbcHOKX9rYq1/ay/8AAn/mH9nYe9vZr7kc7/wqH4Tf9CVon/gttv8A43Ub/CH4 Ubo9vgrRcbucabaYxg9cx5xn05zjtmu+sb6y1Syt9S024ju7O7jSWGaFxJHLHINyOjqSGVgQQQcE cipJQC8JIBwxxlS2PlPQj7v1P0703muLWjqy+9gsvw//AD7j9yOB/wCFQ/Cb/oStE/8ABbbf/G6P +FQ/Cb/oStE/8Ftt/wDG69ErlLnx54Hs/FFv4HvPEWnQeI7tPMh0yS7hW9lTBO5Lct5jDCk5C4wD 6GhZritvay+9h/Z2H/59r7kY3/CofhN/0JWif+C22/8AjdH/AAqH4Tf9CVon/gttv/jdb/ifxp4O 8E2sF94z12w0C2upRBDLqF1FapJKwJEaNKyhmIBIUc8Ump+NPB2iazpvh3WdesLDVtZJFjZ3F1FF cXRXr5ETsHkxnnaDR/auK/5+y+9g8vw6/wCXcfuRg/8ACofhN/0JWif+C22/+N0f8Kh+E3/QlaJ/ 4Lbb/wCN1ueK/HHgrwHYxap458Qaf4ds55BDHPqN3FaRPKQWCK8zKpbapOAc4BPaqdh8SPh5q1np eo6X4o0q8tNcna10+aG+gkjvLhQS0UDK5ErgKcqhJGDxxQs1xX/P2X3v/MHl+HW9OP3Iz/8AhUPw m/6ErRP/AAW23/xuj/hUPwm/6ErRP/Bbbf8Axuuv/t3RP7b/AOEa/tC3/tf7P9r+xean2n7Nv8vz vKzv8vf8u/G3dxnNatH9q4r/AJ+y+9h/Z2H/AOfa+5Hnz/DnwNrh+1+I/DFjqFynyLJf2VnLKIxy FDIhG3JJA9SaZ/wqH4Tf9CVon/gttv8A43XW6LHHHassSJGN54S2a1HQfwPkn6/h2qfVdW0rQtNu dZ1y8h0/T7KNpZ7i4kWGGKNRlneRyFVQOpJAFZwzLEQjyxqSSXmy5YGjJ3lBNvyRxf8AwqH4Tf8A QlaJ/wCC22/+N0f8Kh+E3/QlaJ/4Lbb/AON11mgeIvD/AIr0mDXvC+p2usaZdAmG6s5kuIJApKnZ JGWVsEEHB6jFZmj+O/A/iKXVIPD/AIi07U5NDcx6gtrdwzNZuu7K3ARiYiNrZD4PB9DWjzXFLerL 72Qsvw71VOP3Ixv+FQ/Cb/oStE/8Ftt/8bo/4VD8Jv8AoStE/wDBbbf/ABuuk8M+LfCvjXSxrng3 WbLXtOZ2jFzYXMd1AXT7yiSJmXI7jORVxNb0WTWZfDsd/btqsECXMlmJUNwkEjFElaLO8IzKyhiM EggHINH9q4rb2svvYv7Pw+/s4/cjj/8AhUPwm/6ErRP/AAW23/xuj/hUPwm/6ErRP/Bbbf8Axuui tPF/hLUNIvdfsNbsbnS9NadLq7iuYnt7drXPniWRWKoYsHeGI24OcVsWN9ZapZW+pabcR3dndxpL DNC4kjljkG5HR1JDKwIIIOCORR/auK39rL73/mP+zsP/AM+4/cjgX+EPwo3R7fBWi43c4020xjB6 5jzjPpznHbNSf8Kh+E3/AEJWif8Agttv/jdd9KAXhJAOGOMqWx8p6Efd+p+nepqP7WxX/P2X/gTD +zsP/wA+19yPO/8AhUPwm/6ErRP/AAW23/xuj/hUPwm/6ErRP/Bbbf8AxutyXxv4Lt/FEPgefX9P j8R3EXnR6Y11EL14sE71ty3mFcKfmC44Poaf4n8aeDvBNrBfeM9dsNAtrqUQQy6hdRWqSSsCRGjS soZiASFHPFH9q4r/AJ+y+9h/Z+H/AOfcfuRgf8Kh+E3/AEJWif8Agttv/jdH/CofhN/0JWif+C22 /wDjdb2p+NPB2iazpvh3WdesLDVtZJFjZ3F1FFcXRXr5ETsHkxnnaDWxqep6bounXOsazdw2FhZR vNPcXEixQwxRjc7yO5CqqgEkkgAcml/a2Ktf2sv/AAJ/5gsuw97ezX3I4n/hUPwm/wChK0T/AMFt t/8AG6P+FQ/Cb/oStE/8Ftt/8brp7vxT4ZsDpa32r2dudbkWKwElxGn2yRl3qkGWHmsVBYBMkjnp Vj+3dE/tv/hGv7Qt/wC1/s/2v7F5qfafs2/y/O8rO/y9/wAu/G3dxnNP+1cXe3tZfexLL8Pv7OP3 I5D/AIVD8Jv+hK0T/wAFtt/8bqOL4Q/Cjad/grRc7m+9ptpnGTj7seMY6d8dec16RUMAAQgAD5n6 KU/iPY/z79e9H9rYr/n7L/wJj/s7D/8APtfcjgf+FQ/Cb/oStE/8Ftt/8bo/4VD8Jv8AoStE/wDB bbf/ABuvRK5PU/HngbRPD3/CXaz4i06w0IsE/tC4u4YrTcW2Aee7CPO4bcbuvHWk82xX/P2X/gTD +zsP/wA+19yMf/hUPwm/6ErRP/Bbbf8Axuj/AIVD8Jv+hK0T/wAFtt/8bruU1CwksF1WO5iayaMT CcOpiMRXcHD527dvOc4xzXJW/wATvhtd+FZvHVr4s0mbw3bsUl1RL+3axjYMFIa4D+WDuIGC3UgU PNsUr3qy/wDAn/mCy/Du1qcfuRT/AOFQ/Cb/AKErRP8AwW23/wAbo/4VD8Jv+hK0T/wW23/xuu20 vVNM1vTrbWNFu4b+wvY1mguLeRZYZY3GVdHQlWVgcggkEVmr4t8KvaatqCazZNa6A8seoyi5jMdk 8KCSVbht2ImRCGYOQVUgnim81xS0dWX3v/May6g9qa+5HN/8Kh+E3/QlaJ/4Lbb/AON0f8Kh+E3/ AEJWif8Agttv/jddG/i7wpHotn4kk1qyXSNRMAtbw3MYtpzdFVgEUu7Y/msyiPaTvJAXORXQ0PNc V/z9l97F/Z+H/wCfcfuR5ufhD8KPNXHgrRdu1s/8S2025yMZ/d5z6Y4657VJ/wAKh+E3/QlaJ/4L bb/43XfMB9oQ4Gdrc7ST1X+LoPp3/A1NR/a2K/5+y/8AAmH9nYf/AJ9r7ked/wDCofhN/wBCVon/ AILbb/43R/wqH4Tf9CVon/gttv8A43Xb/wBp6d/aP9j/AGqL7f5Xn/Z96+d5O7b5mzO7Zu43Yxnj OaxtZ8a+DfDmqabofiHXrDS9R1lzHY211dRQT3bggFYI3YNIcsBhQTkj1oWa4p2tVlr5v/MHl+H1 /dx08kYP/CofhN/0JWif+C22/wDjdH/CofhN/wBCVon/AILbb/43W+3jPwenidfBDa7YDxE8P2hd MN1F9tMP/PQW+7zNnB+bbis/xd8Svh18P2tU8eeKtK8NtfBzbjUr6CzMwjxvMfnOu7buGcZxkZ6i l/a2K/5+y/8AAn/mH9nYf/n2vuRQ/wCFQ/Cb/oStE/8ABbbf/G6P+FQ/Cb/oStE/8Ftt/wDG63bL xt4M1K40yz07XrC6n1qB7qwjiuone7t0xulgVWJkjXIyyZAyMmtK013RL/U7/RbDULe51DSvK+2W 0cqPNbeeu+LzowSyb1+ZdwG4cjIp/wBqYv8A5+y+9/5gsvw//PuP3I5D/hUPwm/6ErRP/Bbbf/G6 jh+EPwo8pN/grRd20Z3ababs477Y8Z9ccelekVDbgC3iCgABVwApQDjsp5X6HpR/a2K/5+y/8CYf 2dh/+fa+5HA/8Kh+E3/QlaJ/4Lbb/wCN0f8ACofhN/0JWif+C22/+N10/iPxR4Z8HaVJr3i7V7PQ 9MhKq91fXEdtArOcKGklZVBJ4GTyauWGr6Tqulwa5pd7BeadcxCeK5hkWSCSJhuDrIpKspHIYHGK P7WxVr+1l/4E/wDMP7Ow/wDz7X3I4z/hUPwm/wChK0T/AMFtt/8AG6P+FQ/Cb/oStE/8Ftt/8bq/ p3xK+HWr+G7zxlpPirSr3QNPLi51GC+gks4DGAX8ydXMabQQTuYYyM1v6Rr2h+INIg8QaDqNtqWl 3SeZDd20yTW8if3kkQlWXjqDih5rilvVl97/AMwWX4f/AJ9x+5HI/wDCofhN/wBCVon/AILbb/43 R/wqH4Tf9CVon/gttv8A43TPDnxi+EfjC8l0/wAJeN9D1u6giaeSGx1O1uZEiT70jLFIxCr3YjA7 1vnxv4LHhhPGx1/Tx4dkVHXUvtUX2JkkYIrC43eWQzEKDu5JwOaP7Uxf/P2X3v8AzD+z8P8A8+4/ cjD/AOFQ/Cb/AKErRP8AwW23/wAbp4+HPgaBDotv4YsY9JuPnmtksrMWbyDo0kZTcW+VcEDHC+hr 0GsiaOM6xBIUQuEIDG2ZnH3uk4+VR7H+oqJ5liJW5qkn13ZUcFRj8MF9yOS/4VD8Jv8AoStE/wDB bbf/ABuj/hUPwm/6ErRP/Bbbf/G69Erl7Lxx4L1PxJeeDdO1/T7rX9OUPdadFdRPeQIcfNLArGRB 8y8so6j1q1muK29rL72S8vw+/s4/cjD/AOFQ/Cb/AKErRP8AwW23/wAbo/4VD8Jv+hK0T/wW23/x ut7WfGvg3w5qmm6H4h16w0vUdZcx2NtdXUUE924IBWCN2DSHLAYUE5I9aVvGfg9PE6+CG12wHiJ4 ftC6YbqL7aYf+egt93mbOD823FH9q4r/AJ+y+9/5g8vw/wDz7j9yMD/hUPwm/wChK0T/AMFtt/8A G6P+FQ/Cb/oStE/8Ftt/8brsNY1vRfD1idT1+/t9Msw8cZmupUhiEkziONd7kDc7sFUZyWIA5NMu PEOgWutWnhu61K2h1a/jkmt7N5kW5mihx5jxxE72VMjcQCBkZo/tbFf8/Zf+BP8AzD+z8P8A8+4/ cjkv+FQ/Cb/oStE/8Ftt/wDG6P8AhUPwm/6ErRP/AAW23/xuuvtNd0S/1O/0Ww1C3udQ0ryvtltH KjzW3nrvi86MEsm9fmXcBuHIyK1aP7VxX/P2X3sP7Ow//PtfcjzeH4Q/Cjyk3+CtF3bRndptpuzj vtjxn1xx6VJ/wqH4Tf8AQlaJ/wCC22/+N131uALeIKAAFXAClAOOynlfoelZHiTxT4Z8G6TJr3i/ V7PQ9MhKq91fXEdtArOdqhpJWVQWJwMnk8Uv7WxX/P2X/gTD+zsP/wA+19yOY/4VD8Jv+hK0T/wW 23/xuj/hUPwm/wChK0T/AMFtt/8AG67e01LTr/T4tXsbqK4sZ4lmjuI3V4niYbg6uCVKkcgg4I5r l9O+JXw61fw3eeMtJ8VaVe6Bp5cXOowX0ElnAYwC/mTq5jTaCCdzDGRmm81xSverLTzf+YLL8Pp+ 7j9yKH/CofhN/wBCVon/AILbb/43R/wqH4Tf9CVon/gttv8A43XYaLrei+JNLttc8O39vqmm3i74 Lq1lSeCVOm5JEJVh7g1HB4h0C6uNStLXU7WafRmVb6NJkZ7RmQSqJ1BzGTGQ4DYypB6c0nm2KW9W X/gT/wAwWX4d7U4/cjk/+FQ/Cb/oStE/8Ftt/wDG6P8AhUPwm/6ErRP/AAW23/xutw+N/BY8MJ42 Ov6ePDsio66l9qi+xMkjBFYXG7yyGYhQd3JOBzXUU3muL/5+y+9gsvw+/s4/cjzc/CH4UeauPBWi 7drZ/wCJbabc5GM/u859Mcdc9qk/4VD8Jv8AoStE/wDBbbf/ABuu+YD7QhwM7W52knqv8XQfTv8A gamo/tbFf8/Zf+BMP7Ow/wDz7X3I87/4VD8Jv+hK0T/wW23/AMbo/wCFQ/Cb/oStE/8ABbbf/G67 f+09O/tH+x/tUX2/yvP+z7187yd23zNmd2zdxuxjPGc1j+HvGfg/xc99H4T12w1p9LmNvdiyuork 28wzmOURs2xxg/K2DSWbYr/n7L/wJ/5h/Z+H/wCfcfuRgf8ACofhN/0JWif+C22/+N0f8Kh+E3/Q laJ/4Lbb/wCN1vt4z8Hp4nXwQ2u2A8RPD9oXTDdRfbTD/wA9Bb7vM2cH5tuKTRfGvg3xJqepaJ4d 16w1TUdFcR31ta3UU81o5JAWeONi0bEqwwwByD6Gms2xX/P2X/gT/wAw/s7D/wDPtfcjB/4VD8Jv +hK0T/wW23/xuj/hUPwm/wChK0T/AMFtt/8AG67C91zRNN1Cw0nUdQt7W+1VpEs4JZUSW5eJDI6w oxDSFUBZgoOFBJ4qGy8SeHdS1jUPD2napa3Wq6QIje2kU6PcWonXdEZolJePzFGU3AbhyMij+1cV /wA/Zfex/wBm0P8An2vuRyv/AAqH4Tf9CVon/gttv/jdRzfCH4UeU+zwVou7acbdNtN2cdt0eM+m ePWu10nW9G1+1e90K/t9Rt45ZYGktpUmRZYHMcsZZCQHR1KsvVWBB5FXbgA28oYAgq2QVLg8d1HL fQdaX9rYr/n7L/wJi/s7D/8APtfcjgf+FQ/Cb/oStE/8Ftt/8bo/4VD8Jv8AoStE/wDBbbf/ABuv RKpajqenaPZyajq11FZWkON807rHGu4hRuZiAMkgDJ6nFH9rYr/n7L/wJh/Z+H/59x+5HEf8Kh+E 3/QlaJ/4Lbb/AON0f8Kh+E3/AEJWif8Agttv/jddrqmqaZoenXOsa1eQ6fYWUbSz3FxIsUMUaDLO 7uQqqBySSAK5ib4l/Dm28KR+PLjxVpUXhqYgJqj30C2LEtsAW4L+UcsNvDdeOtH9rYr/AJ+y/wDA mH9nYf8A59r7kUf+FQ/Cb/oStE/8Ftt/8bo/4VD8Jv8AoStE/wDBbbf/ABuuuute0Ow0STxLfajb W+kQwG6e8kmRLZLcLvMrSkhAgX5txOMc5xXHaT8YvhHr+n6lq2heN9D1Kx0aPzr6e21O1mitYjn5 53SQrGvB5YgcU3muK1/ey0/vP/MFl+H/AOfcfuQ//hUPwm/6ErRP/Bbbf/G6P+FQ/Cb/AKErRP8A wW23/wAbrqbvxN4b0+3067v9VtLaDV5YreykknjRLqacZijhZmAkeQDKKuSw6A1t0f2ri/8An7L7 2H9n4f8A59x+5Hm4+EPwo81s+CtF27Vx/wAS2025yc4/d5z6546Y71J/wqH4Tf8AQlaJ/wCC22/+ N13ygfaHOBnavO0g9W/i6H6dvxFTUf2tiv8An7L/AMCYf2dh/wDn2vuR53/wqH4Tf9CVon/gttv/ AI3R/wAKh+E3/QlaJ/4Lbb/43Wz4e8eeB/Ft7qGmeFPEWna1eaS/l3kNldw3Mls+Su2ZI2YxnKkY YA5BHapZ/Gvg218TweCbnXrCLxFdRGeHTXuolvZIhkl0ty3mMvyt8wXHB9DR/auL/wCfsvvYPLsP /wA+19yMH/hUPwm/6ErRP/Bbbf8Axuj/AIVD8Jv+hK0T/wAFtt/8brf07xn4P1jXtQ8K6Trthe61 pIBvLGC6ikurYNjBmhVi8ecjG4CsPxR8WvhV4I1NNE8aeM9F0DUZY1lS21DUba1maNyVVxHK6sVJ UgHGCQR2pf2titP3stf7z/zD+z8P/wA+4/chn/CofhN/0JWif+C22/8AjdH/AAqH4Tf9CVon/gtt v/jddTa+JfDl9q8nh+y1W0uNUhgjuntI543uEt5SRHK0YJYRuQQrEYPY1Npeu6Jrn2v+xNQt9Q+w XElpc/Z5Ul8i5ix5kMmwnZImRuRsMM8in/auK/5+y+9/5h/Z+H/59x+5HJL8Mfh3pR+36J4T02zv Yv8AVy2lhaRzru+VtrMgAypIOe2aQ/Cn4Y3hN3f+DtInuZ/nlkm0+1aV5G5ZnYJgsTySOprtNURH sZVkVXU7eHhadeo6xry39OvarFqAtrCqgKAi4AQxgcdkPK/Q9OlR/aWI5uf2kr7XuyvqVG3LyK3o jgv+FQ/Cb/oStE/8Ftt/8bo/4VD8Jv8AoStE/wDBbbf/ABut3xR428GeB7aC98aa9p+gW91KIYZN QuorRJJSCQiNKyhmIBO0c1r6lq2laNplxrWsXkNjp9pG001zPIsUMUSjLO8jEKqgckkgAVX9rYq1 /ay/8Cf+ZP8AZ2Hvb2a+5HF/8Kh+E3/QlaJ/4Lbb/wCN0f8ACofhN/0JWif+C22/+N1em+Jfw5tv Ckfjy48VaVF4amICao99AtixLbAFuC/lHLDbw3XjrXX2t1bXttFeWcqT286LJHJGwdHRhlWVhwQR yCODT/tXF/8AP2X3sX9n4f8A59x+5HBf8Kh+E3/QlaJ/4Lbb/wCN0f8ACofhN/0JWif+C22/+N1v nxn4PXR9Q8RNrtgNK0l5ory7N1F9ntpLZisyzS7tkbRsCHDEFTwcVau/E3hvT7fTru/1W0toNXli t7KSSeNEuppxmKOFmYCR5AMoq5LDoDQs1xX/AD9l9767deo/7Pw//PuP3Lpv9xy3/CofhN/0JWif +C22/wDjdRj4Q/CjzWz4K0XbtXH/ABLbTbnJzj93nPrnjpjvXpFQqB9oc4Gdq87SD1b+Lofp2/EU f2tiv+fsv/AmH9nYf/n2vuRwP/CofhN/0JWif+C22/8AjdH/AAqH4Tf9CVon/gttv/jdeiVy/h7x v4L8W3OoWfhTX9P1qfSZfJvI7K6iuXtpckbJljZjG2VI2tg5B9KFmuK/5+y+9h/Z+H/59x+5GH/w qH4Tf9CVon/gttv/AI3R/wAKh+E3/QlaJ/4Lbb/43W9P418G2vieDwTc69YReIrqIzw6a91Et7JE MkuluW8xl+VvmC44PoaXTvGfg/WNe1DwrpOu2F7rWkgG8sYLqKS6tg2MGaFWLx5yMbgKP7VxX/P2 X3sHl+H/AOfcfuRgf8Kh+E3/AEJWif8Agttv/jdH/CofhN/0JWif+C22/wDjddhqOt6Lo8tlb6tf 29lLqU4trVJ5Uja4nKs4iiDEF3KqzbVycAnGAaZF4h0CfW5/DMGpW0msWsKXE1ksyG5jgkJVJHiB 3qjEEBiMEggGj+1cV/z9l/4EweX4f/n3H7kcl/wqH4Tf9CVon/gttv8A43Uc3wh+FHlPs8FaLu2n G3TbTdnHbdHjPpnj1rs9L13RNc+1/wBiahb6h9guJLS5+zypL5FzFjzIZNhOyRMjcjYYZ5FX7gA2 8oYAgq2QVLg8d1HLfQdaP7VxX/P2X3sP7Ow//Ptfcjgf+FQ/Cb/oStE/8Ftt/wDG6P8AhUPwm/6E rRP/AAW23/xuvRKpajqenaPZyajq11FZWkON807rHGu4hRuZiAMkgDJ6nFL+1sV/z9l/4Ew/s/D/ APPuP3I4j/hUPwm/6ErRP/Bbbf8Axuj/AIVD8Jv+hK0T/wAFtt/8brf1Txn4P0PWtO8N63rthp+r 6wSLGzuLqKK5uivUQxOweTHfaDU/iTxV4Y8GaU+u+MNYs9D02JlR7q/uI7WBWc4UGSVlUFjwBnk0 f2tirX9rL/wJ/wCYf2dh729mvuRzP/CofhN/0JWif+C22/8AjdH/AAqH4Tf9CVon/gttv/jda+q+ P/AmhvpEet+I9N099fZU00XF5DEb1n27Vtw7DzSdy4CZzkeorprq6tbG1mvb2ZLe3t0aSSSRgiIi DLMzHgAAZJPAFDzbFJXdWX/gT/zBZdh3tTX3I4L/AIVD8Jv+hK0T/wAFtt/8bo/4VD8Jv+hK0T/w W23/AMbrduPG3gy003SdZutf0+HT9ekgh065e6iWG9luhugS3kLbZWlHKBCSw5XNakut6NBq9v4f nv7ePVLuKSeG0aVBcSwwlVkkSMncyIXUMwGAWAPUU3muLWjqy+9/5h/Z2H/59x+5HHf8Kh+E3/Ql aJ/4Lbb/AON1Gnwh+FG6Td4K0XG7jOm2mMYHTEecZ9ec57Yr0ioYgA8xAAywzhSuflHUn731H07U f2tiv+fsv/AmH9nYf/n2vuRwP/CofhN/0JWif+C22/8AjdH/AAqH4Tf9CVon/gttv/jdeiVSstT0 7UvtH9nXUV19llaCbynV/LmTG6N9pO11yMqeR3FL+1sV/wA/Zf8AgTD+z8P/AM+4/cjiP+FQ/Cb/ AKErRP8AwW23/wAbo/4VD8Jv+hK0T/wW23/xut6y8a+DdS8R3vg7TtesLrX9OQSXWnRXUT3kCHGG lgVjIgO5cFlA5HqKXw94z8H+Lnvo/Ceu2GtPpcxt7sWV1Fcm3mGcxyiNm2OMH5Wwaf8AauK/5+y+ 9/5h/Z+H/wCfcfuRgf8ACofhN/0JWif+C22/+N0f8Kh+E3/QlaJ/4Lbb/wCN0ah8X/hNpHiM+DtW 8a6JZa+JI4Tp0+pW0d4JJQDGnkNIJNzhgVG3JBGOtdZp3iHQNXvdQ03SdTtr270mRYb2GCZJJLaR l3qkyKSY2KkMAwBI56Uf2rirX9rL/wACf+Yf2fh9vZx+5HJ/8Kh+E3/QlaJ/4Lbb/wCN1HL8IfhR tGzwVoudy/d020zjIz96PGMde+OnOK7PRdd0TxLpkOteHNQt9V0653eVc2kqTwybGKNtkjLKcMCD g8EEdavzgFACAfmTqpf+Idh/Pt17UPNcV/z9l97D+zsP/wA+19yOB/4VD8Jv+hK0T/wW23/xuj/h UPwm/wChK0T/AMFtt/8AG69ErlNd8eeB/C2p6dovibxFp2kajq7bLK2vLuG3mum3BdsMcjK0h3ED Cg8kDvQs1xV7e1l97D+zsP8A8+19yMb/AIVD8Jv+hK0T/wAFtt/8bo/4VD8Jv+hK0T/wW23/AMbr qPEXibw34Q0mXXvFurWmiaZblRJdX08dtAhchVDSSlVGSQBk8k4rL1X4heAdC0/TNX1zxLpmn2Ot MiWFxcXkMMV20o3IIHdwshYcqEJyORR/auK/5+y+9/5g8vw6/wCXcfuRl/8ACofhN/0JWif+C22/ +N0f8Kh+E3/QlaJ/4Lbb/wCN11HiLxN4b8IaRN4g8W6taaJpduVEt3fTx21uhdgihpJSqjcxAGTy SAOa5vT/AIs/CvVtFk8SaX4y0W80iKeO1e8h1G2ktluJSBHEZVcoJHLAKpOSSMDmhZrintVl97/z B5fh1/y7j9yI/wDhUPwm/wChK0T/AMFtt/8AG6P+FQ/Cb/oStE/8Ftt/8brr7vXdEsNTsNEvtQt7 bUdU837JbSSok1z5ChpfKjJDPsUgttB2jk4FatH9q4r/AJ+y+9h/Z2H/AOfa+5HnzfDnwNqQFprH hixuray+S1jurKzeKGPptgVUJVcKowcHAHpTP+FQ/Cb/AKErRP8AwW23/wAbrrdOjjS6vGREQs+S VtmhJ5P3nbiQ+4+vetSWWOGN5pnEccYLMzHAUDkkk9AKzhmWIgrRqSS9WXLA0ZO8oJv0R59/wqH4 Tf8AQlaJ/wCC22/+N0f8Kh+E3/QlaJ/4Lbb/AON1v+FvGfg/xzp76t4K12w8QWMchia40+6iu4lk UAlC8TMoYAgkZzyKSy8a+DdS8R3vg7TtesLrX9OQSXWnRXUT3kCHGGlgVjIgO5cFlA5HqK0/tTF3 t7WX3sz/ALPw+/s4/cjB/wCFQ/Cb/oStE/8ABbbf/G6P+FQ/Cb/oStE/8Ftt/wDG63/D3jPwf4ue +j8J67Ya0+lzG3uxZXUVybeYZzHKI2bY4wflbBrRuNb0W01W00K6v7eHU79JZLa1eVFnnjg2+a0c ZO51Tcu4gELkZxkUf2tiv+fsv/An/mP+z8P/AM+4/cjj/wDhUPwm/wChK0T/AMFtt/8AG6P+FQ/C b/oStE/8Ftt/8brrNO8Q6Bq97qGm6Tqdte3ekyLDewwTJJJbSMu9UmRSTGxUhgGAJHPSn6LruieJ dMh1rw5qFvqunXO7yrm0lSeGTYxRtskZZThgQcHggjrR/auK39rL73/mH9nYf/n3H7kcZL8IfhRt GzwVoudy/d020zjIz96PGMde+OnOKk/4VD8Jv+hK0T/wW23/AMbrvpwCgBAPzJ1Uv/EOw/n269qm o/tbFf8AP2X/AIEw/s7D/wDPtfcjzv8A4VD8Jv8AoStE/wDBbbf/ABuj/hUPwm/6ErRP/Bbbf/G6 3NZ8b+C/DuraboHiDX9P0zVNZYpY2t1dRQz3TAgEQRuwaQ5IGFB5I9aueIvE3hvwhpMuveLdWtNE 0y3KiS6vp47aBC5CqGklKqMkgDJ5JxR/a2Ktf2sv/An/AJh/Z2Hvb2a+5HL/APCofhN/0JWif+C2 2/8AjdH/AAqH4Tf9CVon/gttv/jdamq/ELwDoWn6Zq+ueJdM0+x1pkSwuLi8hhiu2lG5BA7uFkLD lQhORyK65mVFLsQFAySegFDzXFLerL73/mJZfh3tTj9yPPf+FQ/Cb/oStE/8Ftt/8bo/4VD8Jv8A oStE/wDBbbf/AButp/HXgiLw9a+LZPEOnJod80a29+buEWkzTNsjEc27YxdjtUAnceBzWrd67olh qdhol9qFvbajqnm/ZLaSVEmufIUNL5UZIZ9ikFtoO0cnAo/tXF/8/Zfe/wDMay/D/wDPuP3I5D/h UPwm/wChK0T/AMFtt/8AG6jT4Q/CjdJu8FaLjdxnTbTGMDpiPOM+vOc9sV6RUMQAeYgAZYZwpXPy jqT976j6dqP7WxX/AD9l/wCBMP7Ow/8Az7X3I4H/AIVD8Jv+hK0T/wAFtt/8bo/4VD8Jv+hK0T/w W23/AMbr0SsC68V+F7HTNR1q91izt9O0hpEvbmS4jSG1aLHmLNIWCxlMjcGIx3pf2tiv+fsv/An/ AJh/Z2H/AOfa+5HNf8Kh+E3/AEJWif8Agttv/jdH/CofhN/0JWif+C22/wDjddhout6L4k0u21zw 7f2+qabeLvgurWVJ4JU6bkkQlWHuDWHpvxD8Aazaatf6P4m0y+ttBZ01GWC9gljsmiBLi4ZXIiKg EsHIxg56UPNsUt6sv/An/mCy/DvanH7kZf8AwqH4Tf8AQlaJ/wCC22/+N0f8Kh+E3/QlaJ/4Lbb/ AON11Ph3xN4b8X6TDr/hPVbTW9MuCwiurGeO5gcoxVtskRZTtYEHB4IIqa313RLvVL3Q7TULebUt NSKS6tUmRp7dJwTE0sYO5BIFbaWA3YOM4NN5rilvVl97BZdh3/y7X3I5D/hUPwm/6ErRP/Bbbf8A xuj/AIVD8Jv+hK0T/wAFtt/8brbtfHXgm+8MSeN7LxBp1x4dhSSR9Tju4XslSElZGNwGMYCFSGJb AIIPSumjkjmjWaFg6OAyspyCDyCCOoNH9q4rb2svvYf2dh/+fa+5HnT/AAh+FG6Pb4K0XG7nGm2m MYPXMecZ9Oc47ZqT/hUPwm/6ErRP/Bbbf/G676UAvCSAcMcZUtj5T0I+79T9O9TUf2tiv+fsv/Am H9nYf/n2vuR53/wqH4Tf9CVon/gttv8A43R/wqH4Tf8AQlaJ/wCC22/+N128+p6da3lrp1zdRQ3d 7v8As8LuqyTeWNz+WpOW2jlsA4HJrH8T+NPB3gm1gvvGeu2GgW11KIIZdQuorVJJWBIjRpWUMxAJ Cjnij+1cV/z9l/4Ew/s/D/8APuP3IwP+FQ/Cb/oStE/8Ftt/8bo/4VD8Jv8AoStE/wDBbbf/ABut 7U/Gng7RNZ03w7rOvWFhq2skixs7i6iiuLor18iJ2DyYzztBpvivxx4K8B2MWqeOfEGn+HbOeQQx z6jdxWkTykFgivMyqW2qTgHOAT2pf2tit/ay/wDAn/mH9nYfb2cfuRh/8Kh+E3/QlaJ/4Lbb/wCN 0f8ACofhN/0JWif+C22/+N1oWHxI+HmrWel6jpfijSry01ydrXT5ob6CSO8uFBLRQMrkSuApyqEk YPHFb/8Abuif23/wjX9oW/8Aa/2f7X9i81PtP2bf5fneVnf5e/5d+Nu7jOaf9qYvb2svvf8AmH9n 4f8A59x+5HIf8Kh+E3/QlaJ/4Lbb/wCN1HF8IfhRtO/wVoudzfe020zjJx92PGMdO+OvOa9IqGAA IQAB8z9FKfxHsf59+vej+1sV/wA/Zf8AgTD+zsP/AM+19yOB/wCFQ/Cb/oStE/8ABbbf/G6P+FQ/ Cb/oStE/8Ftt/wDG67TVtX0rQdNudZ129g07T7JDLPc3MiwwxRryWeRyFVR3JIFVPD3iXw54u0mH XvCeq2mtaZcbhHdWU8dzA5UlW2yRllOCCDg8Hij+1cV/z9l97D+zsP8A8+19yOW/4VD8Jv8AoStE /wDBbbf/ABuj/hUPwm/6ErRP/Bbbf/G62dH8d+B/EUuqQeH/ABFp2pyaG5j1BbW7hmazdd2VuAjE xEbWyHweD6Grfhnxb4V8a6WNc8G6zZa9pzO0YubC5juoC6feUSRMy5HcZyKP7VxX/P2X3sP7Pw// AD7j9yOb/wCFQ/Cb/oStE/8ABbbf/G6P+FQ/Cb/oStE/8Ftt/wDG6LH4v/CbVPEZ8HaZ410S719Z ZIDp0OpW0l4JoiRJH5CyGTehU7l25GDnpXRWni/wlqGkXuv2Gt2NzpemtOl1dxXMT29u1rnzxLIr FUMWDvDEbcHOKX9rYq1/ay/8Cf8AmH9nYe9vZr7kc7/wqH4Tf9CVon/gttv/AI3Vmz+Fnwx0+7gv 7Dwho9tdWzrLFLFp9ukkciHcrKyoCrKQCCOQa7GxvrLVLK31LTbiO7s7uNJYZoXEkcscg3I6OpIZ WBBBBwRyKtUSzPFaxlVl97COAw+6pr7kFYPib/kDyf8AXSD/ANGpW9WD4m/5A8n/AF0g/wDRqVwH Yf/U/ejQ/wDkCaf/ANe8X/oArUrL0P8A5Amn/wDXvF/6AK1KAPzm8P8AwL+Enir9snUbvw54YtNK s/hRBb3920SsJL7XtYJuYZJCSdyW8aeYmACJW7gYrvP2ifib4+0L41eB/hl4a8f2Xw80rxNpepzX Go3lpa3ISe1KNGU+1FUDkAqAzFcE/KW2kfZFjoOh6Xf6hqmmadbWl7qzpJeTwwpHLcvGgjRpnUBp GVAFBYkgAAcV5F4/+AHgT4nfEXw/4/8AG1pDrMegWV3ZJpt7bQ3VnKLsqTI6zK3zoV+UiptZU4L4 Vf8AFP8AW1vJK+xUndzk93b8GvzSbfm2fnpqX7Wfxg8RfCfwre6V4qOleKf7I13U7x9N0zTmjvYN LuJbaG7efVJ0giido8vHBHJKzbtigFVr0zwf8Vv2hPjZ8QfB/hfw744tvBlrfeAtK8U35j0m3vjN cy3DRTxxibBjWUEc7jswNo5Jr7w1X4TfCvXLfSLTWvBujX8GgII9OjuNPt5UsoxgBLdWQiJRtXhM DgegrV0TwF4G8M3cN/4c8O6dpVzb2i2EctpaQwSJZo5kW3Vo1BEQclhGPlDHOM1Vk7qWu/5S/Vp2 207WSJy1Tgrf8Ov8mr76+rf5Vfs+eIdW0b4T/Ai5k1Oz8VyzeJNdZIDaQG4sNlndzG2Ei75BNJKp lMhAkKy7eVxnt/h98cvHXjXwUfEfi/4paFrzeNvDWv3Z8IrpcW+xktIJGEcckRZiqgYkW7J3qCFB 5K/ohpPwv+GmgzR3Gh+E9J06WG7e/je3sYImS8lQxvcKUQESshKlx8xU4JxTNO+FXww0jUdU1fSv CGkWd9riSx6hPDYW8ct2kxzKs7qgMiueXDEhjyc1NS8nUf8ANe3l7tvnrZ3307tlwmlOMu34+83v 89tn10sfmBB8dfinbabYeGdB+ImlfDyw0b4a6N4jtYJNOsmW5uxblntYBLtVEk+UFVDFQF8sLzmH 4qftf/GEeFbLxl4P8QHSb/SPDWhavqmlw6ZYCxFzqhjfE9xqFx9qkSVGPlx2cTMoYbnyC1fe0/7L nwi1H4i3Xj3XdA0/V7eTSrPSbbSrvT7WaxsobJiYzbo8Z8vg7cLgbQBjFel+IfhL8K/F2pJrPivw bo2s6hHB9mW4vdPt7iUQYI8oPIjNswxG3OME8cmrm2/eWju3+M7fg46bad9op8sdGuiX4R/ylrvr 2PgP4tfG79oCzv8A4v8AiTwf4utdG0j4YJ4dvYNObTILk3g1O2ikmglnkwyRZLEFR5hJwHUDB47x T40+Jvw++K/7Svifwp470q012C20H7JZ6olpbKyzxxGJ45Z3Cg2sUjwor/u5JJVaTkgN+ns3w7+H 9xbanZXHhjS5bfW0gjv42soGS7S1UJAs6lMSrEoCoHyFAAXAqDU/hl8N9a1O81vWfCmk3+oaja/Y bq5nsYJZp7Q4/cSu6Fni4HyMSvA44FVKSUnyLS1vyv8Afb5Xutd3GfuJPfr57W/V+fU+df2Tfiz4 r+IB8a+FvHWq3uo654UvLdJI9QsLO1uIIruIyRq02nyva3AO07WSOMgD5gdwNfYVcv4T8D+DPAWn vpHgfQbDw9YyyGV4NPtorWNpCAC7LEqgtgAZPOAK6inUkm1bsvyMYRa38wooorMsKKKKACiiigAo oooAKKKKACiiigD8yP2qQ0nxG8eJdeIbfw6bnwppNvZ6VcWyzT+K5Iby5n+x2cj/AL2OQMfIxahp FadZWGUSvbfiRrPg7RPH3g/xf4h1qWTQ9J8UzNrR1C6D2WhX1xoTRWsb7hsgiO9CMkKJp924F8H7 JKqSCRkjp7UEBgVYZB7GiDajy/1vf+vPa2qbm7y5vK34W/rv1vofl94R134e+EpX8S/EaKKz8FeI tA8Up4f+2R4tp7a7126uRbW0TLy91ZyWzQxLhpI1AVWC/L7z4zvvHOg/sr+Dfh3apInj/wAYaXpP hqGOeVo5UvLi0UXskkyiQoYII55Gk2sQUyAxwD9kEA4yM45papNKDp20bX3JydvnzNN+mg3N87qL ff52ivu91O3XuflN4s8LyReFtQ/Zf8e6Fa+HtO1LxPoGo6Zp+m3j3VvDpOsX4huI4JzDbMfIuxI5 HlqEEyKMjBrs/AGreJfiL8X/AIX/ABC8YRzRal4X1C68HOkilEbULTRtQl1i5jAO1o5rlIY1bHHk HGMkV+k1FXh6vInfVu//AKSoru9k766t3e1iZ6v+u7k//JrPytYKhiILzAEHDDOGLY+UdQfu/QfX vU1Rpu3Sbt2N3GcYxgdMc4z685z2xWQHlHx70S08R/BXxvomoXcthbXWk3ayTwwPdPGgjLE+RH88 owPmReWGQOTXyn8IvEC+MfHnjPxt4g17SdL0SSLwfp0d94RuZv7On1G2u53SzF5JHH9oaTzoY5kV ABHMtux3IzH9B6QAKMAYFENJc3p/X9ddddgnrHl/rp/kfmAk1pq+i6D8OPCIz8UdG1vxxc6hbRn/ AImNqlzbaqq3E7Da6RXM1xZtE7HbJuj2ltuR7L8Cdb8FeJ/iJ4RuPhosbWWgeAxp2sfZlCraXLXF obOyutoXFxCIrv8AdMoaPLEqu8Z+2sAEsByepoAAzgYzzV0Z8kuby/8AbZR+60tu6Wo6r5rfP8Wn 9/u7n5s/Ea5+IfiXx74m/aF8KeHrXVNH+Gt/DbadeNfSRXq2uhmUa4lraC2dZvtfnXFuSZ48mFDg 7FzycWt6lovj74geMfh28sv/AAt7W5vCsF3bgypHfTWVjPpV9jOBHDBPeSOR1Crn2/VOioopRequ rW+9x5n21toraNt6sqpNvXz/ACvy/dfXvbofPP7LWiaf4Y+DNj4Z0mMxWGj6r4gsrZGJYrBbaxeR RAlskkIo5JyetfQE5AQEkD5k6sU/iHcfy79O9TVHLu2jZuzuX7uM4yM/e4xjr3x05xWlao5zc31M 0ktESV86/G3whoF14j8B+NrmB5tXsPEGl2tvI80rRwxyTN5hjhLeUsjg7WkCbyuFLbQBX0VRWa+K MuzT+5p2+ewTV4Th/MmvvVvw3PzwudQ0JPE1/wCAZlU/Eaf4oWeqwW3Bvm01Z4JjepwGFsulq8Jk yUwGhzk7Br+J/E3ws8N+LIPEPjXW/wC3PBureCL+w0vUdTkF2t7P9sZry1RmX97PMhiVY1w0ix7V V9vy/e+BndjnpmggHGRnHNS43pRp9r/jBQ/JX9fLQ1dT3pS7u/8A5Pz/AHX09PPU/K3wm9toPhS9 +G/juJovihqmteA7qzs7gbtSuY7Wz0hWnhY/M8dtJb3nmurFYism4rk7vqL9o5NZ8ea94V+C/h7R rLxIt40uu6zp9/dGztZ9N08qkUM0qwXLL5l3LE6jyjvELqSBk19YYGd2OR3pa3xFT2s+aS63/BW/ FK767abmcPdjZdvz3/4Hbe7PyT1STxbrr/D3TdXjkk+IfwPsPEZeKKWSRri60KTSpoV8whDML7T3 Cl2UBjMTtDDA+kP2c538R/F7xX8UrhJI5viBolhq8SyEgpp32y8t9NGwkhCbOKKRwP43bNfblFRz NtSe+v3tNN/PT0tbqN25HDvb5JNNL5ar533QVDAQUJBB+Z+jF/4j3P8ALt07VNUcW7ad+7O5vvYz jJx93jGOnfHXnNSIxvE3hvSvF+h3fhvXFlewvlCTJDPLbO6BgxXzIWRwrYwwDAMpKnKkg/Mvw9sd Ktfgv4N0ax1WfRL1LjWLbR7O1n+zx3k6pfpHbOgGHSOINKq5AVo1fPyivreisq1Pni4XtdWHCTjN S7f8D/I/Ja/u/DPiv4ceHNM+Htob2fwl8OzZeKbSzTNxaqt9pbS2F4qrn7QUtr79y6FziQ7MP832 h8Gtc8L+Lviv8RvF3w8ngv8Awtd2uhW63tkVayudSt0ujcmN0+WR0gktUdl6bVQnKED6YAAzgYzy aAAowowPau2ddycm1vf73Jyfy1/W5EY2Vl/Vkl+n3aeZ8H/D74U+OfiN4ZS11LWtGtPCNr4y1bUl hi0mVtXLad4iubhU+2tdeWu+WPBdbcMIztGTlj4H4G0m/i0S++D1pBcpo/xp1HVL+4lj3FYV0rU7 uPWw7ggxrc2cNpAmOjSEjnr+ttFctWKle2l7/wDDPyulfvY1U7Nvr+W/yvqzyL9n53k+A3w3kk4Z vDejk9uTZxZr1eUgPCCQMscZYrn5T0A+99D9e1TVG+7dHt3Y3c4xjGD1zzjPpznHbNdOKre0qyqW tdt/eZQjZJElfAXi7x18IfF3xyk+Edhq2keG/wCzPEWlatrV1czxrqGra1btE1nZWUbksdpihWaX jAHkxqSzMv37RXOl76l2/wA01+Kvbvbpo7b91rv/AF/wPS/XVfDHirxJ8LfB3xJ0rxT4517+0vB8 uieLLCPUdXnFxbrqL6lDJd6eGddvmbEkhhi4JjhMSh9vHgEH2fwz8LPFPgTx3bPbePPEvhHwnbeH LS6Gb65uobFYYIrRW+fzbXUA0km1swlhIwUfMf1lIDdRnHNBAJBI5HStKM+RRW9v85S/OWnZaeYT d5c39dF+mtrXZ82/Huy8S3/if4UWvhK4sbXVW8QXflSalayXtqoGi6gX3wxSwM2VyBiRcHB5Hyn5 h+MHwL8S2OpeGRNqFrqXjTxF4i1PxFbSafatp1jBqumaIzWCxwGWZtvmWkfmF5GLlmJ7Cv0xoqJ6 rTR9/ndP5NJ/IcWrq6uv+H/zPgf4IaufiF+0BZfHJobi3i8eeG9Y+wwXKskkGl6ZeaXBbIUJIHmS tc3GRyRKM5AFffFFFazqJxhBL4U1+Lf36699+pFtW31/ysZGiyRyWrNE6SDeeUuWuh0H8b4I+n49 6+f/ANrVLiX4OSwQ3C6cj6vojS6lJF58WlxRajBK19LEfkkjt9gdlkxHgZc7Qa+iNO+0eQ32nzt2 448/yt2MDp5Py4+vP6Vf68GsWtU+zT+53/rr2Li7Hwd8IWsbzR/FKWvjB9TutQ8W6rLo2radItpZ +I7qfSMlFjizFIlsN6HyzsaW287O8MK8Hv7vwz4r+HHhzTPh7aG9n8JfDs2Xim0s0zcWqrfaW0th eKq5+0FLa+/cuhc4kOzD/N+tAAUAAYA7UAAZwMZ5NVGTW3aKX/bsZRXy953XZJes7792/vkn+mnZ 6+R8y/B3X/Cnir4q/Efxl4AuIL3wpc2mhQfbrMqbK41G2S6NyY3Q7HaO3ktUkYdNoQnKED5m0bWv G9l4ys/2t77RLOHwtrmtNDLqn26Q3p8Lah5On2avZm2CpCksUF8W+0MVDSHYN7Y/TMAKMKMD2pap yXOp22svyv8Afa3o2tbg23Fx/ry/z9bPofkl4G0m/i0S++D1pBcpo/xp1DVL+4lj3MkK6Vqd3HrY dwQY1ubOG0gTHRpCRz1/RD9n53k+A3w3kk4ZvDejk9uTZxZr12inSny05U+7XytzJL0s0l6eejqP mlzev42u/n1IZSA8IJAyxxliuflPQD730P17VNUb7t0e3djdzjGMYPXPOM+nOcds1JWYj8zviO15 Z/FnVvh54a1DR76/8QeO/DmtNbTRXH/CQxNAbKSYwQ7PLeyit4Gk+2eYEVRLblS5DD0rxV4k+Fvg 74k6V4p8c69/aXg+XRPFlhHqOrzi4t11F9Shku9PDOu3zNiSQwxcExwmJQ+3j7mwM7sc9M0EBuoz jmpUbRjHtf8AGHJ+C/G1y3P3nLvb8JOX4t/10/JqD7P4Z+FninwJ47tntvHniXwj4TtvDlpdDN9c 3UNisMEVorfP5trqAaSTa2YSwkYKPmP2J+0pda54ih8LfB7wrptvrOoeKr4Xl9ZXdw1rby6PpDR3 F2k0yxTlUmkMFuw8ttwlK4xkj6hIBIJHI6UtbVanP8S6t/5Lz8++uiuRT91WXa34W/4bt3Z+THiD R/FPiDSPBHwRv7VLHxt8M9c1P+y4Yrhp4oja6VPqegssxSJpYlVY7csyLvMT5UHIr2/4IaufiF+0 BZfHJobi3i8eeG9Y+wwXKskkGl6ZeaXBbIUJIHmStc3GRyRKM5AFffFFOjV5J8710f3uLi5er0+6 3XQlrG39WvdL0XkFQwEFCQQfmfoxf+I9z/Lt07VNUcW7ad+7O5vvYzjJx93jGOnfHXnNZAY3ibw3 pXi/Q7vw3riyvYXyhJkhnltndAwYr5kLI4VsYYBgGUlTlSQfhjQrvwx4H0b4J6/4raDSvBmiXPiO 1ae4ZYrGxuZDNHZmQsNkY8tZoo2O0AuFDZYK36CUhAYYYZB9alp9BW1u/P8AH/hj84haWNx+zVq1 hp89+Z5tPu9Qi8PKzKp8Lya/NcRSpabSV32B8pVwT5eI9nGKqa74q+H+o/G21+K+k3NrP8MbDXNB S/1eIqdIXUo9K1eETvIMxfumuLCJpjhY38tSwZPl/Smm7E27MDb6Y4ro9r7zaX9c1/67PXyVSd7+ aa+9W/ry0838ofDfxxongD4A+K/iXbwE6Db6l4j1XTI1XYt1bTahcSWv2dTj5LlmUw4wGDqV4Ir5 M1bR/iL8E/BXjLSfiLpFlpsXxJ8Ga1Fc3NlfSXovPE1paXV9LczKba3WCS6hlmG0GQEQIgf5Vz+s lFc7jo4rtb8Lf8H1SdtDRVfe5/Ny+bd/uX5No/KDUNL1GHS9N+CEsFwNA+E2raTrNtO7viaHVdQs xo8Qctl0gS4vY2Bz81tGT1xX6v0UVpKV3f8Ap+b87Wv3sYxVoqPb+rel7tLpexCxH2hBkZ2txuIP Vf4eh+vb8TU1Rnd5q43bdrZ6bc5GM98+mOOue1SVIz5w03wj4d8M/tEanqemRyQXOu+Hbi6vrmSe WaV3F6gXDys5RIwSI41wiDhVAr5b+I2q+AtM0z4iaRe6rJrs/jPwHodl4PvL+X7Vea3Iq3ccAtXZ Q01z9plhlfZ826RJSqj5q/TOkIBIJGSOntRT92EYPZX/ABcn+HNb5eehd88p97P7lFfja/z8tfzs N/o0Wv3Xw/u1DfEmb4nWWqxWxw182nrNBM16p4YWy6YskLSZKYDQ5ydg9w+KOm+NtT+PXg+HwJea VZXy+GtdaR9XsZr+AxfbNLBVY4bi2ZX3YIYuRgEbTkEfUeBndjnpmlrSlU5YwTW1/wAYKH6J/f30 TWsvP/5Jy/N6H5d+NvhxN8GvH3hTxIl1/amq+ANJ1nxbcT2sH2WJ4rrWYH1aOC1V3VE+x3VwsSFm wQvOea9w/Zj0++T4k+P/ABXq6Sx6l420vQPENykwYPD9vn1T7PAyknabe0SCEgYGUJ6k19qUUUJ8 lL2du/4ycvu+FW20v10qesnLvb8Fb/P7/IKhtyDbxFSCCq4IYuDx2Y8t9T1qao4d3lJv3btozuxu zjvt4z6449KzEfOH7SXxN8B/CvSPDniDxRa2V5rsmpeToC6hOLa0hvponie5nmbKxQxRO/mPtZgD tQFmFeF6xoHhYfs1ahovgrxhJ4w1K/8ADniW6W20eYLZ6r9qvUuNTkt7aIOD5MzmCEAsUWQx4Ysc /oPRUxTV31/4Fv8Ah/u6XK5tVbofmv4s8TeAPEvj+7+JHgya21D4c6Xf+CRrF/Z7TpwktJNQYtKy gxt9lE9i8xI/dKE3FNmV+kfgfd6bq2h/EvxF4aAbw1rPiK/utJmiAFvcQfY7aKee3xwY5LxLhg44 dizjIbJ+lQqgbQAB6fWlAAGBwBVS+CpBfaTXpflv/wCkq3q9xKXvRl2t+HNb/wBKZ+fHw8+FPjrx F8G/hv4t8Xazox0jwr4ci1HT7XTdJltr53l0d7aNLm7lupQyrHMS4jijEjgEhQNtfMkumaiP2d5f gSkFxFoWj+GV8fxv87RNZz6as0Fq0mc7/wC2XmnCnqkIHQ4r9o6K6Y4hKvOsl8TTt6NvfvdrXf3b ddJt7sYvpf8AGy/K/wB9+gg6CsmaSMaxBGXQOUJCm5ZXP3ukA+Vh7n+grXqhJ9o/tCLb53k7fm2+ V5WefvZ/eZ6fd46e9cwy/X5efC52Hxg8Nm48QQ3V/H4r8Yz3PhWK3SK/8Pw3oumN9cXA/fvG2Bgz gRubpPLz5cYr9Q6TaoJYDk96Vtb+TX32/wAvXs0Nu8eXzv8An/n6Pqmfmb8RtV8BaZpnxE0i91WT XZ/GfgPQ7LwfeX8v2q81uRVu44Bauyhprn7TLDK+z5t0iSlVHzVvm/0aLX7r4f3ahviTN8TrLVYr Y4a+bT1mgma9U8MLZdMWSFpMlMBoc5OwfomQCQSMkdPajAzuxz0zW1Opy1FV3af5SUl+K17+Qpvm jy/18Lj91mfGX7SOl678XPGWjfBbw9oln4jsNOsrjW9ctb6+k0+DZcxy2OnqZo7e5O8SNNOi+Xw0 CtuBC5+b9V8W63rfifwR8S9fR28Y/B3QdRk1oREsfO0jU7Sy1jCjAb7RYyTTRZHIdCMZr9XqKxpr lkpLdXfztJJ9tE9V9qyuypy5lyvbb5aNr5tfLt1Piv8AZj0++T4k+P8AxXq6Sx6l420vQPENykwY PD9vn1T7PAyknabe0SCEgYGUJ6k19qUUVtWqKTulZaL5JWJ13e/69SG3INvEVIIKrghi4PHZjy31 PWvmX9pa5ttAfwD46l1LS9Pn8Pa07wDXXlt9Ile4sriEi5u445RasqMxhlZGUyYjxlwR9OQ7vKTf u3bRndjdnHfbxn1xx6U8gMMEZBrGS7DTsfmlpel3uofssaxbTX1zJr2taT4xvrHRNOWWztr/AEq7 1T7Q08Fk4aTHlOgt93zLHPs2sXqbxZ4m8AeJfH938SPBk1tqHw50u/8ABI1i/s9p04SWkmoMWlZQ Y2+yiexeYkfulCbimzK/pRTQqgbQAB6fWr5rNNdGmvk769/w118hPWMov7Saf/by1t2Plr4SeMPC +g+EPir8UYJBH4IXXtS1ayuYh/o81nb2VsLqe3C8NHJdxXDBl4kYl1zuBPzT4StviX8L7+38d/Ef QLPRofitY6jZ6rc29+91PLqt6LjUdN+1QtbRLB5CNLZIFklzujTOFXP6eAADA4Apayrw548u3uqP yUeV/Nqz7JpOxpGq07+d/ne6+57979D8XJdM1Efs7y/AlILiLQtH8Mr4/jf52iazn01ZoLVpM53/ ANsvNOFPVIQOhxX7RDoKWiu3EYhT2VtW/v2+5JK+7tcwhCyS/rv+bb+duhCxH2hBkZ2txuIPVf4e h+vb8TU1Rnd5q43bdrZ6bc5GM98+mOOue1SVylnyF4t8Cw6T8TfGz+BoJk8Q+JvBeqSmYzyyzy3j TBYAskrsUWMtiJFKpGOFCivL/BHiP4Xa7rPhy/8AC2rtoOheHvA1vp2uXunyC2ewu3vrH+z7G4kV RsuFaO5QxMgZA7gqvmDP6G0gAGcDGearDS9nbra/4+0/JVH9y9BVPebb6v8ASF/xhf5vc/OjVr3S f7a1b4eqoPxLufiZbapbW+R9vawE0Mv21Dwy2y6YrwmTJQANFnJ2DW/Zy1TwpqusfCDRfCyoda8I eDdQsfEkUSbJtPu2exR7e+GFKTSXUUzqkg3MVeQZGWP6A4Gd2OemaAACSBjPWnSny01T9Pwior8F r39C5yvJz73/ABk5P7m9O3mfnb8ZrP4m/Ev4g+JvHHw20Gy1mP4Vm1tdJuJ797aeHVLN4tS1H7NE ltKJ/tMflWUitLF92RM/M2PPJPHt1pPxI8a/tF/DCGXUm8aXGn+H4I8MY2k1bQbC50WaVCQFEd5+ 5c8ECc5+6BX6rUVENIqL2+7f4v8AwLp28wlL3uZf57fDv23832Pm/wDZZ8L2Pgj4Z3ng7TXklttF 17W7RJJWLySeTfSqXdjklnILH3NfRVwQLeUsQAFbJLFAOO7DlfqOlTVHNu8p9m7dtONuN2cdt3Gf TPHrR0S7JL7lYUrc0murb+9tklfOv7TnhDQPEPwyvta1iB7m40ALcWamaVYUnMsYErQqwjkdMfu2 dWKEkpgkmvoqihkSV013Pkn9oiTw7CsmoXuq3N5DpOp+Er7XNNaYvaWWlW+qO/2xoNpCoWDtOxyG SAZwI8jxXTfE3ga0+K0XxXu7q2h+GNx4t1hrbVXdE0n7ZJoljbC6EhzFse4hvIlmBCtKzAMS+G/S DrwabsXbswNvp2og3FNd7/jy/wDyKt5u/kXN3ab/AK3/AM/u08z4aNu8f7C3jDyLZ7OzudJ8TXGn QyxlNmm3Nzdy2AEZ5RPsrxbEwNq4XAxisP49/Cfxmfh54z+I3xH1bSNQn03wxqGmW1romlS6arR3 0sEkzTyS3V07keSAigqq5ZuSeP0DorSrKM27re/46fkOMno/67/ofltd6fq13qvhf4d6hHcJY/Aj xToVjbs4by7ltS1q2j0t1fPzm20glZN2fmnz1ANfqTRRT9q/ZqD1d22+rbUU7/d9zt01hpXuttrd lr/mQqR9ocZGdq8biT1b+HoPr3/AVW1WewtdLvLrVZBDZQwyPO7EqFiVSXJI5AC5ORVsbvNbO7bt XHTbnJzjvn1zx0x3qSsJxumi4uzTPzk+Ffjb4M/FC41fxlpPimw8F+H/AA94Vv8AR9J03SryOHVt P0TzYjcaldOm54HBhiMCc+Sp3OTJIVW1rupeGofFfinwJebW8e6v8R/Duqabbv8ANfXOnw/2dJ9s g4D/AGeK1guUdwSqbZEYgkrX6I0mBndjnpmtKb5ZJ9v/AJJTv63Xyu7dLRK7i1/W3Lb0t9+nm3+e Xwe1DQrvXfhD4O0xVbxv4U1DxFJ4mhXBu7OKSG7juHvCAGVLq9kt5I9+fN+V1LhS1eo+IvD3xD8Q /HzxvaeB9R0PT4n8OeH47o6xpUuplg8+qBTCI7q2VcDduDhw2RwADu+vAACSByetLTck4qMl0t+J fNq7f1/XyPyuvtGH7NXxOu/G2hQXWuJ8OvD/AIb8PXQjUma9sdQgvIYlWIHaGbUIbQ8fdUsBx1+o /wBk/wAIXPgPSPH3hS/uDeX1n4lD3lwc/wCkX1zpOnXF5N8xJAkuJJHA6AHA4FfV1FVSq8vPfXmV vTVS09Wnfvfy1mSTsl0/Gyt+WhQ1R0SxlaRlRRt5eZoF6jrIvK/16d6sWpDWsLKQwKLghzIDx2c8 t9T160y9877M/keZv4x5Wzf17eZ8v1z26c4qWDf5Efmbt20Z37d2cc52/Ln1xx6VkB8L/tUNH/ws jwu2o+MLP4c2C+HPEUH9t6jaxXdtPLd/ZU+whLkiJZCE84YPmyLGUUYLVjazLo0PwY8FX+ste2X9 j23gK817QLieSWDStLtbvd9olhkUsoyrNcO+SyQDeF8skfoKVVuGGe/NL14NFJuFrdHF+vLJyV/v t6ebbHN833Nfekr+um/6Kx+b+m+JvA1p8Vovivd3VtD8MbjxbrDW2qu6JpP2yTRLG2F0JDmLY9xD eRLMCFaVmAYl8N654L8ZXHw0/ZRk8WaXYPHK0mpnw9ZSRlDINT1OddEgWM8ojpNbqqnGxCAQAOPs LYu3ZgbfTtTqbs4ez6aL5JW/4bsOMrS5vNv8W/8Ah+/kfkr4i0DxV8FPhl47+FfjrR7PTbHxr4Xa 6tzZahJfre6vpccUOpTyyPbWzJPewtHMVCtkxSPuJJrobvT9Wu9V8L/DvUI7hLH4EeKdCsbdnDeX ctqWtW0elur5+c22kErJuz80+eoBr9SaK1o1eSrCrb4Wnbo7O6+5XStot+liX8Lj/Wqs/v69WFQq R9ocZGdq8biT1b+HoPr3/AVNUY3ea2d23auOm3OTnHfPrnjpjvWIFHWbRdQ0i+sGkeIXMEsReL/W KHUrlP8AaGcj3r8xPhHqFrqus6XZXPiTSrHwr4H+HupaXf6z4cNxa3llA8toIJL+WWNfsV6VglkF qPMeB0kZmIkXH6m0gAGcDGeaIe7JyX9aSS/9KY5O6t/W6f6I/O/XdS8NQ+K/FPgS82t491f4j+Hd U023f5r650+H+zpPtkHAf7PFawXKO4JVNsiMQSVp/wAHtQ0K7134Q+DtMVW8b+FNQ8RSeJoVwbuz ikhu47h7wgBlS6vZLeSPfnzfldS4UtX6G4Gd2OemaAACSByetaUp8qUeyt90VFfgrvu+wnq2+/8A m3+unbzPgP48aH8RPjP8StW0r4c6RY6nH8NrGNLW5vb97L7F4lumhv4biFVtpxNJbQwwjaWjG24d C+GbHk938VII/idf/tX+HdNubpbTRPD9nfWUQLzNb6xFexfZfLzjzYtUhtkbuMOPr+qtFZKK5eX/ AIfrzfenbulZdC3K7u1/Wlvutfte7PlH9k/whc+A9I8feFL+4N5fWfiUPeXBz/pF9c6Tp1xeTfMS QJLiSRwOgBwOBX1RcEC3lLEABWySxQDjuw5X6jpU1RzbvKfZu3bTjbjdnHbdxn0zx61tWq87Ttay S+5JfoZpbklfOv7TnhDQPEPwyvta1iB7m40ALcWamaVYUnMsYErQqwjkdMfu2dWKEkpgkmvoqism KSumu5+ePxx1DQtO1v40eGNfVT4r8Yafo0fhSF8Nc3sqRmO2SxBG4tb3+6V9jfuiwlYKPmPovjrX vA/h74ieCfF+veITeeFNK1rxBb397qNyr2el6vNbBYoXdxsiRFE0UeSArPsDZba32QQCQSOR0oID DDDIPrT5ny266/p/l9+vk9G09P62a/ryv1d1+R+l33hLw54N8dWvjS0FjH408F3dv4PtruErJeW8 uraxJa2dhGwz5vl3Niy26EOFaM7QFyv2d8f7zxHd/Dvw78J9Ct473xF48ng02S3uLgwI9lBF9p1M SzBJmRHt4ngMgjchpVIBOK+oiAcEjOOlLVVJczb7v9W7fjr3CUru/r97UV+HKrdj8nvE3hbWvEej 6L+zL4ttYvDWraN4yN5pEdjcyXENnYalpmqXmlvBcGO3LpaXcbxKvlqFWFUI24J9Z+DfiLVfil8c /DHxp1+wl0y51XR9W0a3tZCV8mPShY/bAUzjd/aMt0m7GSkSdK/QiipT3v8A8Nolf1a37g2r/K34 t/g2mu1vMKhiILzAEHDDOGLY+UdQfu/QfXvU1Rpu3Sbt2N3GcYxgdMc4z685z2xSJK+o2EOqafda ZctIkN3E8LtDK8EoWRSpKSxlXRsHhlYMp5BBGa+XPhvoXg7wh4V8T+HU1Cbwto1h42SK2a1uGhZp TNaGG3aQ7mdbmYiOUMSZQ7Bj8xNfV9FFP3Z867W/8mi7/wDktvn8mqi5opdnf8Gv1/D7vy/Sa01f RdB+HHhEZ+KOja344udQtoz/AMTG1S5ttVVbidhtdIrma4s2idjtk3R7S23I9l+BOt+CvE/xE8I3 Hw0WNrLQPAY07WPsyhVtLlri0NnZXW0Li4hEV3+6ZQ0eWJVd4z9tYAJYDk9TQABnAxnmroz5Jc3l /wC2yj91pbd0tSqr5rfP8Wn9/u7nwtd/DLx58Uta+NXhDTNZ0XS/DOt679ivTdaRJe6iol0bTlle 3n+1RQodhGzdC+xgWyeAPHZRr3w++I/xFvPBaXKXPxI1248FLOgaU2+pCzsX0y8YE8JBDNevIR12 rn2/UyiphZSTt9lR9fhu/uTSWtua/QcpXXzuvJ6/rZ+dvM+ef2WtE0/wx8GbHwzpMZisNH1XxBZW yMSxWC21i8iiBLZJIRRyTk9a+gJyAgJIHzJ1Yp/EO4/l36d6mqOXdtGzdncv3cZxkZ+9xjHXvjpz irrVHObm+pCSWiJK+Bv2kvHfwkuPG2qfBfUtV0jwzqvivSrePxHrmpzRxtb6QsjiK2tVlP7y6k8y QxgYWIMZm3NsVvvmisXG7Xb+v6/AtStc+OPiZqvgjw98QfCPirWtfku/D2jeKpzq8t9db7HRbyfQ mitFfeuyCJgyMu4gCafduBfB8E8I678PfCUr+JfiNFFZ+CvEWgeKU8P/AGyPFtPbXeu3VyLa2iZe XurOS2aGJcNJGoCqwX5f1BIDAqwyD2NBAOMjOOaJx5lZ+a+Tjyv566fimEZWVvT8Jcy/4J8b+MtK 8X2v7MHw10W9KWviiC58DwSnUY2uUjvkvrFX+0Rq6NIFkB3gSKTz8w615p8b/gPqWqaPPf8AxQ1O w1O68da14V0KeLRbCTS7aGzhv3AfD3FxI8pNwxLs4wFVQAK/RSiuivVVSfPJfb5//SdF22av5+RM PdjZdrfn/nt5H5s+ANW8S/EX4v8Awv8AiF4wjmi1LwvqF14OdJFKI2oWmjahLrFzGAdrRzXKQxq2 OPIOMZIr9JqKKVWrzKN+n53bfpdt6CSS2/pLRfcrIyNOkje6vFR0cq+CFuWmI5P3kbiM+w+navLf 2jUu5vgJ8QbaysH1Sa40O/hFvHvLOJYWQ4EeXOAS2F5OMDrXrVp9o8+487ztu75PN8rbjJ+55fzY /wB/np71frnqQ5ouPc0pz5ZKXY/Pn4LXOgP4m8YXN98Rk8T6bP8A8Ico8T6OsWnW8t7DK8UWkstr ugZncIZVX5jHciGTAVK4VJrTV9F0H4ceERn4o6Nrfji51C2jP/ExtUubbVVW4nYbXSK5muLNonY7 ZN0e0ttyP0/CqowowPajABLAcnqaut+8TjLrf8bf5fP1u2sPJ02mulv1/ry6aaHxL8Cdb8FeJ/iJ 4RuPhosbWWgeAxp2sfZlCraXLXFobOyutoXFxCIrv90yho8sSq7xnzP4jXPxD8S+PfE37QvhTw9a 6po/w1v4bbTrxr6SK9W10MyjXEtbQWzrN9r864tyTPHkwocHYuf0mAAzgYzzS1rVrOTjLqr29XJy v+LVuqdnczpQUYez6WS+SVvv0Wv4H5WRa3qWi+PviB4x+Hbyy/8AC3tbm8KwXduDKkd9NZWM+lX2 M4EcME95I5HUKufb7N/Za0TT/DHwZsfDOkxmKw0fVfEFlbIxLFYLbWLyKIEtkkhFHJOT1r6GoojN RpKlFbKK/wDAVbt3bfley21qTbk5Pdtv5vf8LL5eZDOQEBJA+ZOrFP4h3H8u/TvU1Ry7to2bs7l+ 7jOMjP3uMY698dOcVJWQH5r/ALWMs2jeI/iBpWi32j3Gr+P/AAvZadHp+qRXB1F5Y5bmO2TR0jjZ buSWSXDoGT7M/lzuWU7a9b+ImpeEfDfjnwb4n8TeIHvNG0TxRL/bc19cg2GjX82gmG2Vw42W8Tbk ZcnaJp924F8H7MwCQSOR0oIDAqwyD2NELpf13v8A18u1m5O7v/W1v0X9M/L7wjrvw98JSv4l+I0U Vn4K8RaB4pTw/wDbI8W09td67dXItraJl5e6s5LZoYlw0kagKrBfl958Z33jnQf2V/Bvw7tUkTx/ 4w0vSfDUMc8rRypeXFoovZJJlEhQwQRzyNJtYgpkBjgH7IIBxkZxzS1SaUHTto2vuTk7fPmab9NB ub53UW+/ztFfd7qduvc/KbxZ4Xki8Lah+y/490K18PadqXifQNR0zT9NvHureHSdYvxDcRwTmG2Y +RdiRyPLUIJkUZGDXZ+ANW8S/EX4v/C/4heMI5otS8L6hdeDnSRSiNqFpo2oS6xcxgHa0c1ykMat jjyDjGSK/Sairw9XkTvq3f8A9JUV3eyd9dW7vaxM9X/Xdyf/AJNZ+VrBUMRBeYAg4YZwxbHyjqD9 36D696mqNN26Tduxu4zjGMDpjnGfXnOe2KyAr6jYQ6pp91ply0iQ3cTwu0MrwShZFKkpLGVdGweG VgynkEEZr4Gv9E8O+BvBskENotn4N8L/ABMgn1BCxaG3skWMiacvvLRx3LxTSO+cEGRmGCw/QWgg EYPINKF4z512/KUZL/0m3zFUXNDkfn+MZRf/AKVf5I+E/DM+leIdF+Il54F1me0bxPqXiWXwnbWc /k2uq50u1iuLiFF4kRb1ZZEkBALs0gJD5Ph3ibWfAfibTfCeqeBLZLrw54Q8N6BH4rW1i3x2dvb6 5pc4tb5ETmS2ggvXkhZN0abyyqH5/VwAAYHAFAUDOBjPJralV5JxnFbKK/8AAYuK+9O78/uKqPmV n/e/8mcW/muVW+bPmv4N+I/Cl5qvxX8feHruCTwldazHcxahAwNjcfZdLtY7ueGRTsdFkjZXkX5S 6NySDXzN4DvPiH4W8aeG/wBofxToFppuifEm9nttSvUvZJbx7TXmi/sNbq0+zRpF9j8q3tw3nSbf OckDexH6WgBQFUYA7ClrFKzuu1vl9pfNbdvPo5SurP1+fT7t33fY/Frw9pepWX7PqfAuCC4fw/4s 8NL44lm3PtitrWwkkvrZH3ZG7UobVyo/guXAwBX7F+G+fDulk/8APrB/6LFbVFVffzt+F7fg0vlf qE3zcvlf53t+qbvvrboQykB4QSBljjLFc/KegH3vofr2qao33bo9u7G7nGMYweuecZ9Oc47ZqSkS fOvi3whoFh8fvAfjOCB21jUzqVvNPJNLLtgisTtiiR2KRISAzLGqhm+ZstzXkXirxJ8LfB3xJ0rx T4517+0vB8uieLLCPUdXnFxbrqL6lDJd6eGddvmbEkhhi4JjhMSh9vH3PSEBuozjmocdfv8AxTj+ rfqODtfzaf3W/wAvuPyag+z+GfhZ4p8CeO7Z7bx54l8I+E7bw5aXQzfXN1DYrDBFaK3z+ba6gGkk 2tmEsJGCj5j9p/Huy8S3/if4UWvhK4sbXVW8QXflSalayXtqoGi6gX3wxSwM2VyBiRcHB5Hyn6SI BIJHI6UtdUq3NdtdW/v/AK17+RMFZJeX6f1b9T8zvjB8C/EtjqXhkTaha6l408ReItT8RW0mn2ra dYwarpmiM1gscBlmbb5lpH5heRi5Ziewrufghq5+IX7QFl8cmhuLeLx54b1j7DBcqySQaXpl5pcF shQkgeZK1zcZHJEozkAV98UVGHn7OfNbo1b1i439bW+St1uqnrG39PW/3X106hUMBBQkEH5n6MX/ AIj3P8u3TtU1Rxbtp37s7m+9jOMnH3eMY6d8dec1mI8U/aF8bfD34d/DK78X/EqyXU9N065tJbe0 ZlXz7+OZXtFy5CDEqq5ZztUKWbha8V+GR8Maz4UvfEem+PbO/wDE/i3XtQvTD4dvV/s19Wk0loV0 5SgBmWC1jWYs+0vKgnIXhR9s0VlOlzRnFv4lb0Ttf56LXyXnfRVLOLXT/g/hrt5vyt+S1/d+GfFf w48OaZ8PbQ3s/hL4dmy8U2lmmbi1Vb7S2lsLxVXP2gpbX37l0LnEh2Yf5vtD4Na54X8XfFf4jeLv h5PBf+Fru10K3W9sirWVzqVul0bkxunyyOkElqjsvTaqE5QgfTAAGcDGeTQAFGFGB7V2zruTk2t7 /e5OT+Wv63MYxsrL+rJL9Pu08z4P+H3wp8c/EbwylrqWtaNaeEbXxlq2pLDFpMrauW07xFc3Cp9t a68td8seC624YRnaMnLHwPwNpN/Fol98HrSC5TR/jTqOqX9xLHuKwrpWp3ceth3BBjW5s4bSBMdG kJHPX9baK5asVK9tL3/4Z+V0r97GqnZt9fy3+V9WeRfs/O8nwG+G8knDN4b0cntybOLNeu0UV04q t7SrKpa12395lCNkkFYPib/kDyf9dIP/AEalb1YPib/kDyf9dIP/AEalYFH/1f3o0P8A5Amn/wDX vF/6AK1Ky9D/AOQJp/8A17xf+gCtSgDnP+Ex8I/9Byx/8CYv/iqP+Ex8I/8AQcsf/AmL/wCKr4Go oA++f+Ex8I/9Byx/8CYv/iq2ft1j/wA/Ef8A32P8a/O2vsigD0r7dY/8/Ef/AH2P8aPt1j/z8R/9 9j/GvNaKAPSvt1j/AM/Ef/fY/wAaPt1j/wA/Ef8A32P8a81ooA9K+3WP/PxH/wB9j/Gj7dY/8/Ef /fY/xrzWigD0r7dY/wDPxH/32P8AGj7dY/8APxH/AN9j/GvNaKAPSvt1j/z8R/8AfY/xo+3WP/Px H/32P8a81ooA9K+3WP8Az8R/99j/ABo+3WP/AD8R/wDfY/xrzWigD0r7dY/8/Ef/AH2P8aPt1j/z 8R/99j/GvNaKAPSvt1j/AM/Ef/fY/wAaPt1j/wA/Ef8A32P8a81ooA9K+3WP/PxH/wB9j/GpYp4J s+TIsmOu0g4/KvMKu2F49jcrMvK9GHqKAPR6yv7b0z/nt/463+FaUciSxrLGcqwyDXl1AHf/ANt6 Z/z2/wDHW/wo/tvTP+e3/jrf4VwFFAHf/wBt6Z/z2/8AHW/wo/tvTP8Ant/463+FcBRQB3/9t6Z/ z2/8db/Cj+29M/57f+Ot/hXAUUAd/wD23pn/AD2/8db/AAqG81rStJCTX0yxLdnfGRG2WAVQc4By enJxxgdq4aq/jz/jx0X/AK5v/KOgDs/+E18M/wDP5/5Dk/8AiaP+E18M/wDP5/5Dk/8Aia8EooA9 7/4TXwz/AM/n/kOT/wCJo/4TXwz/AM/n/kOT/wCJrwSgkAZNAHvf/Ca+Gf8An8/8hyf/ABNH/Ca+ Gf8An8/8hyf/ABNfPtvc292hktpFlUHGVORkVPQB73/wmvhn/n8/8hyf/E1bs9e0fWpTa6fOs0iY kIaNsbVYc/MAM5xj0PPavnmu++HX/Ibn/wCvdv8A0NKAPQv+Eu8Pf8/f/kN//iaP+Eu8Pf8AP3/5 Df8A+JrxOivG/tGfZH6D/qnh/wCaX3r/ACPbP+Eu8Pf8/f8A5Df/AOJo/wCEu8Pf8/f/AJDf/wCJ rxOij+0Z9kH+qeH/AJpfev8AI9s/4S7w9/z9/wDkN/8A4mj/AIS7w9/z9/8AkN//AImvE6KP7Rn2 Qf6p4f8Aml96/wAj2z/hLvD3/P3/AOQ3/wDiaP8AhLvD3/P3/wCQ3/8Aia8Too/tGfZB/qnh/wCa X3r/ACPbP+Eu8Pf8/f8A5Df/AOJqa817R9FlFrqE6wyPmQBY2xtZjz8oIznOfU8968NrqviL/wAh uD/r3X/0N67cJiJVL3Pn89ymnheT2bbvffyt5I73/hNfDP8Az+f+Q5P/AImj/hNfDP8Az+f+Q5P/ AImvBKK7D5497/4TXwz/AM/n/kOT/wCJo/4TXwz/AM/n/kOT/wCJrwSmSSJEjSSMFVRkk8AAUAe/ f8Jr4Z/5/P8AyHJ/8TR/wmvhn/n8/wDIcn/xNfP8M0VxEs0Dh0boRyDUtAHvf/Ca+Gf+fz/yHJ/8 TVu317R9RilurSdZI7H95KTG2VXa3IyAc4B6Z4yO9fPNd94R/wCQJ4h/69//AGSSgDvf+E18M/8A P5/5Dk/+Jo/4TXwz/wA/n/kOT/4mvBKKAPe/+E18M/8AP5/5Dk/+Jo/4TXwz/wA/n/kOT/4mvBKK APe/+E18M/8AP5/5Dk/+Jo/4TXwz/wA/n/kOT/4mvn03Vstwtq0qiZhkJnkj6VPQB73/AMJr4Z/5 /P8AyHJ/8TR/wmvhn/n8/wDIcn/xNeCUUAfRFvJZ6KhtbhoYmY78QQmJcHjJALc8dc1P/bemf89v /HW/wrA8R/8AH8n/AFzH8zXP0Ad//bemf89v/HW/wo/tvTP+e3/jrf4VwFFAHf8A9t6Z/wA9v/HW /wAKP7b0z/nt/wCOt/hXAUUAd/8A23pn/Pb/AMdb/Cj+29M/57f+Ot/hXAUUAegHUbGaJ7pZFMdp mRyUYlV2tyO4OM9M8ZHesr/hNfDP/P5/5Dk/+JrKtf8AkCaz/wBe7f8AoD14zQB73/wmvhn/AJ/P /Icn/wATR/wmvhn/AJ/P/Icn/wATXglFAHvf/Ca+Gf8An8/8hyf/ABNH/Ca+Gf8An8/8hyf/ABNe CVAbq2W4W1aVRMwyEzyR9KAPoL/hNfDP/P5/5Dk/+Jo/4TXwz/z+f+Q5P/ia8EooA97/AOE18M/8 /n/kOT/4mtiS+s7A+TcOqMxZ8KhAwzE9s8+p7nmvmyvcPEf/AB/J/wBcx/M0Ab/9t6Z/z2/8db/C j+29M/57f+Ot/hXAUUAd/wD23pn/AD2/8db/AAo/tvTP+e3/AI63+FcBRQB3/wDbemf89v8Ax1v8 KP7b0z/nt/463+FcBRQB3/8Abemf89v/AB1v8KP7b0z/AJ7f+Ot/hXAUUAehi+s5E+3q6mKIFC2w 7gWK9D1x6jHPHpUf9t6Z/wA9v/HW/wAKwLf/AJF66/66D+a1z9AHf/23pn/Pb/x1v8KP7b0z/nt/ 463+FcBRQB3/APbemf8APb/x1v8ACj+29M/57f8Ajrf4VwFFAHf/ANt6Z/z2/wDHW/wo/tvTP+e3 /jrf4VwFFAHoUesadK6xpLlnIAG1up/Cs648SaHpUn9nXlysU0CqGVY3Cj5QRgAEAY6DJxXM2H/H 9b/9dE/mK43xr/yM15/2z/8ARa0Aepf8Jr4Z/wCfz/yHJ/8AE0f8Jr4Z/wCfz/yHJ/8AE14JRQB7 3/wmvhn/AJ/P/Icn/wATR/wmvhn/AJ/P/Icn/wATXglRTzw20RmuHEaL1JOBQB9Af8Jr4Z/5/P8A yHJ/8TR/wmvhn/n8/wDIcn/xNeBI6yIsiEMrDII6EGnUAe9/8Jr4Z/5/P/Icn/xNSRX+l37jXreW F7e3/dtI0DeaGPZXJBA+YcbT35548Ar03w5/yJl9/wBfH/xuoqy5YuS6GdabjByXRHe/8JDo/wDz 8f8Ajj/4Uf8ACQ6P/wA/H/jj/wCFeY0V4/8AadTsjwP7Yq9kenf8JDo//Px/44/+FH/CQ6P/AM/H /jj/AOFeY0Uf2nU7IP7Yq9kenf8ACQ6P/wA/H/jj/wCFH/CQ6P8A8/H/AI4/+FeTR39lLdSWMc6N cRDLRgjcAfUfjVupWaTe1v6+Yo51UeyX9fM9O/4SHR/+fj/xx/8ACnxa7pU0iRRz5dyFA2tyTwO1 eXVd03/kI2v/AF1T/wBCFXDMZtpWRcM2qNpWR3Fx4k0PSpP7OvLlYpoFUMqxuFHygjAAIAx0GTio f+E18M/8/n/kOT/4mvLfGv8AyM15/wBs/wD0WtctXtH0J73/AMJr4Z/5/P8AyHJ/8TR/wmvhn/n8 /wDIcn/xNeCUUAe9/wDCa+Gf+fz/AMhyf/E0f8Jr4Z/5/P8AyHJ/8TXz/PPDbRGa4cRovUk4FPR1 kRZEIZWGQR0INAHvv/Ca+Gf+fz/yHJ/8TR/wmvhn/n8/8hyf/E14JRQB9DJr2jzWj6zHOptbfMbv 5bbgzFeBxnHIzwc8elVP+E18M/8AP5/5Dk/+JrgtP/5J9qf/AF8L/OKuBoA97/4TXwz/AM/n/kOT /wCJo/4TXwz/AM/n/kOT/wCJrwSigD3v/hNfDP8Az+f+Q5P/AImj/hNfDP8Az+f+Q5P/AImvBKgu Lq2tVD3MixKxwCxxk0AfQX/Ca+Gf+fz/AMhyf/E0f8Jr4Z/5/P8AyHJ/8TXglFAHvf8Awmvhn/n8 /wDIcn/xNTW/iTQ9Vk/s6zuVlmnVgqtG5U/KScggAjHUZGa+fq6nwV/yM1n/ANtP/RbUAeyS67pU MjxST4dCVI2twRwe1M/4SHR/+fj/AMcf/CvPtS/5CN1/11f/ANCNUq8WeYzTasj56ebVE2rI9O/4 SHR/+fj/AMcf/Cj/AISHR/8An4/8cf8AwrzGil/adTsif7Yq9kenf8JDo/8Az8f+OP8A4Uf8JDo/ /Px/44/+FeTXd/Z2CLJezJArsFBc4BJ7VbqVmk720/r5iWdVL2sv6+Z6d/wkOj/8/H/jj/4Uf8JD o/8Az8f+OP8A4V5jRVf2nU7If9sVeyPVhf2SxjUPMXyZQEVth3EqW6nrjrgY459aZ/bemf8APb/x 1v8ACubb/kWbT/rof5vWJXsUpc0VJ9T36M3KCk+qO/8A7b0z/nt/463+FH9t6Z/z2/8AHW/wrgKK s0O//tvTP+e3/jrf4Uf23pn/AD2/8db/AArgKKAO/wD7b0z/AJ7f+Ot/hR/bemf89v8Ax1v8K4Ci gDupryw1SJrGF45HlxhZYmkQ7eeVO3PTjnrVD/hKvD1h/oM90qSW/wC7ZUidVDJwQAAQACOBk/Ws nRP+QnD/AMC/9BNeX65/yG9Q/wCviX/0M0Aezf8ACa+Gf+fz/wAhyf8AxNH/AAmvhn/n8/8AIcn/ AMTXglFAHvf/AAmvhn/n8/8AIcn/AMTR/wAJr4Z/5/P/ACHJ/wDE14JUFxdW1qoe5kWJWOAWOMmg D6C/4TXwz/z+f+Q5P/iaP+E18M/8/n/kOT/4mvBKKAPe/wDhNfDP/P5/5Dk/+JrTi1TTpbddVjlU 284CK+xgxKls57464GOOfWvnGvXNO/5EvT/+uj/+hvQB2f8Abemf89v/AB1v8KP7b0z/AJ7f+Ot/ hXAUUAd//bemf89v/HW/wo/tvTP+e3/jrf4VwFFAHf8A9t6Z/wA9v/HW/wAKP7b0z/nt/wCOt/hX AUUAd/8A23pn/Pb/AMdb/ClGo2F7utIZFd5VYAMjFTx3BxkeozzXn9auif8AITh/4F/6CaAOol13 SoZHiknw6EqRtbgjg9qZ/wAJDo//AD8f+OP/AIV59qX/ACEbr/rq/wD6EapV4s8xmm1ZHz082qJt WR6d/wAJDo//AD8f+OP/AIUf8JDo/wDz8f8Ajj/4V5jRS/tOp2RP9sVeyPTv+Eh0f/n4/wDHH/wo /wCEh0f/AJ+P/HH/AMK8wJAGTwBVazvrPUIjNZTLPGCVLIcjI7VP9qTvbT+vmJ51Uvay/r5nrH/C Q6P/AM/H/jj/AOFH/CQ6P/z8f+OP/hXmNFV/adTsh/2xV7I9O/4SHR/+fj/xx/8ACm3et6TpSpPe zrEl588ZEbZYBVGTgHnp1xxgdq8zqz44/wCQdof/AFyb/wBBjrsweKlUbUjvwGNnVbUkdt/wmvhn /n8/8hyf/E0f8Jr4Z/5/P/Icn/xNeCUV3nqHvf8Awmvhn/n8/wDIcn/xNH/Ca+Gf+fz/AMhyf/E1 4JQSAMmgD3v/AITXwz/z+f8AkOT/AOJo/wCE18M/8/n/AJDk/wDia+fbe5t7tDJbSLKoOMqcjIqe gD3v/hNfDP8Az+f+Q5P/AImrdnr2j61KbXT51mkTEhDRtjarDn5gBnOMeh57V88133w6/wCQ3P8A 9e7f+hpQB3v/AAmvhn/n8/8AIcn/AMTR/wAJr4Z/5/P/ACHJ/wDE14JRQB73/wAJr4Z/5/P/ACHJ /wDE0f8ACa+Gf+fz/wAhyf8AxNeCUUAe9/8ACa+Gf+fz/wAhyf8AxNH/AAmvhn/n8/8AIcn/AMTX z7LdW0EkcU0qo8pwoJwSfap6APe/+E18M/8AP5/5Dk/+Jo/4TXwz/wA/n/kOT/4mvBKKAPoW2nsb LdfM8Kx3+JEaKBkZlPOXOSWOGHJA78Va/tvTP+e3/jrf4Vy11/yBNG/691/9ASsmgDv/AO29M/57 f+Ot/hR/bemf89v/AB1v8K4CigDv/wC29M/57f8Ajrf4Uf23pn/Pb/x1v8K4CigDv/7b0z/nt/46 3+FH9t6Z/wA9v/HW/wAK4CigD0OO+s78+TburspV8MhIwrA98c+h7Hmsz/hLvD3/AD9/+Q3/APia z/Dn/H8//XM/zFeR1x4vESp2sfQ5FlNPFc/tG1a23nfyZ7Z/wl3h7/n7/wDIb/8AxNH/AAl3h7/n 7/8AIb//ABNeJ0Vxf2jPsj6D/VPD/wA0vvX+R7Z/wl3h7/n7/wDIb/8AxNH/AAl3h7/n7/8AIb// ABNeJ0Uf2jPsg/1Tw/8ANL71/ke2f8Jd4e/5+/8AyG//AMTR/wAJd4e/5+//ACG//wATXidFH9oz 7IP9U8P/ADS+9f5Htn/CXeHv+fv/AMhv/wDE1an1nSrCOO5uZljjvP3kZEbZYbV5OAeenXHGB2rw mu28Uf8AIH0L/rh/7LHWsMbNxk9NDjxHDlCFWnBN2k326K/Y7b/hLvD3/P3/AOQ3/wDiaP8AhLvD 3/P3/wCQ3/8Aia8TorL+0Z9kdn+qeH/ml96/yPbP+Eu8Pf8AP3/5Df8A+Jo/4S7w9/z9/wDkN/8A 4mvE6KP7Rn2Qf6p4f+aX3r/I9s/4S7w9/wA/f/kN/wD4mj/hLvD3/P3/AOQ3/wDia8Too/tGfZB/ qnh/5pfev8j2z/hLvD3/AD9/+Q3/APiaP+Eu8Pf8/f8A5Df/AOJrxOij+0Z9kH+qeH/ml96/yPd7 XV9M1MNNZzLItod7ko2VBVhxkDB68jPGR3qT+29M/wCe3/jrf4VwXgz/AI8dX/65r/J6bXp4eo5w UmfHZrhI0K8qUNlbf0TO/wD7b0z/AJ7f+Ot/hR/bemf89v8Ax1v8K4Citjzzv/7b0z/nt/463+FH 9t6Z/wA9v/HW/wAK4CigDv8A+29M/wCe3/jrf4Uf23pn/Pb/AMdb/CuAooA7/wDtvTP+e3/jrf4V JJfWdgfJuHVGYs+FQgYZie2efU9zzXnldB4j/wCP5P8ArmP5mgDf/tvTP+e3/jrf4Uf23pn/AD2/ 8db/AArgKKAO/wD7b0z/AJ7f+Ot/hR/bemf89v8Ax1v8K4CigDv/AO29M/57f+Ot/hR/bemf89v/ AB1v8K4CigDv/wC29M/57f8Ajrf4U+PWNOldY0lyzkADa3U/hXntW7D/AI/rf/ron8xQB6TWD4m/ 5A8n/XSD/wBGpW9WD4m/5A8n/XSD/wBGpQB//9b96ND/AOQJp/8A17xf+gCtSsvQ/wDkCaf/ANe8 X/oArUoA/OVFLuqAgFiBk8DmvvZ/DWmHwy3hxLaNbYwGPbgbd23G76553dc89a+OvBvgjU/GlxPF YSxQRWuwyySHpvzjAHJJ2n296+uT4euD4M/4RX+0sTfZvs32nbzjG3O3d/d4+9QB8KMNrFc5wccd K+x6+a/GfgjU/BdzDFfSxzxXW8xSRn72zGcqeQRuHt6GvpSgD4W0fxt410L9sTxJbarrNzceDNXn ttBgspZna3s9RbTIb+F442JVPOEcynaBljznIxj/AA4+LnjO8+MHxJ8cXbajr3hufRxfaDo9nI0w a2tb2XT0lghYiNWuWgaXeP4GBJIFe0ePf2cYvG9t8QAviKXS73xle6XqNndwQETaVdaXDFFHJGwl UuzeWTkGMgMQD3rM8W/ssaP4h0nUNC0vW5NIsLjwvp3hq2jSASGFNNujcpK5MgEqucJJEQu5d3z/ ADcVTsrX6K33xevqpaejCpqn5tfhJfg4/ivMi8OftI+Idf1bxF4Rg8IWd74n0XSf7XhstL12DUY5 0WRUe2kmjiXybkbhtjKMrcYfBzXd/CH47aT8bby8u/BOl3DeG7CCES6ncZhzqEih3s0hZcsYUYea +4KGIVdwO6vNrD9m3xxper33iPRvHGn6FqV1ocuhQLpWgJZ2llDJPFKJbeFLrIlARxuZ2G5lIACb W9G+FXwJ0v4M67eHwJqUlt4X1G0gWfSJUaX/AImECiM3qTmT5WljUCZfLO9gH3DGKceXr2/G7/C1 vPmt0uTLy/pWX63+V+tj5r+LPiTwkf2jPEPh/wCJHxI8R+DtLtND06ewttH1G8tYXkd5hO7JbI43 ABOTjOe+ONz4d/GT4l+E/BGm6aNE1Tx/ceIPEOo6b4Zl1SZdMvrzS7eA3EFzdPPEpwVST52QMygN tyQtfVGkfDwaV8U/EXxL/tAy/wBv6fYWP2TytvlfYWmbf5m47t/m4xtG3HU54v8AiXwUPEXizwj4 o+2fZ/8AhFbm6uPJ8vd5/wBptJbXbu3DZt8zdnDZxjjORlRTULPrf/0q/wB9tPJNms2nLbt/6Tb7 r7+aPlq/+JvxHtte0u38MabdTT3vjmTT9Ttb3Vo2SNho63JtLd/s52W4OZBt53xnkiX5c/Wfjdov w91rQPFfibXNSs/D1vq3jWC6jurtrlria0udkMMaKqBlDAi2iIPlrhdxwWr2TXvgZrF3Jc6l4c8U LpWqt4r/AOEot55LEXMcTGyFi9s8RmTerR7jvDKQTwOMmB/2bvD2pXdj/wAJTcw61ptrf+JL2S0n tBtl/wCEhlZyoYyHY0AYqHAy2cjZVJvkVt+Vffywv+Kklv310uPl5+6v+s/84kN18Stbstd0jxB4 o0S90W+HhXX9WOkrqKyW4js5rMqtwixbTclXG1lYiINIvz7siz8Pvjr4j8WeIfDel+JfBE3hzT/G mnS6jo9019FdPIkKJI6XEKKvkMUkVkAZ8g4O1gyilpX7PWsWejW2i6t4xfVk07QNb8OWk01mBOtn qj25gMzCbEr2yQBCQqeaCCdhB3ekxfDTyta8Cav/AGln/hCbG5s9nk/8fP2iCKHfnf8Au9vl5xhs 5xkYydIqOt/l98/x+Hy9dTN3su+t/ko2+T97z9ND1OiiisxhRRRQAUUUUAFFFKASQAMk0AdR4du5 CzWbAlQCyn09a5avQNKsBY2+G/1r8sf5D8K8/oAKKKKACiiigAooooAKr+PP+PHRf+ub/wAo6sVX 8ef8eOi/9c3/AJR0Aeb0UUUAQXNzBZwNc3L7I06n68dq5fxFrMX9nJDYP5j3vAK9dvQ/ien511Nx bw3UL286h43GCDXKad4VFlqf2qSQSQx8xj+LPbPbigDb0TThpmnpbn/WN8zn/aP+HStaiigArvvh 1/yG5/8Ar3b/ANDSuBrvvh1/yG5/+vdv/Q0oA5Wiiivlz9oCiiigAooooAKKKKACuq+Iv/Ibg/69 1/8AQ3rla6r4i/8AIbg/691/9DevUy37XyPi+L/+XXz/AEOBooor1D4sqXl9a2EQmu5PLQkKDgnk /SuU8S37XZg0ewbe1ztZiOmD90f1NdVfWNvqNs1tcrlW6HuD6j3rn9D8NnS7qS6uHWVh8seOwPUn PegDobCzjsLOK0i6RjGfU9SfxNW6KKACu+8I/wDIE8Q/9e//ALJJXA133hH/AJAniH/r3/8AZJKA OBooooAKy21nTR9oAmBa1BLjnIx6evPHFalchrXhZb+f7VZMsTuf3gOcH3GO/wDOgCr4ct5dSv59 euh3IjHv0/QcV3NV7S1is7aO1hGEjGB7+/41YoAKKKKAPcPEf/H8n/XMfzNc/XQeI/8Aj+T/AK5j +Zrn6ACiiigAooooAKKKKANa1/5Ams/9e7f+gPXjNezWv/IE1n/r3b/0B68ZoAKKKKAMttZ00faA JgWtQS45yMenrzxxXNeHLeXUr+fXrodyIx79P0HFWta8LLfz/arJlidz+8Bzg+4x3/nXT2lrFZ20 drCMJGMD39/xoAsUUUUAFe4eI/8Aj+T/AK5j+Zrw+vcPEf8Ax/J/1zH8zQBz9FFFABRRRQAUUUUA FFFFAHQW/wDyL11/10H81rn66C3/AOReuv8AroP5rXP0AFFFFABRRRQAUUUUAW7D/j+t/wDron8x XG+Nf+RmvP8Atn/6LWuysP8Aj+t/+uifzFcb41/5Ga8/7Z/+i1oA5aiiigCld6jZWLRrdyiMynC5 zzj+X41yGuzSazqsOiWzfu0OZCOme/5D9TXUarpVvq1t5M3yuvKP3U/4eorP8P6EdJWSSdleeTjK 9Avpzjr3oA6CGJIIkhiGEjAUD2HFSUUUAFem+HP+RMvv+vj/AON15lXpvhz/AJEy+/6+P/jdZYj+ HL0Zhiv4UvRmdRRRXzB8cFctdeLdHTSrrUrOdZ/s/wAu0ZBLn7owcHBPf0zXU15lqvw7iutUS5sZ FgtZGzNGc5Hrsxxz6Hp+lcWNnWjH9yr/ANbnn5hPERivYJP+tH/mT+AtKm8ufxFfZa4vidpPXYTk n/gR/QV6NTIo44Y0hiUKiAKoHQAcAU+tcLh1SpqCNsHhlRpqmv6YVd03/kI2v/XVP/QhVKrum/8A IRtf+uqf+hCuun8SO6l8SOf8a/8AIzXn/bP/ANFrXLV1PjX/AJGa8/7Z/wDota5avqT7QKpXeo2V i0a3cojMpwuc84/l+NXay9V0q31a28mb5XXlH7qf8PUUAcvrs0ms6rDols37tDmQjpnv+Q/U13EM SQRJDEMJGAoHsOK5/wAP6EdJWSSdleeTjK9Avpzjr3rpKACiiigDvtP/AOSfan/18L/OKuBrvtP/ AOSfan/18L/OKuBoAKKKKAKU2o2UF1HZTShJpRlVOefx6VxtwT4j19bZTm0tM7j2OOv5nj6V0Wt6 JFq0QZSEuEHyP/Q+38qdoWkDSLTynIaZzl2HT2A9hQBt0UUUAFdT4K/5Gaz/AO2n/otq5aup8Ff8 jNZ/9tP/AEW1AHQal/yEbr/rq/8A6EapVd1L/kI3X/XV/wD0I1Sr5ap8TPi6vxMKzLjWdMtL6LTb m4WO5nGUQ55zwOegyemTzWnXK+J/C9v4htwykRXcQ/dydsf3W9v5Vy4iU1Bumrs48VKooN0ld9jj rwnxn4sWyQ7tP0/O4jo2D83/AH0eB7DNetgY4Fcz4V8PDw9p5gkZXuJTukZensBnnAH9a6aufAUJ Ri51Pilq/wBF8jmy3DyjF1KnxS1f6L5BRRRXeeide3/Is2n/AF0P83rErbb/AJFm0/66H+b1iV9P h/4cfRH2OF/hR9EFFFFam4UUUUAFFFFAGron/ITh/wCBf+gmvL9c/wCQ3qH/AF8S/wDoZr1DRP8A kJw/8C/9BNeX65/yG9Q/6+Jf/QzQBlUUUUAUptRsoLqOymlCTSjKqc8/j0rjbgnxHr62ynNpaZ3H scdfzPH0rotb0SLVogykJcIPkf8Aofb+VO0LSBpFp5TkNM5y7Dp7AewoA26KKKACvXNO/wCRL0// AK6P/wChvXkdeuad/wAiXp//AF0f/wBDegCnRRRQAUUUUAFFFFABWron/ITh/wCBf+gmsqtXRP8A kJw/8C/9BNAGHqX/ACEbr/rq/wD6EapVd1L/AJCN1/11f/0I1Sr5ap8TPi6vxMKq3t7a6daveXsg ihjxuYgnGTgcDJ61aqtd2lvfW0lpdoJIpRhlPesp3s+Xcwqc3K+Xc4Txh4lg/seK30mUTSakNqlO uzoffJPy4+vpXSeGNGXQ9IitD/rW+eU/7bdfy6fhXL6L4CGma39vmmWa2hy0KnO/d23cY+X26nni vSK87B0qkputWVnsl/Xc8vA0as6jr11Z7Jdu/wB7CiiivTPXCrPjj/kHaH/1yb/0GOq1WfHH/IO0 P/rk3/oMdeplnxM9nJ/ikedUUUV7B75Bc3MFnA1zcvsjTqfrx2rl/EWsxf2ckNg/mPe8Ar129D+J 6fnXU3FvDdQvbzqHjcYINcpp3hUWWp/apJBJDHzGP4s9s9uKANvRNOGmaeluf9Y3zOf9o/4dK1qK KACu++HX/Ibn/wCvdv8A0NK4Gu++HX/Ibn/692/9DSgDgaKKKACqB1OwW6ayaZRMg3FT2GM9enTm r9cxrvh1NU/0i2IjuRwSejD3x/OgDI05W8Qa6+pSA/ZrUjYD7fdH9TXfVnaVp8emWUdqnJHLN6se prRoAKKKKAPZrr/kCaN/17r/AOgJWTWtdf8AIE0b/r3X/wBASsmgAooooAKKKKACiiigDoPDn/H8 /wD1zP8AMV5HXrnhz/j+f/rmf5ivI68vMvs/M+04Q/5e/L9Qoooryz7QKKKKACiiigArtvFH/IH0 L/rh/wCyx1xNdt4o/wCQPoX/AFw/9ljropfBP5fmeZjP94oer/8ASWcTRRRXOemFFFFABRRRQAUU UUAd94M/48dX/wCua/yem07wZ/x46v8A9c1/k9Nr3sF/CR+Y8Q/75P5fkgooorqPFCiiigAooooA K6DxH/x/J/1zH8zXP10HiP8A4/k/65j+ZoA5+iiigAooooAKKKKACrdh/wAf1v8A9dE/mKqVbsP+ P63/AOuifzFAHpNYPib/AJA8n/XSD/0alb1YPib/AJA8n/XSD/0alAH/1/3o0P8A5Amn/wDXvF/6 AK1Ky9D/AOQJp/8A17xf+gCtSgD5O/4UR4u/5+7H/v5L/wDG6P8AhRHi7/n7sf8Av5L/APG6/N3x x+1Tq3x58P3Pwq8GeE77StR1lokM7ah5g8lZYzMpXavDIcdR179Dz+teE/gn4d8QxRWOkX9k1hPD ZpNbvNFFLOiBlcygkc9WOc5zwCa8qrmsYOzR6eDyqpWV1ofqF/wojxd/z92P/fyX/wCN177/AMI5 ff34/wAz/hX5GfFf9pyHwx4ctLWLxTHoesTKGgkig+2pIMYxOJA2DkEgqy5HNfqnXZhsT7RXSscu KwkqMuWR0H/COX39+P8AM/4Uf8I5ff34/wAz/hXP0V0nMdB/wjl9/fj/ADP+FH/COX39+P8AM/4V z9FAHQf8I5ff34/zP+FH/COX39+P8z/hXP0UAdB/wjl9/fj/ADP+FH/COX39+P8AM/4Vz9FAHQf8 I5ff34/zP+FH/COX39+P8z/hXP0UAdB/wjl9/fj/ADP+FH/COX39+P8AM/4Vz9FAHQf8I5ff34/z P+FH/COX39+P8z/hXP0UAdB/wjl9/fj/ADP+FH/COX39+P8AM/4Vz9FAHQf8I5ff34/zP+FaGm6G 9rcefdMrbfuhcnn1OQK4+tLS742NyHP+rfhx7ev4UAehV5t9jm/vR/8Af1P8a9IVgyhlOQeQa8so At/Y5v70f/f1P8aPsc396P8A7+p/jVSigC39jm/vR/8Af1P8aPsc396P/v6n+NVKKALf2Ob+9H/3 9T/Gj7HN/ej/AO/qf41UooAt/Y5v70f/AH9T/GmeMNKvb+z0pbVUYxRsGzIijkJjBZhnp2qvXQax /wAeOnf9c/6LQB5d/wAIzrH/ADzj/wC/8X/xdH/CM6x/zzj/AO/8X/xddjRQBx3/AAjOsf8APOP/ AL/xf/F0f8IzrH/POP8A7/xf/F12NFAHHf8ACM6x/wA84/8Av/F/8XR/wjOsf884/wDv/F/8XXY0 UAcd/wAIzrH/ADzj/wC/8X/xddl4H0e/0/VpZrpUVGgZRtkRzksp6KxPakroPDn/AB/P/wBcz/MU Aedf2HqHpF/3/i/+Lo/sPUPSL/v/ABf/ABdaNFfMc8e39fcdH/ERMX/z7j+P+Znf2HqHpF/3/i/+ Lo/sPUPSL/v/ABf/ABdaNFHPHt/X3B/xETF/8+4/j/mZ39h6h6Rf9/4v/i6P7D1D0i/7/wAX/wAX WgSAMngChWV1DIQwPQjpS549vx/4Av8AiImL/kj+P+Zn/wBh6h6Rf9/4v/i6P7D1D0i/7/xf/F1o 0U+ePb+vuH/xETF/8+4/j/mZ39h6h6Rf9/4v/i63/HlhPdavDJE0SgQKPnmjjP3m7OwOPeqNO+Iv /Ibg/wCvdf8A0N69PLWnzW8jOfEVXH/xYpcva/X1b7HLf2Pd/wDPS3/8CoP/AIuj+x7v/npb/wDg VB/8XWVRXqGZq/2Pd/8APS3/APAqD/4uj+x7v/npb/8AgVB/8XWVQTjk0Aav9j3f/PS3/wDAqD/4 uj+x7v8A56W//gVB/wDF1kghgGU5B7iloA1f7Hu/+elv/wCBUH/xddr4XsJ4NI12N2iJlgwNs0bg fLJ94qxCjnqcV5rXfeEf+QJ4h/69/wD2SSgDlv7Hu/8Anpb/APgVB/8AF0f2Pd/89Lf/AMCoP/i6 yqKANX+x7v8A56W//gVB/wDF0f2Pd/8APS3/APAqD/4usqigDV/se7/56W//AIFQf/F0f2Pd/wDP S3/8CoP/AIusncu7bkZPOO9LQBq/2Pd/89Lf/wACoP8A4uj+x7v/AJ6W/wD4FQf/ABdZVFAHu2v2 8kt4jKUA8sD5nVT1PYkVifY5v70f/f1P8a1fEf8Ax/J/1zH8zXP0AW/sc396P/v6n+NH2Ob+9H/3 9T/GqlFAFv7HN/ej/wC/qf40fY5v70f/AH9T/GqlFAFv7HN/ej/7+p/jR9jm/vR/9/U/xqpRQBu2 9tINI1aMlMyQMB+8Qj7rdTnAHua8n/se7/56W/8A4FQf/F16ja/8gTWf+vdv/QHrxmgDV/se7/56 W/8A4FQf/F0f2Pd/89Lf/wACoP8A4usqigDV/se7/wCelv8A+BUH/wAXR/Y93/z0t/8AwKg/+LrK pNy7tuRk8470Aa39j3f/AD0t/wDwKg/+Lo/se7/56W//AIFQf/F1lUUAav8AY93/AM9Lf/wKg/8A i69b8RmIXyb5ooz5Y4eVEPU9mIOK8PrvviL/AMhuD/r3X/0N6ANPMH/P1b/9/wCL/wCKozB/z9W/ /f8Ai/8Aiq8uooA9RzB/z9W//f8Ai/8AiqMwf8/Vv/3/AIv/AIqvLqKAPUcwf8/Vv/3/AIv/AIqj MH/P1b/9/wCL/wCKry3cpYqCMjqO9LQB6jmD/n6t/wDv/F/8VRmD/n6t/wDv/F/8VXl1FAHuVogl 0C5SKSOTMg5WRGX+HqwOAfxrI+xzf3o/+/qf41W8K/8AIo3v/Xx/SOm0AW/sc396P/v6n+NH2Ob+ 9H/39T/GqlFAFv7HN/ej/wC/qf40fY5v70f/AH9T/GqlFAFv7HN/ej/7+p/jR9jm/vR/9/U/xqpR QBqWVpKt5AxaPAkU8SIT19Aa5PxdptxceIbuaN4QreXw88SNwijlWYEflXR2H/H9b/8AXRP5iuN8 a/8AIzXn/bP/ANFrQBl/2Pd/89Lf/wACoP8A4uj+x7v/AJ6W/wD4FQf/ABdZVFAGr/Y93/z0t/8A wKg/+Lo/se7/AOelv/4FQf8AxdZVIzKoLMcAdzQBrf2Pd/8APS3/APAqD/4uj+x7v/npb/8AgVB/ 8XWVRQBq/wBj3f8Az0t//AqD/wCLr0HQrSSDwjewyvFlp85EsbJ/yz6sGKg+xNeU16HpH/Ih6j/1 8D+cVZV/gl6GtHDKtONGT0k7ffoL9n/6bQf9/wCL/wCLo+z/APTaD/v/ABf/ABdcfRXzton0P/EO sN/z8l+B2H2f/ptB/wB/4v8A4uj7P/02g/7/AMX/AMXXH0UWiH/EOsN/z8l+B2H2f/ptB/3/AIv/ AIuj7P8A9NoP+/8AF/8AF1x9FFoh/wAQ6w3/AD8l+B2H2f8A6bQf9/4v/i6uadBjULY+bCcSpwJo yfvDoA2TXB1paN/yGLH/AK7xf+hCrpqPMiJ+H2HhFzVSWmvQ2vFehalea/dXNuiGN9mCZY1PCKOj MD+lc9/wjOsf884/+/8AF/8AF16Nrf8AyE5v+A/+gisqvpD5w47/AIRnWP8AnnH/AN/4v/i6P+EZ 1j/nnH/3/i/+LrsaKAOO/wCEZ1j/AJ5x/wDf+L/4uj/hGdY/55x/9/4v/i67GigDjv8AhGdY/wCe cf8A3/i/+Lo/4RnWP+ecf/f+L/4uuxooAWy0e/j8FX9gyp50k6so8xCMZj/iDbR0PU1xv/CM6x/z zj/7/wAX/wAXXqNv/wAi9df9dB/Na5+gDjv+EZ1j/nnH/wB/4v8A4uj/AIRnWP8AnnH/AN/4v/i6 7GigDjv+EZ1j/nnH/wB/4v8A4uj/AIRnWP8AnnH/AN/4v/i67GigDjv+EZ1j/nnH/wB/4v8A4uj/ AIRnWP8AnnH/AN/4v/i67GigDjv+EZ1j/nnH/wB/4v8A4uuh8KaFqVnr9rc3CII035IljY8ow6Kx P6VoVq6J/wAhOH/gX/oJoAztQspnv7lg0WDK55ljB+8exbIqp9gn/vRf9/o//iqNS/5CN1/11f8A 9CNUq+ZqOPM9D46q48z0/H/gF37BP/ei/wC/0f8A8VR9gn/vRf8Af6P/AOKqlRUXj2IvHt+P/ALv 2Cf+9F/3+j/+Ko+wT/3ov+/0f/xVUGdEALsFBOOTjk06i8ewrx7fj/wC79gn/vRf9/o//iqPsE/9 6L/v9H/8VVKii8ew7x7fj/wDspkEXhy1SWSNMSHlpEC9X6MTgn6GsLMH/P1b/wDf+L/4qo/Ef/Im WP8A18f/AByvMq+kofBH0R9bhv4cfRHqOYP+fq3/AO/8X/xVGYP+fq3/AO/8X/xVeXUVqbnqOYP+ fq3/AO/8X/xVGYP+fq3/AO/8X/xVeXUgZWJAIOOD7UAepZg/5+rf/v8Axf8AxVGYP+fq3/7/AMX/ AMVXl1FAHsuiGL+04ds8Ln5uEmjZj8p6BWJridX8ParPq17NGkZSSeRhmaIHBYkcF8j8ah8Ff8jN Z/8AbT/0W1dlf/8AH9cf9dH/AJmgDg/+EZ1j/nnH/wB/4v8A4uj/AIRnWP8AnnH/AN/4v/i67Gig Djv+EZ1j/nnH/wB/4v8A4uj/AIRnWP8AnnH/AN/4v/i67GigDjv+EZ1j/nnH/wB/4v8A4uj/AIRn WP8AnnH/AN/4v/i67GigDjv+EZ1j/nnH/wB/4v8A4uvSLOxuIPCllaS7FkSRif3iY5Zz97OD17Gs iuguP+Retf8Arof5tQBlfY5v70f/AH9T/Gj7HN/ej/7+p/jVSigC39jm/vR/9/U/xo+xzf3o/wDv 6n+NVKKALf2Ob+9H/wB/U/xo+xzf3o/+/qf41UooAt/Y5v70f/f1P8a0tHtpI9RhdihA3dJEY/dP YHNYVauif8hOH/gX/oJoAztQspnv7lg0WDK55ljB+8exbIqp9gn/AL0X/f6P/wCKo1L/AJCN1/11 f/0I1Sr5mo48z0PjqrjzPT8f+AXfsE/96L/v9H/8VR9gn/vRf9/o/wD4qqVFRePYi8e34/8AALv2 Cf8AvRf9/o//AIqj7BP/AHov+/0f/wAVVKmq6ONyMGHqDmi8ewrw7fj/AMAv/YJ/70X/AH+j/wDi qPsE/wDei/7/AEf/AMVVKii8ew7x7fj/AMAu/YJ/70X/AH+j/wDiqseMbGa4sNHWNogY4mB3zRoP up0LMAenbNZVWfHH/IO0P/rk3/oMdelltuZ2PXyhrmlY4/8Ase7/AOelv/4FQf8AxdH9j3f/AD0t /wDwKg/+LrKor1z3TV/se7/56W//AIFQf/F0f2Pd/wDPS3/8CoP/AIusqigDV/se7/56W/8A4FQf /F0f2Pd/89Lf/wACoP8A4uslWVhlSCPaloA1f7Hu/wDnpb/+BUH/AMXXa+A7Ce11eaSVomBgYfJN HIfvL2Rice9ea133w6/5Dc//AF7t/wChpQBy39j3f/PS3/8AAqD/AOLo/se7/wCelv8A+BUH/wAX WVRQBq/2Pd/89Lf/AMCoP/i6P7Hu/wDnpb/+BUH/AMXWVRQBq/2Pd/8APS3/APAqD/4uj+x7v/np b/8AgVB/8XWSWUEAkAnp70tAGr/Y93/z0t//AAKg/wDi6P7Hu/8Anpb/APgVB/8AF1lUUAe23FtI dI0mMFMxwKD+8QD7q9DnBHuKzfsc396P/v6n+NW7r/kCaN/17r/6AlZNAFv7HN/ej/7+p/jR9jm/ vR/9/U/xqpRQBb+xzf3o/wDv6n+NH2Ob+9H/AN/U/wAaqUUAW/sc396P/v6n+NH2Ob+9H/39T/Gq lFAHTaBbyRXjsxQjyyPldWPUdgTXl/8AZV1/fg/8CIf/AIuvSvDn/H8//XM/zFeR15mY29259jwm pfvOV9v180aX9lXX9+D/AMCIf/i6P7Kuv78H/gRD/wDF1m0V5t49j7Hlqd193/BNL+yrr+/B/wCB EP8A8XR/ZV1/fg/8CIf/AIus2ii8ewctTuvu/wCCaX9lXX9+D/wIh/8Ai6P7Kuv78H/gRD/8XWbR RePYOWp3X3f8E0v7Kuv78H/gRD/8XXX+I7KabStFRGjBjhwd0saj7qdCzAN06jNefV23ij/kD6F/ 1w/9ljrem1yS+X5nmYtT9vR1W76f3X5nN/2Vdf34P/AiH/4uj+yrr+/B/wCBEP8A8XWbRWF49j0+ Wp3X3f8ABNL+yrr+/B/4EQ//ABdH9lXX9+D/AMCIf/i6zaKLx7By1O6+7/gml/ZV1/fg/wDAiH/4 uj+yrr+/B/4EQ/8AxdZtFF49g5andfd/wTS/sq6/vwf+BEP/AMXR/ZV1/fg/8CIf/i6zaKLx7By1 O6+7/gno/hS1ktbHVvOeLDRrysqMBgP1KsQB9cVVzB/z9W//AH/i/wDiqreGv+QJr/8A17/+ySV5 vXuYP+GrH5rn9/rc7+X5I9RzB/z9W/8A3/i/+KozB/z9W/8A3/i/+Kry6iuk8c9RzB/z9W//AH/i /wDiqMwf8/Vv/wB/4v8A4qvLqTcu7bkZPOO9AHqWYP8An6t/+/8AF/8AFUZg/wCfq3/7/wAX/wAV Xl1FAHqOYP8An6t/+/8AF/8AFVv+IzEL5N80UZ8scPKiHqezEHFeH133xF/5DcH/AF7r/wChvQBp 5g/5+rf/AL/xf/FUZg/5+rf/AL/xf/FV5dRQB6jmD/n6t/8Av/F/8VRmD/n6t/8Av/F/8VXl1FAH qOYP+fq3/wC/8X/xVGYP+fq3/wC/8X/xVeWqysMqQR7UtAHqOYP+fq3/AO/8X/xVWrEw/brfFzAx 8xOBNGSeR0AbJNeSVq6H/wAhvT/+viL/ANDFAH0fWD4m/wCQPJ/10g/9GpW9WD4m/wCQPJ/10g/9 GpQB/9D96ND/AOQJp/8A17xf+gCtSsvQ/wDkCaf/ANe8X/oArUoA/mT+D2qW2o/HjTIdAvWSxsDe yyXMWUWaMweSg5AYIZNhIIB6ccVc/aw+ImoeCfFx0fTLx547KEGSMSGSA3FwGZc5JCOigZC4yoyR k14B8MPiXB8PtJ8QSZW5mv4lAfaolmMTkxRqwA2q77WIGAeCc7Rj561PXb7Wr/UNW1W4e5nvP9Ic ykvvfPB569wPQZHTivLhlidZu3ux/E9uGYunR0esjP8AEvjbxF4gXydTuCVwFKg4BA6cdM8df8a/ sgr+P+Dw3pPizxJbDSma3tGUG4A6xuo5RSeoOCQegB5ya/sAr1puKfLHoePK796R8t6f8TvGNr+0 vqvgbV7kSeE7iOK0sk8qMGHUDaJd4MgUORJGsuAzHnAGMVwtx8bPGV94u+JUn9sPpHhfSdLmm0ma G0t7qRGs7kWk1yiPsMuZUkAV32kDj39D8c/BbxX4hvPG2taFqVtYatqd7pGo6HOWfNtdaZEIy0w8 tgAwLLgBwVPI7Vj61+zzrJ0a90Pw/eWiwSeD4/D0TTtIrPeC4M8k8m1GwrkliRlixPy96/WcFicl tTnPkUnCnBrlWjSjKU9U1zN+71vad99fiq9LHc0ox5rczle/m4qG97W97p0s9Gj0bxL8efCfhjVN TsbjTtUvrLQXjj1TUbS182zsHkAYCV9wdiqsGcRI+0H5sVxOj/H6PR9U8UWfiyx1S+sdK1+axOpW 9mjWNjbuY1gSWRSjNgtklVkYBgW6rnUuPAPxf8Oap4qtPhzqOlW2m+LL8aiLy7803mnTzJHHcFIf LeK4G2MNGGZADkNkc0a98HfEep/DT4g+Dbe6tBf+LdTuL23ldnCBJWhK+cVjyHxGchVYdADjp5eF w+TxjCFSzUuRN82qvy80muX3Wry0vrZXVleXbXqY2XNyXTUnbTSyU7a31v7jfZt6p6R6LxV8dvDn hS/1a3n0bWL+x8PvGmpahaWgezs2dVfDu7oz7VZWfylfaCM4qfxJ8cPDXh3VdQ02PS9V1iHRESTV LvT7UTW1gsihx5zF1YkId7LErlV5IFeJ/Ej9n3x/421DxYsjaXqqa3Kz6ffaleXpk06AxgC3is0R oBtcHbKGyNxYhiAtSeJ/2dfEF94h17WrLSvD2ryeJlhlefUnuRJp9yIljl8tY0ZbiL5SyK/lnJw2 RXRhcpyFwpOpV97l1V+vueatvP8Alfupcr+1jXxmPU5qEdL722V5baO+0L7/ABN+7a0fd/BHi+78 S+OfF1nFfLe6NZxaTNp5QJsEd5btKzK6gFg/BBJPtgV4Hq3xA8QXfxU8deH9V+Llt4D0/Qp7OOxt Z7fTSZFmtlkkYNdLvcBz6nGevQV758Pfh9eeCdd1u6eWCSxvbXSra2WFTGyjT7YwNujACoCcbVVm AHpWDpfwbsbjxX8RdU8Y2djqmmeM5bQxRlS8qxQWwhYOWQbW3ZKlGOOuQa8/BY7LqGIrzaTh7OCj 7sW+a9PmaUouPNbmvp311N8bhsVVpUYp2lzty1klblnvytO1+Xr27HJfDb4meJtf0Hwld+JNXDNe 67qGnpeW9kiwaxaWttcSRzEOVNujeXv3Rg5ZNuNrEjok+P3h3WI/J0vT9Us4NUiu10nVbi1VLG9m tonkxCxZn5CMyGSNQ4U4JrH8P/CDxxaab4a8L+I9TtdR0nwpqd0bScPILqTSZbG4tYYpB5e3zozM BkNtKDruGGf4d8BfGrS9C0n4fz6rpVv4d0O2ltftVv5jXeoW6wtDbRSxSQlIAMqZXR2Ylflxk114 6llVSrUnFx62SfKkm5u6tHV/B7rXVqyWscsunjIeyjUT3V9ObVcumr2+L3vJNu7tJ/wt+Pdl4h0r wjpXimw1Sz1PXNMWVNRurNYbO+uLa3Et0YTG2R0dhmNFYDKZBXPUeG/jn4e8Sa1o+kpousadb+I/ N/su+vLQQ2t55SGU+Wd5kXdGpdPMjTcoyOozhzfCbxQ3h34ZaRaahb2d14LtGguZ0LnEp0x7MSW4 2DdtlYMN+z5RnrxXnHgv4C+PtE8W+DvE+qQaOLrw7M7X999uvr2+1LzoJIZJS9xGBH9/eIgSpY/e UKAXVweSVvbVVJRdpWV9nepy223tDa9rvRJ3jjRq5hTp0oNcz0vp5Qum9drzfRuyV7/F6Na/tKeD 7zTpdVh0TXDbGdbOzc2QxqN40jR/Z7M+ZiSQFG3dFABy3BFYukfHxIdZ8Y3viCz1KK00+80nTrHS ntY1vlvbyNswgBtrGRsFWaUpjBVsEZvL8H/Fen/DrwlpWjXdlH4k8H6nJqcAk3myuGlkn3xSMEEi h45z8wQkN2I5rB1H4S/FHxJD4r1TxND4dubzxBe6dOunSedc2T2tlG8bQSSvCskchDBlmjUkMOAA cVdHDZI3UStyt2u5a6VI2tp9qCbctLXaulv0VKuOUl3s3otPhlu79Jcqt1873j6VN8cfDdroZ1O+ 0rVrXUft39mx6RJaf8TGa7K+YEijVzG4KfP5gk8vHVh0qrL8fvB1pod/q2o2Op2d3pV7bWF5pkls DqEE122IMxI7B1k6o0bMG7ZIIrzHQfgV8QfD1nZ6vo97Y2V/oerfb9K0d7q6vNMtrZrdraa3FxMv nqZA7NlU2o2MKQTXQ/8ACn/HGtalf+LvEdzp8Ws6trmg30trbPK9rBZaLNvVEkeMPJM6s2SUVd2A MDmsJ5bkkZP95eN19rW/MrxtZ6cl3zXa5lbmfVQxeOcb8utpW00dlKzb01clHSydn8K15fWfAnxK 0zx3d6tpcemahomqaIYftVlqUCwzIlypaJwUeRGVwrY2uSMHIHFei159onhPUdN+I3inxfPJE1nr lppkEKKWMqtZfaPMLgqFAPmrtwxzg5xxn0Gvic1VD218N8LUXa97NxTkvlK6/wAz3sH7TktVd3d+ Wl3b8Lf5I63w/fl1NjJyVGUPt3FclXdaLp/2ODzZB+9l6+w7D/GuFrzjqCiiigAooooAKKKKACug 1j/jx07/AK5/0WufroNY/wCPHTv+uf8ARaAOfooooAKKKKACiiigAroPDn/H8/8A1zP8xXP10Hhz /j+f/rmf5igDi6KKK+TPhwqC4uba0j826lSFMgbnYKMnoMmp6xde0S317T2sZyUIO5GH8LgEA+/X kVnVclFuCuzOs5KLcFdnK+PNYkjtotCsDuub8gEL12E4A/4EePpmuu0LTBo+k22nbt5iX5j6sxyc e2TxXEeFPCOo2WqPqOt/ObYbIPm35wMBh6ADgA4/SvTa4cFCc5uvUVm9Euy/4J5uXwnOcsRVVm9E uy/4LCiiivSPWCnfEX/kNwf9e6/+hvTad8Rf+Q3B/wBe6/8Aob162V/a+X6nuZN9v5fqcDRRRXrH uEUs8NunmTyLGucZYgDJ+tcr4q1B1hj0u1O6a6wCB12k8D8TW7qumQ6raG2lO0g7lYdmHeuc0Lw/ eW1813qfzGEbYvm3Z7Z9gB0BoA6bS7L+z7CG0zuMY5PueT+tX6KKACu+8I/8gTxD/wBe/wD7JJXA 133hH/kCeIf+vf8A9kkoA4GiiigAqubu1AlPmqfIBL4IJXHqO1WK4XWvDV09y9zpR4uD+9Tdjqck 89RntQAaGJtY1mbW5crHFlYx9RgD8Byfc13VUtPso9Os47SLog5Pqe5/OrtABRRRQB7h4j/4/k/6 5j+Zrn66DxH/AMfyf9cx/M1z9ABRRRQAUUUUAFFFFAGta/8AIE1n/r3b/wBAevGa9mtf+QJrP/Xu 3/oD14zQAUUUUAVzd2oEp81T5AJfBBK49R2rjdDE2sazNrcuVjiysY+owB+A5PuaNa8NXT3L3OlH i4P71N2OpyTz1Ge1dbp9lHp1nHaRdEHJ9T3P50AXaKKKACu++Iv/ACG4P+vdf/Q3rga774i/8huD /r3X/wBDegDgaKKKACqFxqVpBZzXgkWRIc52kH5vTjvmr9ee3vhS7F2IrBv9DmYFgW+5j1HfHagC /wCFree5muNbuid05KqO2M8n6cYFdnUUEMdtCkEI2pGAoHsKloAKKKKAPUvCv/Io3v8A18f0jptO 8K/8ije/9fH9I6bQAUUUUAFFFFABRRRQBbsP+P63/wCuifzFcb41/wCRmvP+2f8A6LWuysP+P63/ AOuifzFcb41/5Ga8/wC2f/otaAOWooooAiknghKrLIqFzhQxAyfQZ61xniS5lv7yHQbQ8uQZP6A/ Qcmt3XNGTV7cANsmiyUbtz1B+uKzvDmi3NnJLfaiM3MnAydxA7nIzyaAOmt4VtoI7dCSsShQT1wB ipqKKACvQ9I/5EPUf+vgfzirzyvQ9I/5EPUf+vgfzirKv8EvQ7ct/wB4p/4l+ZyFFFFfOH62FFFF ABRRRQAVpaN/yGLH/rvF/wChCs2tLRv+QxY/9d4v/QhVw+JGOJ/hy9Gd/rf/ACE5v+A/+gisqtXW /wDkJzf8B/8AQRWVX0p+OhRRRQAUUUUAFFFFAHQW/wDyL11/10H81rn66C3/AOReuv8AroP5rXP0 AFFFFABRRRQAUUUUAFauif8AITh/4F/6Cayq1dE/5CcP/Av/AEE0AYepf8hG6/66v/6EapVd1L/k I3X/AF1f/wBCNUq+WqfEz4ur8TCoHuraOdLWSZFmkGVQsAzAeg6mp64rxb4Yk1gR6jpzmPULYDYc 43AHIGexB6H8/blxE5xhzQV32OPFVJwg5U43a6HN67LJ4s8Tw6BasfslmSZWHqPvH8Puj3r1kDAw K43wb4el0SyeW9H+m3Jy/O7aB0XI/M12Vc+ApSSdSp8Uvw7I5MtoySlVqfFLX0XRBRRRXeemaPiP /kTLH/r4/wDjleZV6b4j/wCRMsf+vj/45XmVfT4f+HH0R9jhf4UfRBSMwUFmOAOST2pajmijnieC UZSQFSPY8GtTcy9U1aCz0172F1k3fLGQQQWP09O9Z3hWxlgs3vbgkyXZDc+g6H6nOaxh4Tu11BLc uX08NvyW/THqema9BACgKowBwBQAtFFFAHU+Cv8AkZrP/tp/6Lauyv8A/j+uP+uj/wAzXG+Cv+Rm s/8Atp/6Lauyv/8Aj+uP+uj/AMzQBUooooAKKKKACiiigAroLj/kXrX/AK6H+bVz9dBcf8i9a/8A XQ/zagDn6KKKACiiigAooooAK1dE/wCQnD/wL/0E1lVq6J/yE4f+Bf8AoJoAw9S/5CN1/wBdX/8A QjVKrupf8hG6/wCur/8AoRqlXy1T4mfF1fiYVHNNDbxNNcOsUaclmIVQPcmpKo6np1vqtjLp90CY 5hg44IIOQR9CKynez5dzCo5cr5dzmvGPiBNM0b/Q5A016NsTKc/KerAj26e5FWvB+jyaNoscM2fO mPmuD/CWA4/AAZ964/RvA+o2+txtqbebY2WWiO7IY5yAFzkc8n39a9ZrzcJGpUqOtVVraJfmzysD CpVquvWja2iX5v5hRRRXqHsBVnxx/wAg7Q/+uTf+gx1Wqz44/wCQdof/AFyb/wBBjr1Ms+Jns5P8 UjzqiiivYPfGSSRwoZZWCIvUscAfjXPeItWWy07/AEdwZLkbUIOeD1Yfh0ravbOG/tZLSfOyQc46 jHIP51xmneGbyLU0N6fMtbbmM5yG5yBjPHPJoA6Hw9p7adpqRyf6yQ72HoT2/AVuUUUAFd98Ov8A kNz/APXu3/oaVwNd98Ov+Q3P/wBe7f8AoaUAcDRRRQAVF9og80weYvmKMlcjcB6461LXH6/oE9zM dQ0wkXDDDrnG4YxweMccGgClCz+IPEInUn7LZEFSO+Dx/wB9H9BXe1j6Jpg0uwWA481vmkI/vHt+ HStigAooooA9muv+QJo3/Xuv/oCVk1rXX/IE0b/r3X/0BKyaACiiigAooooAKKKKAOg8Of8AH8// AFzP8xXkdeueHP8Aj+f/AK5n+YryOvLzL7PzPtOEP+Xvy/UKKKK8s+0CiiigAooooAK7bxR/yB9C /wCuH/ssdcTXbeKP+QPoX/XD/wBljropfBP5fmeZjP8AeKHq/wD0lnE0UUVznphRRRQAUUUUAFFF FAHaeGv+QJr/AP17/wDskleb16R4a/5Amv8A/Xv/AOySV5vXvYL+Ej8x4h/3yfy/JBRRRXUeKVzd 2oEp81T5AJfBBK49R2rjdDE2sazNrcuVjiysY+owB+A5PuaNa8NXT3L3OlHi4P71N2OpyTz1Ge1d bp9lHp1nHaRdEHJ9T3P50AXaKKKACu++Iv8AyG4P+vdf/Q3rga774i/8huD/AK91/wDQ3oA4Giii gBkkkcKGWVgiL1LHAH41z3iLVlstO/0dwZLkbUIOeD1Yfh0ravbOG/tZLSfOyQc46jHIP51xmneG byLU0N6fMtbbmM5yG5yBjPHPJoA6Hw9p7adpqRyf6yQ72HoT2/AVuUUUAFauh/8AIb0//r4i/wDQ xWVWrof/ACG9P/6+Iv8A0MUAfR9YPib/AJA8n/XSD/0alb1YPib/AJA8n/XSD/0alAH/0f3o0P8A 5Amn/wDXvF/6AK1Ky9D/AOQJp/8A17xf+gCtSgD+V66/4J2ftuTvK4+HCgEkog1bSQq57AfbOw4H 506D/gnH+2h5Bin+Heck/wDMW0ngdsYvPc1+0/8AwmPi7/oOX3/gTL/8VR/wmPi7/oOX3/gTL/8A FVqqrWwH5XfCb/gnf+07puuz3fi/wUbK2Uwun/Ez01xJ+9VZEPlXLkfuizZx1GOTwf6Cv7E1P/nj /wCPL/jXyN/wmPi7/oOX3/gTL/8AFV9X/br7/n4k/wC+z/jWHKuZy7lud0kWv7E1P/nj/wCPL/jR /Ymp/wDPH/x5f8aq/br7/n4k/wC+z/jR9uvv+fiT/vs/41RBa/sTU/8Anj/48v8AjR/Ymp/88f8A x5f8aq/br7/n4k/77P8AjR9uvv8An4k/77P+NAFr+xNT/wCeP/jy/wCNH9ian/zx/wDHl/xqr9uv v+fiT/vs/wCNH26+/wCfiT/vs/40AWv7E1P/AJ4/+PL/AI0f2Jqf/PH/AMeX/Gqv26+/5+JP++z/ AI0fbr7/AJ+JP++z/jQBa/sTU/8Anj/48v8AjR/Ymp/88f8Ax5f8aq/br7/n4k/77P8AjR9uvv8A n4k/77P+NAFr+xNT/wCeP/jy/wCNH9ian/zx/wDHl/xqr9uvv+fiT/vs/wCNH26+/wCfiT/vs/40 AWv7E1P/AJ4/+PL/AI0f2Jqf/PH/AMeX/Gqv26+/5+JP++z/AI0fbr7/AJ+JP++z/jQBa/sTU/8A nj/48v8AjR/Ymp/88f8Ax5f8aq/br7/n4k/77P8AjR9uvv8An4k/77P+NAFr+xNT/wCeP/jy/wCN aWmaLOlyJb1Nqx8gZByfw9Kw/t19/wA/En/fZ/xrR0vVpobkLdSM8b8HcSdvvz+tAHcV5t9hvv8A n3k/74P+Fek18t0Aet/Yb7/n3k/74P8AhR9hvv8An3k/74P+FeSUUAet/Yb7/n3k/wC+D/hR9hvv +feT/vg/4V5JRQB639hvv+feT/vg/wCFH2G+/wCfeT/vg/4V5JRQB639hvv+feT/AL4P+Fbeq21z JZ2CxxOxSPDAKSQcL1rwmu+8Xf8AIE8Pf9e//skdAG79hvv+feT/AL4P+FH2G+/595P++D/hXklF AHrf2G+/595P++D/AIUfYb7/AJ95P++D/hXklFAHrf2G+/595P8Avg/4UfYb7/n3k/74P+FeSUUA et/Yb7/n3k/74P8AhW3oFtcw3jtNE6AxkZZSBnI9a8Jrvvh1/wAhuf8A692/9DSgC3/Zuo/8+sv/ AHw3+FH9m6j/AM+sv/fDf4VSor5a8ex8XePb8f8AgF3+zdR/59Zf++G/wo/s3Uf+fWX/AL4b/CqV FF49gvHt+P8AwC7/AGbqP/PrL/3w3+FH9m6j/wA+sv8A3w3+FUqKLx7BePb8f+AXf7N1H/n1l/74 b/Cj+zdR/wCfWX/vhv8ACqVFF49gvHt+P/ALv9m6j/z6y/8AfDf4UvjzTdRvNXhltLWWdBAoLIjM M7m4yB1qjTviL/yG4P8Ar3X/ANDevVyy3vW8j2sna963l+py39h63/0D7j/v0/8AhR/Yet/9A+4/ 79P/AIVlUV6h7Rq/2Hrf/QPuP+/T/wCFH9h63/0D7j/v0/8AhWVRQBq/2Hrf/QPuP+/T/wCFH9h6 3/0D7j/v0/8AhWVRQBq/2Hrf/QPuP+/T/wCFdr4X03UbfSNdintZYnmgwisjAsdsnCgjk8jpXmte keA/+PHWv+uafykoA4z+w9b/AOgfcf8Afp/8KP7D1v8A6B9x/wB+n/wru6KAOE/sPW/+gfcf9+n/ AMKP7D1v/oH3H/fp/wDCu7ooA4T+w9b/AOgfcf8Afp/8KP7D1v8A6B9x/wB+n/wru6KAOE/sPW/+ gfcf9+n/AMKP7D1v/oH3H/fp/wDCu7ooA6bX7a5mvEaGJ3AjAyqkjOT6VifYb7/n3k/74P8AhWF8 Rf8AkNwf9e6/+hvXA0Aet/Yb7/n3k/74P+FH2G+/595P++D/AIV5JRQB639hvv8An3k/74P+FH2G +/595P8Avg/4V5JRQB639hvv+feT/vg/4UfYb7/n3k/74P8AhXklFAHttvaXS6Rq0TQuHkgYKu05 Y7W4A7mvJ/7D1v8A6B9x/wB+n/wrqfCP/IE8Q/8AXv8A+ySVwNAGr/Yet/8AQPuP+/T/AOFH9h63 /wBA+4/79P8A4VlUUAav9h63/wBA+4/79P8A4Uf2Hrf/AED7j/v0/wDhWVRQBq/2Hrf/AED7j/v0 /wDhR/Yet/8AQPuP+/T/AOFZVFAGr/Yet/8AQPuP+/T/AOFdr4803UbzV4ZbS1lnQQKCyIzDO5uM gda81rvviL/yG4P+vdf/AEN6AOW/sPW/+gfcf9+n/wAKP7D1v/oH3H/fp/8ACsqigDV/sPW/+gfc f9+n/wAKP7D1v/oH3H/fp/8ACsqigDV/sPW/+gfcf9+n/wAKP7D1v/oH3H/fp/8ACsqigDV/sPW/ +gfcf9+n/wAKP7D1v/oH3H/fp/8ACsqigD1zw1Y3sHhe7t57eSOVp8hGQhiMJyARnHBpPsN9/wA+ 8n/fB/wrC0//AJJ9qf8A18L/ADirgaAPW/sN9/z7yf8AfB/wo+w33/PvJ/3wf8K8kooA9b+w33/P vJ/3wf8ACj7Dff8APvJ/3wf8K8kooA9b+w33/PvJ/wB8H/Cj7Dff8+8n/fB/wrySigD2SysrxLyB mgkAEikkqcAZ+lcn4u0rVLnxDdz21nNLG3l4ZI2ZThFBwQMda5zQ/wDkN6f/ANfEX/oYr1DW/wDk Jzf8B/8AQRQB5f8A2Hrf/QPuP+/T/wCFH9h63/0D7j/v0/8AhXd0UAcJ/Yet/wDQPuP+/T/4Uf2H rf8A0D7j/v0/+Fd3RQBwn9h63/0D7j/v0/8AhR/Yet/9A+4/79P/AIV3dFAHCf2Hrf8A0D7j/v0/ +Fd1penahH4Lv7WS1lWd5wVjKMHIzHyBjJHBpa21/wCRZu/+ug/mlZV/gl6FQxLotVkr8uv3annX 9jav/wA+M/8A36f/AAo/sbV/+fGf/v0/+Fa1FfO88e39fceh/wARHqf8+V9//AMn+xtX/wCfGf8A 79P/AIUf2Nq//PjP/wB+n/wrWoo549v6+4P+Ij1P+fK+/wD4Bk/2Nq//AD4z/wDfp/8ACj+xtX/5 8Z/+/T/4VrUUc8e39fcH/ER6n/Plff8A8Ayf7G1f/nxn/wC/T/4VoaTpOqR6rZySWcyos0ZJMbAA Bhkk4qarum/8hG1/66p/6EKqnKPMtP6+4l+IdSa5PZLXTf8A4B0msWl1LqMzxwu6nbghSR90e1Zv 2G+/595P++D/AIVxvjX/AJGa8/7Z/wDota5avpTzz1v7Dff8+8n/AHwf8KPsN9/z7yf98H/CvJKK APW/sN9/z7yf98H/AAo+w33/AD7yf98H/CvJKKAPW/sN9/z7yf8AfB/wo+w33/PvJ/3wf8K8kooA 92gtrkaFcQmJxI0gIXackZXtWJ9hvv8An3k/74P+FYWn/wDJPtT/AOvhf5xVwNAHrf2G+/595P8A vg/4UfYb7/n3k/74P+FeSUUAet/Yb7/n3k/74P8AhR9hvv8An3k/74P+FeSUUAet/Yb7/n3k/wC+ D/hR9hvv+feT/vg/4V5JRQB639hvv+feT/vg/wCFaWj2l1FqMLyQuijdklSB90+1eJV1Pgr/AJGa z/7af+i2oA6vUNPv3v7l0tpWVpXIIRiCCx9qqf2bqP8Az6y/98N/hRqX/IRuv+ur/wDoRqlXzNRx 5nofHVXHmen4/wDALv8AZuo/8+sv/fDf4Uf2bqP/AD6y/wDfDf4VSoqLx7EXj2/H/gF3+zdR/wCf WX/vhv8ACj+zdR/59Zf++G/wqlRRePYLx7fj/wAAu/2bqP8Az6y/98N/hR/Zuo/8+sv/AHw3+FUq KLx7BePb8f8AgG3r9hfTeE7K2htpHmSfJRUYsB+85IAzjkV57/Yet/8AQPuP+/T/AOFerN/yLNp/ 10P83rEr6Sh8EfRH1uG/hx9EcJ/Yet/9A+4/79P/AIUf2Hrf/QPuP+/T/wCFd3RWpucJ/Yet/wDQ PuP+/T/4Uf2Hrf8A0D7j/v0/+Fd3RQBwn9h63/0D7j/v0/8AhR/Yet/9A+4/79P/AIV3dFAGP4R0 rVLbxDaT3NnNFGvmZZ42VRlGAySMda6y9srx7ydlgkIMjEEKcEZ+lLon/ITh/wCBf+gmqt//AMf1 x/10f+ZoAPsN9/z7yf8AfB/wo+w33/PvJ/3wf8KqUUAW/sN9/wA+8n/fB/wo+w33/PvJ/wB8H/Cq lFAFv7Dff8+8n/fB/wAKPsN9/wA+8n/fB/wqpRQBb+w33/PvJ/3wf8K257a5OhW8IicyLISV2nIG W7VzNdBcf8i9a/8AXQ/zagDK+w33/PvJ/wB8H/Cj7Dff8+8n/fB/wqpRQBb+w33/AD7yf98H/Cj7 Dff8+8n/AHwf8KqUUAW/sN9/z7yf98H/AAo+w33/AD7yf98H/CqlFAFv7Dff8+8n/fB/wrS0e0uo tRheSF0UbskqQPun2rCrV0T/AJCcP/Av/QTQBnahp9+9/cultKytK5BCMQQWPtVT+zdR/wCfWX/v hv8ACjUv+Qjdf9dX/wDQjVKvmajjzPQ+OquPM9Px/wCAXf7N1H/n1l/74b/Cj+zdR/59Zf8Avhv8 KpUVF49iLx7fj/wC7/Zuo/8APrL/AN8N/hR/Zuo/8+sv/fDf4VSoovHsF49vx/4Bd/s3Uf8An1l/ 74b/AAo/s3Uf+fWX/vhv8KpUUXj2C8e34/8AALv9m6j/AM+sv/fDf4VY8Y6ff3Vho6W1tLM0UTBw iMxU7U64HHSsqrPjj/kHaH/1yb/0GOvSy23M7Hr5Q1zSscf/AGHrf/QPuP8Av0/+FH9h63/0D7j/ AL9P/hWVRXrnumr/AGHrf/QPuP8Av0/+FH9h63/0D7j/AL9P/hWVRQBq/wBh63/0D7j/AL9P/hR/ Yet/9A+4/wC/T/4VlUUAav8AYet/9A+4/wC/T/4V2vgPTdRs9Xmlu7WWBDAwDOjKM7l4yR1rzWu+ +HX/ACG5/wDr3b/0NKAOW/sPW/8AoH3H/fp/8KP7D1v/AKB9x/36f/Cu7ooA4T+w9b/6B9x/36f/ AAo/sPW/+gfcf9+n/wAK7uigDhP7D1v/AKB9x/36f/Cj+w9b/wCgfcf9+n/wru6KAOE/sPW/+gfc f9+n/wAKP7D1v/oH3H/fp/8ACu7ooA3bi0um0jSYlhcvHAoZdpyp2rwR2NZv2G+/595P++D/AIVm ePP+PHRf+ub/AMo683oA9b+w33/PvJ/3wf8ACj7Dff8APvJ/3wf8K8kooA9b+w33/PvJ/wB8H/Cj 7Dff8+8n/fB/wrySigD1v7Dff8+8n/fB/wAKPsN9/wA+8n/fB/wrySigD3bQLa5hvHaaJ0BjIyyk DOR615f/AGNq/wDz4z/9+n/wrY+HX/Ibn/692/8AQ0pteXmTS5b+Z04fiOWX35Yc3N522/4cyf7G 1f8A58Z/+/T/AOFH9jav/wA+M/8A36f/AArWorzOePb+vuOn/iI9T/nyvv8A+AZP9jav/wA+M/8A 36f/AAo/sbV/+fGf/v0/+Fa1FHPHt/X3B/xEep/z5X3/APAMn+xtX/58Z/8Av0/+FH9jav8A8+M/ /fp/8K1qKOePb+vuD/iI9T/nyvv/AOAZP9jav/z4z/8Afp/8K6/xHp9/PpWixwW0kjxQ4cKjEqdq cEAcdO9Y1dPrv/IO0r/rl/7Klb0pLknp2/P0M5cdTqNVfZL3Nd976dvM4L+xtX/58Z/+/T/4Uf2N q/8Az4z/APfp/wDCtaisOePb+vuNP+Ij1P8Anyvv/wCAZP8AY2r/APPjP/36f/Cj+xtX/wCfGf8A 79P/AIVrUUc8e39fcH/ER6n/AD5X3/8AAMn+xtX/AOfGf/v0/wDhR/Y2r/8APjP/AN+n/wAK1qKO ePb+vuD/AIiPU/58r7/+AZP9jav/AM+M/wD36f8Awo/sbV/+fGf/AL9P/hWtRRzx7f19wf8AER6n /Plff/wDX8P6ffw6RrcU1tLG8sGEVkYFjtfgAjk8jpXA/wBh63/0D7j/AL9P/hXo+mf8gTW/+vdv /QHryOvdwT/dKxw1syeLk8Q1a/T00/Q1f7D1v/oH3H/fp/8ACj+w9b/6B9x/36f/AArKorqMzV/s PW/+gfcf9+n/AMKP7D1v/oH3H/fp/wDCsqigDV/sPW/+gfcf9+n/AMKP7D1v/oH3H/fp/wDCsqig DV/sPW/+gfcf9+n/AMK7Xx5puo3mrwy2lrLOggUFkRmGdzcZA615rXuHiP8A4/k/65j+ZoA8k/sP W/8AoH3H/fp/8KP7D1v/AKB9x/36f/Cu7ooA4T+w9b/6B9x/36f/AAo/sPW/+gfcf9+n/wAK7uig DhP7D1v/AKB9x/36f/Cj+w9b/wCgfcf9+n/wru6KAOE/sPW/+gfcf9+n/wAK0dG0bV4tXsZZbGdE SeIsxiYAAMMknHSuqq3Yf8f1v/10T+YoA9JrB8Tf8geT/rpB/wCjUrerB8Tf8geT/rpB/wCjUoA/ /9L96ND/AOQJp/8A17xf+gCtSsvQ/wDkCaf/ANe8X/oArUoA/OQAkgAZJr6wf4NeF18NNEsUjamI Cwn3tnzdufuZ24zxjGcd8818waVpWq6tdLb6PbSXM4wcRKWI9yR0Hua+3DP4q/4QvzRbj+3za42Z THn4xnOdn+1jOO1AHwkQQcHgivsevknVdJ1XR7prXV7aS2n64kUgn3B7j3FfW1AHjPib9oP4PeDv EF54X8SeIls9R014UvE+z3Dpa+eqNG9xKkbRwxsJFxJIypk43ZBAt+MPjt8J/AWrx6H4p8QJa3jR JPIscM9wlvDKwVJbmSCN0t42LDDzMikcg4BNfNWtv8Qr7xv8d/CPg3wOniFPE0llp41A3VrBFbTT aRbxsLtJnWVoY0k8xfKVyTuXAJzXI337PfxB8Far4jsrDStZ8X2fiDTNMtYJdK15dItjJZWEdg8W oQvNGxjbYXDxiU7Tt2g1MXdX8l87p6eVu73HKyf5+W2vnfXRarqfVTfHnwjB8VdW+HV/cx2ttpWj Qas186yiDbJ50khaYxiBYo4Y1fzDJtbcVB3IwrU8L/Hv4S+Mk1BvD+vrKdLsm1GZJre4tpDYr1uo o5443mg4/wBZEGQnAByRXzZ46+BnxE1HTL34daBpMaaZrfgXTdAF/HeL9msb3SJJ5lidJW+0PFN5 ixiRVcjOWXrinovwn+IWuXOo6pf+EtZ0u6s/DGp2FvJrviRdWle+v4fL+z2iJPJEsOVBaWYoWOzC jaTTqXipW1snbzd5W/JfJ+l6pR5pRu92r+Sajf8AN+ltfL638CfFz4e/EzS9R1vwNq39q2GlOY7i ZIJ0QME3/IZI18wbTnKbh2zmrkHxN8CXOkeHNeg1eJ7Dxc6R6XKFfFy0kTTAAbcriNGZt4Xbg7sH ir/gHRH8N+BfDvh2S3Fq+l6daWrQghhGYYVQoCCQcEYyCR718o+DPgZ8QdB+IPiFGgs08K+E7fVW 8ECUI8YutfzLP5sauxCWrboVDIuY5DjIzV10ozko6pX172/V9O3mZUG5QjJ6Xt8r/wCXX9D3jwv8 f/hF4z8RW3hXw34gW71C/ExtM29xFBeC2/1v2W4kjWG42AEnynfABPQGoPD/AO0T8GfFHiK08LaF 4ljutQv3eKAeRcJFJNGMvCs7xrD5yjkxb/Mxzt6V8ufDv4afGeLxn8Ltb8TeHtaQeF5JBqr3+rad 9hhM1jNb/wDEu0+xcQJBG7AA7FkClVCsNxX1Xw38KfFml/DD4VeHZNJWLUPDniKLUtQiEsJ8iMvd PLLuDlWJMwJCEn5uB1quVc0VfS6T+b39Ev8AhypfDK26Ta+Senq2kvmfQ3jj4g+D/hvpMWteM9RX T7a4njtYBskmlnuJfuRQwwq8ssjYOFRWOATjANeReFf2j/BGqaP4u8Y63q9rbeGtH1uPStPuEimE 1yXsrafyvIIaaS486WRPLSMP8uNmVYnQ+MvhfxdceKfAPxI8IaT/AMJFN4Mvrp7jTFmit5p7e/tm tnkhedli8yHIcK7KGGQGBxn5u1v4Q/FrxXbXvje78K3Gj30fjdteXRrHVobS9msJNMhsvMhvIJDE lyGUu6s6hjvXfhgzYpu7/rrH79G395o4qyt/WktPwX3n1h/wvz4RDwbc+P5fEcUOh2N19huZpYpo 5La6yF8meB0E0T5I+V0U8g9CK6W3+Jnga48Bf8LOOqpb+GPIa4N5cJJbqsSsVJZJlSQHcMBSoJOA ByK+T9D+Cvi65tLzWZvDd5YXGreK/Dt9LFqurjUtRksdInRnnupTM8IYJnbHE7HYApycCvpr40+H NS8W/C/X/D2kaPb+ILq8hULYXVxJaR3IWRXZBPGVaNyoPltkAPt3Hbmql8Dkt76f+Axf5tr5PqTB Jzint1+9r8l+N9jzfxh+1J8OdI8A614w8M3h1K60W4sraezuLa7tJ4nvZFWNpYJIBOiFCzoxjCvt 2hsmuv179of4O+Gbm0tNc8Qi2mu7aG8K/Zbpzb29xt8uS72RH7Irbhg3Hl/oa+ZYvhl8cLzwZ47s INP1aayuLbTW0nT/ABJqVjearLd2t2LmZFvoGfbblFCRrPKxDZPygnPb3Ok/F3QdU+IV5pnw8/tp fibDa3MWb6yj/s+4NjHZy2uob5BvjiKlw1v5wYFgBk0qkrR91a/1p2V9Xfptu0KKu9dr2/4Pfra2 +72TPWrj406JoXirxjD4tv7Ow8NeHbLRrqC8G5mlbU/tA25Ut5m4xJ5SxpuOT97Ix7bbzpcwR3MY YJKodQ6sjYYZGVYBlPqCAR0Ir89Lj9mP4i6PqNh4u0FxdeIfh/o/hqPRY3mj/s7VLrTIZ4r2GSKT JRnRgsMzhChYFWHzEfoHpd1dX2m2l5fWb6dcTxJJJbSsjyQOygtGzRM6MyHglWKkjgkc1pKKvK3R /h0fz/DruiW3p5pff1/rr8mXqKKKgZ2mhah58X2SU/vIx8vuv/1q+e6+g9C0/wAiL7XKP3kg+Uei /wD16+fKACiiigAriGu7rV/ESQWkjJbWZyxU8HB5z65PH0p2v6bqUN22raW7szrsdF5IGMcDuP5H mtbw7pZ0yxHmjE83zP6j0H4fzoA36KKKACu+8Xf8gTw9/wBe/wD7JHXA133i7/kCeHv+vf8A9kjo A4GiiigArF17Uxplg8qn96/yp9T3/Cruo2Y1Cylsy5TzBjI7YOf/ANdcLZaLqlzqMVrqgZraz6E/ dIzkAHvn+VAHVeHYLqHTEa8kZ5JSXwxyVB6Dn8/xrdoooAK774df8huf/r3b/wBDSuBrvvh1/wAh uf8A692/9DSgBtFFFfJnw4UUVz3ibRW17S2s45TFIrB0OeCy5wG9ufw61nVk1FuKuzOtKUYtxV32 Mjxzrj6Zp62NmxF3efKu37yr3Ix3PQV0Og2d1YaRbWt7KZZ1XLljk5JzjPtnFeeeGdC1m91v+0vE aP8A6AoRPMH3mXhceoHXPc969argwXPUnKvJW6JeR5mX89WcsRNNdEvL/hwooor0z1wp3xF/5DcH /Xuv/ob02nfEX/kNwf8AXuv/AKG9etlf2vl+p7mTfb+X6nA0UUV6x7gVzHifVHsrQW1uSLi44GOo XuR9egrQ1rTW1SyNujmN1IZT2JHY+1cxoul6jdan9s1hW/0UBV3j7xHTHqB1z60AddpVvPa6fDBc uZJVX5iTnk84z7dK0KKKACvSPAf/AB461/1zT+Uleb16R4D/AOPHWv8Armn8pKALFFFFABRRRQAU UUUAFFFFAGb8Rf8AkNwf9e6/+hvXA133xF/5DcH/AF7r/wChvXA0AFFFZGtaa2qWRt0cxupDKexI 7H2oAz/E+qPZWgtrckXFxwMdQvcj69BWvpVvPa6fDBcuZJVX5iTnk84z7dK5HRdL1G61P7ZrCt/o oCrvH3iOmPUDrn1rvqACiiigDvvCP/IE8Q/9e/8A7JJXA133hH/kCeIf+vf/ANkkrgaACiiigBGZ VUsxwByT6VxWlXV3rGuy3ySMtpbgqFzwc8AY9+pqnrWk6ra3M8unF5Yr4kOq8kZPQ+3oew4rr9I0 5NMsY7Yct1c+rHr/AIUAadFFFABXffEX/kNwf9e6/wDob1wNd98Rf+Q3B/17r/6G9AHA0UUUAFQ3 E8dtBJcTHCRgkn6VNXml7oesW8x061Z5bS5cNnqAf9r0x+tAG14bkvtQu7rVbh2EL/IiZ+Xrngew 4rsarWdrFZW0drCPkjGPr6n8as0AFFFFAHfaf/yT7U/+vhf5xVwNd9p//JPtT/6+F/nFXA0AFFFF AENxPHbQSXExwkYJJ+lcp4bkvtQu7rVbh2EL/IiZ+Xrngew4rFvdD1i3mOnWrPLaXLhs9QD/ALXp j9a9Cs7WKyto7WEfJGMfX1P40AWaKKKANXQ/+Q3p/wD18Rf+hivUNb/5Cc3/AAH/ANBFeX6H/wAh vT/+viL/ANDFeoa3/wAhOb/gP/oIoAyqKKKACiiigAooooAK21/5Fm7/AOug/mlYlba/8izd/wDX QfzSssR/Dl6MwxX8KXozkKKKK+YPjgqteXUNjay3lw22OFSzH2FWa8S1Pwt4is7ltGsHkn0++kDb uqgg9ZD2x3Pf68VxY3EzpRvGN/60PPzDFzoxThDmv+D6HTeC5tU1fUL7X7uVxbyExxx5O3OQeB/s jjPfJr0eqWnWEGmWMNhbDEcKhR7nuT7k81drTCUXTpqMnd9fU1wOHdOkoyd319WFXdN/5CNr/wBd U/8AQhVKrum/8hG1/wCuqf8AoQrsp/EjvpfEjn/Gv/IzXn/bP/0WtctXU+Nf+RmvP+2f/ota5avq T7QKKK5/xBpc+owRy2khSe3JZBnAP+B44NAGd4m1CcyQ6PYMRPOQW2nBAPQZ9+p9q6u3iaG3jhdz IyKFLHqSB1rkfDmm3j3Uur6orCcnChxg+5x9OBXaUAFFFFAHfaf/AMk+1P8A6+F/nFXA132n/wDJ PtT/AOvhf5xVwNABRRRQAVxGtXl1qGrQ6Np8jR7DmRlOMHr2/uj9au+IdMvZZI9U0528+3GNg7jO eB6+o70nhjS5raOS/vVIubgnhh8wXPf3J5/KgDqxRRRQAV1Pgr/kZrP/ALaf+i2rlq6nwV/yM1n/ ANtP/RbUAdBqX/IRuv8Arq//AKEapVd1L/kI3X/XV/8A0I1Sr5ap8TPi6vxMKKK4Lxhomp3E0Gu6 NI/2uzXHljuuScqPXnkdx+R5cRVcIOUY3OPFVpU4OcY3t0M3xNqN7q+v2vhvSJmi8tg0roSMHqeR /dH68V6eOBjrXBeB9CuLGCbVtTRlvbwkkOMMq5zyOxY8n8K72ubAQk06s95dOy6HJlsJtSrVN5dO y6IKKKK9A9M69v8AkWbT/rof5vWJW23/ACLNp/10P83rEr6fD/w4+iPscL/Cj6IKKKK1NwooooAK KKKANXRP+QnD/wAC/wDQTVW//wCP64/66P8AzNWtE/5CcP8AwL/0E1Vv/wDj+uP+uj/zNAFSiiig AooooAKKKKACuguP+Retf+uh/m1c/XQXH/IvWv8A10P82oA5+iiigAooooAKKKKACtXRP+QnD/wL /wBBNZVauif8hOH/AIF/6CaAMPUv+Qjdf9dX/wDQjVKrupf8hG6/66v/AOhGqVfLVPiZ8XV+JhRR WZrGmrq+mT6c0hi85cbh2IOR9RxyPSsptpNpXZhUbUW4q7M3xXrY0PSZJ0OLiX5Ih/tHv+A5qLwb a39tokb6jK8ktwTKA5JKq2MDnn3/ABrgtM8M67e6zb2Ouq72Wm5wzcoy5yFU988Z9BxxXs9ebhJT q1HWmmktEvzPJwMqlaq6804paJfm/wBAooor1D2Qqz44/wCQdof/AFyb/wBBjqtVnxx/yDtD/wCu Tf8AoMdeplnxM9nJ/ikedUUUV7B74Vi69qY0yweVT+9f5U+p7/hV3UbMahZS2Zcp5gxkdsHP/wCu uFstF1S51GK11QM1tZ9CfukZyAD3z/KgDqvDsF1DpiNeSM8kpL4Y5Kg9Bz+f41u0UUAFd98Ov+Q3 P/17t/6GlcDXffDr/kNz/wDXu3/oaUAaVFFFABRRRQAUUUUAFFFFAFfx5/x46L/1zf8AlHXm9eke PP8Ajx0X/rm/8o683oAKKKpajZjULKWzLlPMGMjtg5//AF0AUte1MaZYPKp/ev8AKn1Pf8KZ4dgu odMRryRnklJfDHJUHoOfz/GuVstF1S51GK11QM1tZ9CfukZyAD3z/KvR6ACiiigDvvh1/wAhuf8A 692/9DSm074df8huf/r3b/0NKbXk5p9n5/oeHnP2Pn+gUUUV5J4YV5e+o33iLxlFa6dM0dlpxy5U kBtp+bPY7j8o9uaf4t0TWrfUH8QaFJI8kq+XJGmWYDG35R3Ht2PP06DwboR0TSl89dt1cfPJ6j0X 8B+ua8mrOpVqqk4tJO7fddPvPErTq1qyouLjFO7fdLb7+p1tFFFese2FdPrv/IO0r/rl/wCypXMV 0+u/8g7Sv+uX/sqV00vgn8vzOuj/AA6ny/M5iiiiuY5AprsqKXchVUZJPQAU6vIPE3h/X7G9urjR mlnt9UJEqL8xBY5wR6eh7Dg+/JjMRKlHmjG5xY7FSow54w5vQ0dBvtQ8R+Kp9UilePT7QFFTJCsC CFBHTJ+8fTj2r06sTw9o8eh6VDYrgyAbpGH8Tnr/AID2rbpYGjKFP33q9WLLqEoU/wB4/eer9WFF FFdh3HQaZ/yBNb/692/9AevI69c0z/kCa3/17t/6A9eR19Dgf4S/rqfVZb/Bj8/zCiiius7hGZVU sxwByT6VxWlXV3rGuy3ySMtpbgqFzwc8AY9+pqnrWk6ra3M8unF5Yr4kOq8kZPQ+3oew4rr9I05N MsY7Yct1c+rHr/hQBp0UUUAFe4eI/wDj+T/rmP5mvD69w8R/8fyf9cx/M0Ac/RRRQAUUUUAFFFFA BVuw/wCP63/66J/MVUq3Yf8AH9b/APXRP5igD0msHxN/yB5P+ukH/o1K3qwfE3/IHk/66Qf+jUoA /9P96ND/AOQJp/8A17xf+gCtSsvQ/wDkCaf/ANe8X/oArUoA+KdAi+J3hfz/AOwtOv7X7Tt8z/Q2 fdszt++jYxuPSui/4Sf43f8APG//APAAf/Gq57/hbfxB/wCgr/5Ag/8AjdH/AAtv4g/9BX/yBB/8 boATX4vid4o8j+3dOv7r7Nu8v/Q2Tbvxu+4i5ztHWvo37Dff8+8n/fB/wr5z/wCFt/EH/oK/+QIP /jdfS39t6n/z2/8AHV/woAx7Xw7FY3N3e2WmC3uNQdZbmSOHY88iIsatIwGXYIqqC2SFAHQCr32G +/595P8Avg/4Va/tvU/+e3/jq/4Uf23qf/Pb/wAdX/CgCr9hvv8An3k/74P+FH2G+/595P8Avg/4 Va/tvU/+e3/jq/4Uf23qf/Pb/wAdX/CgCr9hvv8An3k/74P+FH2G+/595P8Avg/4Va/tvU/+e3/j q/4Uf23qf/Pb/wAdX/CgCr9hvv8An3k/74P+FH2G+/595P8Avg/4Va/tvU/+e3/jq/4Uf23qf/Pb /wAdX/CgCr9hvv8An3k/74P+FH2G+/595P8Avg/4Va/tvU/+e3/jq/4Uf23qf/Pb/wAdX/CgCr9h vv8An3k/74P+FH2G+/595P8Avg/4Va/tvU/+e3/jq/4Uf23qf/Pb/wAdX/CgCr9hvv8An3k/74P+ FH2G+/595P8Avg/4Va/tvU/+e3/jq/4Uf23qf/Pb/wAdX/CgCr9hvv8An3k/74P+FH2G+/595P8A vg/4Va/tvU/+e3/jq/4Uf23qf/Pb/wAdX/CgCr9hvv8An3k/74P+FaOmaTNNchrqNkiTkhgRu9uf 1qD+29T/AOe3/jq/4VpaXrU73IivX3K/AOAMH8PWgDra+W6+pK+cP7c1v/oIXH/f1/8AGgDKorV/ tzW/+ghcf9/X/wAaP7c1v/oIXH/f1/8AGgDKorV/tzW/+ghcf9/X/wAaP7c1v/oIXH/f1/8AGgDK orV/tzW/+ghcf9/X/wAaP7c1v/oIXH/f1/8AGgDKrvvF3/IE8Pf9e/8A7JHXLf25rf8A0ELj/v6/ +Ndr4o1LUbfSNClgupYnmgy7K7AsdsfLEHk8nrQB5rRWr/bmt/8AQQuP+/r/AONH9ua3/wBBC4/7 +v8A40AZVFav9ua3/wBBC4/7+v8A40f25rf/AEELj/v6/wDjQBlUVq/25rf/AEELj/v6/wDjR/bm t/8AQQuP+/r/AONAGVXffDr/AJDc/wD17t/6Glct/bmt/wDQQuP+/r/412vgPUtRvNXmiu7qWdBA xCu7MM7l5wT1oAo0Vd/tLUf+fqX/AL7b/Gj+0tR/5+pf++2/xr5a0e58XaPf8P8AglKirv8AaWo/ 8/Uv/fbf40f2lqP/AD9S/wDfbf40Wj3C0e/4f8EpUVd/tLUf+fqX/vtv8aP7S1H/AJ+pf++2/wAa LR7haPf8P+CUqKu/2lqP/P1L/wB9t/jR/aWo/wDP1L/323+NFo9wtHv+H/BKVO+Iv/Ibg/691/8A Q3q3/aWo/wDP1L/323+Ndbr9zcw3iLDK6Axg4ViBnJ9K9XLLe9byPaydL3reX6nhNFet/br7/n4k /wC+z/jR9uvv+fiT/vs/416h7R5JRXrf26+/5+JP++z/AI0fbr7/AJ+JP++z/jQB5JRXrf26+/5+ JP8Avs/40fbr7/n4k/77P+NAHklekeA/+PHWv+uafykrT+3X3/PxJ/32f8a29KubmSzv2kldikeV JYkg4bpQBzNFW/t19/z8Sf8AfZ/xo+3X3/PxJ/32f8aAKlFW/t19/wA/En/fZ/xo+3X3/PxJ/wB9 n/GgCpRVv7dff8/En/fZ/wAaPt19/wA/En/fZ/xoAqUVb+3X3/PxJ/32f8aPt19/z8Sf99n/ABoA wviL/wAhuD/r3X/0N64GvSvHmpajZ6vDFaXUsCGBSVR2UZ3NzgHrXFf25rf/AEELj/v6/wDjQBlU Vq/25rf/AEELj/v6/wDjR/bmt/8AQQuP+/r/AONAGVRWr/bmt/8AQQuP+/r/AONH9ua3/wBBC4/7 +v8A40AZVFav9ua3/wBBC4/7+v8A40f25rf/AEELj/v6/wDjQB1PhH/kCeIf+vf/ANkkrga9T8F6 hf3VnqzXVzLMY40KF3ZipIfpk8dKsfbr7/n4k/77P+NAHklFet/br7/n4k/77P8AjR9uvv8An4k/ 77P+NAHklFet/br7/n4k/wC+z/jR9uvv+fiT/vs/40AeSUV639uvv+fiT/vs/wCNH26+/wCfiT/v s/40AeSV33xF/wCQ3B/17r/6G9bv26+/5+JP++z/AI1nePNS1Gz1eGK0upYEMCkqjsozubnAPWgD zWitX+3Nb/6CFx/39f8Axo/tzW/+ghcf9/X/AMaAMqitX+3Nb/6CFx/39f8Axo/tzW/+ghcf9/X/ AMaAMqitX+3Nb/6CFx/39f8Axo/tzW/+ghcf9/X/AMaAMqitX+3Nb/6CFx/39f8Axo/tzW/+ghcf 9/X/AMaAOp0//kn2p/8AXwv84q4GvXPDV9ez+F7u4nuJJJVnwHZyWAwnAJOccmk+3X3/AD8Sf99n /GgDySivW/t19/z8Sf8AfZ/xo+3X3/PxJ/32f8aAPJKK9b+3X3/PxJ/32f8AGj7dff8APxJ/32f8 aAPJKK9b+3X3/PxJ/wB9n/Gj7dff8/En/fZ/xoA850P/AJDen/8AXxF/6GK9Q1v/AJCc3/Af/QRS WV7ePeQK08hBkUEFjgjP1qzrF3dRajMkczoo24AYgfdHvQBhUVb+3X3/AD8Sf99n/Gj7dff8/En/ AH2f8aAKlFW/t19/z8Sf99n/ABo+3X3/AD8Sf99n/GgCpRVv7dff8/En/fZ/xo+3X3/PxJ/32f8A GgCpW2v/ACLN3/10H80rP+3X3/PxJ/32f8a11urn/hHrqfzn8xZAA247gMr0PWsq/wAEvRmGJ/hy 9GcTRV3+0tR/5+pf++2/xo/tLUf+fqX/AL7b/Gvm7R7nyVo9/wAP+CUqKu/2lqP/AD9S/wDfbf40 f2lqP/P1L/323+NFo9wtHv8Ah/wSlRV3+0tR/wCfqX/vtv8AGj+0tR/5+pf++2/xotHuFo9/w/4J Sq7pv/IRtf8Arqn/AKEKP7S1H/n6l/77b/Gren6hfvf2yPcysrSoCC7EEFh71dNR5lqXSUeZa/h/ wTlPGv8AyM15/wBs/wD0WtctXceLtV1S28Q3cFteTRRr5eFSRlUZRScAHHWuc/tzW/8AoIXH/f1/ 8a+mPsTKorV/tzW/+ghcf9/X/wAaP7c1v/oIXH/f1/8AGgDKorV/tzW/+ghcf9/X/wAaP7c1v/oI XH/f1/8AGgDKorV/tzW/+ghcf9/X/wAaP7c1v/oIXH/f1/8AGgDqdP8A+Sfan/18L/OKuBr0qx1L UX8DajdvdStOk6hZC7FwMx8Bs5A5NcV/bmt/9BC4/wC/r/40AZVFav8Abmt/9BC4/wC/r/40f25r f/QQuP8Av6/+NAGVRWr/AG5rf/QQuP8Av6/+NH9ua3/0ELj/AL+v/jQBlUVq/wBua3/0ELj/AL+v /jR/bmt/9BC4/wC/r/40AZVdT4K/5Gaz/wC2n/otqy/7c1v/AKCFx/39f/Guj8I6rqlz4htILm8m ljbzMq8jMpwjEZBOOtAGjqX/ACEbr/rq/wD6EapVDq2rapHqt5HHeTKizSAASMAAGOABms/+2dX/ AOf6f/v6/wDjXzVSMeZ6/wBfeegvDypNc/tVrrt/wTWorJ/tnV/+f6f/AL+v/jR/bOr/APP9P/39 f/Gp5I9/6+8r/iHFT/n8vu/4JrUVk/2zq/8Az/T/APf1/wDGj+2dX/5/p/8Av6/+NHJHv/X3h/xD ip/z+X3f8E1qKyf7Z1f/AJ/p/wDv6/8AjR/bOr/8/wBP/wB/X/xo5I9/6+8P+IcVP+fy+7/gnorf 8izaf9dD/N6xK2bW8u28LWdw07mVpGBcsdxG5+pzntVH7dff8/En/fZ/xr6Kh8EfQ8+eGdFui3fl 0+7QqUVb+3X3/PxJ/wB9n/Gj7dff8/En/fZ/xrUkqUVb+3X3/PxJ/wB9n/Gj7dff8/En/fZ/xoAq UVb+3X3/AD8Sf99n/Gj7dff8/En/AH2f8aALWif8hOH/AIF/6Caq3/8Ax/XH/XR/5mtLR7u6l1GF JJndTuyCxI+6fevONZ1nV4tXvoor6dESeUKolYAAMcADPSgDqqK4T+3Nb/6CFx/39f8Axo/tzW/+ ghcf9/X/AMaAO7orhP7c1v8A6CFx/wB/X/xo/tzW/wDoIXH/AH9f/GgDu6K4T+3Nb/6CFx/39f8A xo/tzW/+ghcf9/X/AMaAO7roLj/kXrX/AK6H+bV5J/bmt/8AQQuP+/r/AONdrfalqKeBtOu0upVn edg0gdg5GZOC2ckcCgCaiuE/tzW/+ghcf9/X/wAaP7c1v/oIXH/f1/8AGgDu6K4T+3Nb/wCghcf9 /X/xo/tzW/8AoIXH/f1/8aAO7orhP7c1v/oIXH/f1/8AGj+3Nb/6CFx/39f/ABoA7utXRP8AkJw/ 8C/9BNeX/wBua3/0ELj/AL+v/jXR+EdV1S58Q2kFzeTSxt5mVeRmU4RiMgnHWgDR1L/kI3X/AF1f /wBCNUq2NQ1C/S/uUS5lVVlcAB2AADH3qp/aWo/8/Uv/AH23+NfM1FHmep8dVUeZ6/h/wSlRV3+0 tR/5+pf++2/xo/tLUf8An6l/77b/ABqLR7kWj3/D/glKirv9paj/AM/Uv/fbf40f2lqP/P1L/wB9 t/jRaPcLR7/h/wAEpUVd/tLUf+fqX/vtv8aP7S1H/n6l/wC+2/xotHuFo9/w/wCCUqs+OP8AkHaH /wBcm/8AQY6k/tLUf+fqX/vtv8a6vUrm5Sw050ldWeLLEMQSdq9fWvSy23M7Hr5QlzSseF0V639u vv8An4k/77P+NH26+/5+JP8Avs/41657p5JRXrf26+/5+JP++z/jR9uvv+fiT/vs/wCNAHklFet/ br7/AJ+JP++z/jR9uvv+fiT/AL7P+NAHkld98Ov+Q3P/ANe7f+hpW79uvv8An4k/77P+NbegXNzN eOs0ruBGThmJGcj1oA5mirf26+/5+JP++z/jR9uvv+fiT/vs/wCNAFSirf26+/5+JP8Avs/40fbr 7/n4k/77P+NAFSirf26+/wCfiT/vs/40fbr7/n4k/wC+z/jQBUoq39uvv+fiT/vs/wCNH26+/wCf iT/vs/40AZnjz/jx0X/rm/8AKOvN69T8aahf2tnpLWtzLCZI3LlHZSxATrg89a4H+3Nb/wCghcf9 /X/xoAyqK1f7c1v/AKCFx/39f/Gj+3Nb/wCghcf9/X/xoAyqK1f7c1v/AKCFx/39f/Gj+3Nb/wCg hcf9/X/xoAyqK1f7c1v/AKCFx/39f/Gj+3Nb/wCghcf9/X/xoA6n4df8huf/AK92/wDQ0ptXvAep ajeavNFd3Us6CBiFd2YZ3LzgnrSf2lqP/P1L/wB9t/jXl5nb3b+Z4ucJe7fz/QpUVd/tLUf+fqX/ AL7b/Gj+0tR/5+pf++2/xryrR7ni2j3/AA/4JSoq7/aWo/8AP1L/AN9t/jR/aWo/8/Uv/fbf40Wj 3C0e/wCH/BKVFXf7S1H/AJ+pf++2/wAaP7S1H/n6l/77b/Gi0e4Wj3/D/glKun13/kHaV/1y/wDZ UrF/tLUf+fqX/vtv8a6LWbu7isNMeKZ0aSLLEMQWO1evrXRSUeSfy/M6aKj7Oevb8/U5Cirv9paj /wA/Uv8A323+NH9paj/z9S/99t/jXPaPc5rR7/h/wSlRV3+0tR/5+pf++2/xo/tLUf8An6l/77b/ ABotHuFo9/w/4JSoq7/aWo/8/Uv/AH23+NH9paj/AM/Uv/fbf40Wj3C0e/4f8EpUVd/tLUf+fqX/ AL7b/Gj+0tR/5+pf++2/xotHuFo9/wAP+Caemf8AIE1v/r3b/wBAevI69t0O7uprPUWlmdykYKlm JIOG6Z6Vm/br7/n4k/77P+Ne/gv4SsfT5db2Mbf1qeSUV639uvv+fiT/AL7P+NH26+/5+JP++z/j XUdp5JRXrf26+/5+JP8Avs/40fbr7/n4k/77P+NAHklFet/br7/n4k/77P8AjR9uvv8An4k/77P+ NAHkle4eI/8Aj+T/AK5j+ZrK+3X3/PxJ/wB9n/GtvX7m5hvEWGV0BjBwrEDOT6UAczRVv7dff8/E n/fZ/wAaPt19/wA/En/fZ/xoAqUVb+3X3/PxJ/32f8aPt19/z8Sf99n/ABoAqUVb+3X3/PxJ/wB9 n/Gj7dff8/En/fZ/xoAqVbsP+P63/wCuifzFH26+/wCfiT/vs/41Zsr28e8gVp5CDIoILHBGfrQB 6BWD4m/5A8n/AF0g/wDRqVvVg+Jv+QPJ/wBdIP8A0alAH//U/ejQ/wDkCaf/ANe8X/oArUrL0P8A 5Amn/wDXvF/6AK1KAPzjr6Of4H2CeGmvDfTHU1gMuPl8ncF3bcY3Y7Z3e+O1fO9uszTxrboXk3Da oG4k9uO9fdB1zVf+EL/t0ae/9om18z7KEbd5xGMbPvYzzjrigD4Rr7Ir48njmimeO4QxyqTuVhtI PuO1fYdAHz3oHx+stY/aD8R/AO50hrObRbSO6t9QM+5LtjFDLJEI/LXYyLODw7ZAJOOKwV/aUj1D x58R/Avh7QEvpPAFnFOLiXUIrSG8nYhZId8qCOERuShdnI3KQQK8j+Inhjx/ovjf4g/Fvwl4bu9U 1fwr4g0bVNMt0hkDapatpcdlfQQMFYuNjtkoGw8YGCRiuR1X4ReONA0LxXph0i81LUtR+H0Iu54I JJVutbvNSuby8jjZVw8m+UnYvIXbwBitKEU3Hm7a+bcXJP06eqCo9Lrq1/6Uov8Az9G+11+gmo+O PBej63Z+GdX1/T7HWNRx9msp7uKO5nzwPLiZg78/3Qa4fwr8afB2varqGgavqNhour2+sXuk2tlP fRfabw2bhPMiibY535+6obHqa+X9d0S00XV/ip4c8b/C7UfHOteMNXiu9Mmt7SQW99ZvHClrC2px giz+xsjbi7IUHzoG3ct8VfCe6k+Enxb1e08KSS+LtT8UzX9m4s2lvJBb3cH2eSBinmPGqqzKRlSC 56M1KjG9m+qv87w09VdplVIq1k9eZL8Ja+jsnc+1NX+IHgLw/rNr4c17xJpmm6te7RBZ3N5DDcTb zhfLidg7ZPAwDk1NrHjjwV4e1ay0HX/EGn6ZqepHFra3V3FDPcEnb+6jdgz88fKDzX5r/HHw7428 QTfFvR4PCuoW99qt3m1ttM8NvqB1eGC3jMN1Nq1wJYkACkLDB5boy7YwZGObvxE8A+Ibnxf8TE8R 6b4iuofGy2b6fFp/h621NL22NrHFHA15NBK9lLBKpyJWjWPAlXLc1jGd0nbpf/geu/no9E9CpQs7 N/13/r77an6E+HfGv9veMvFnhL7H5H/CLyWSed5m7z/tduJ87No2bc7erZ68dK8Y1r42/Fk+MPFv h/wF8L08T6f4RuYrWe7/ALbhs5ZZJLWK6IS3lgPIWUAfvME9x0Gx8FfDWv8Ah3xX4zj1yC7G+DQI kubrLG5e202OKVvOACSsHBDsvG7PSvnLxdofhyH4mfFT/hOfCXjzU11m/t2s28OxaqtndW/9m20T DNtJHbO3mK6kyZHGGOAQKrpxm4xd9H83p/wTODvGLfW35M+xNA+MfgDV/hxonxR1TVbfw7omuQxy xSapPFaBHkH+qZpHCbwQRgMc44yKj8VfFvw34T17wxY6lc2kej+I7e+uTqkt3HDbQR2cccgbcw2M sgfht6gAZ5zXwXF8Ofir4dtfhNrXju31S0sdC0K/0pTp2j22u3OmyPcbrUXFoIZgpkskSJ5ooy29 drkBzn0j4Y/CJnm+EsOt+GtROjadfeJNVS21ezhU2RuQrW3nW8EYgtdzM0kUOAY2wByuBq4puVtN X+Da++2q/piWlr6/8Nf7r6f1Y+0Z/iH4AtdCtvFF14m0yHRrxWeC9e9gW1lVASxSYvsYAAkkHjFY +mfE3QJLXVdT8Q32naNptneyW1rdvqVtJDdwJbJc+duVgIjsZyY2O4InmH5SDXyT4e+E8994z0vQ 9e8JvJ4YsPiB4ivoreexzZJaSac7QS7WTZ5LXLHy2Py78BTwBW5/wrKfVfG1np+reGZJdDh+I9zq Aje0JtVtIfD+yCbBXYIRcIqK33d4Cg54qKavLXrFNeV3D8VzP7n8tKkeVPybXrbm/Oy+/wC/66h8 c+Cbnw0/jS38QafL4fjVnbUUu4Ws1VTtYmcN5YAPBO7g1HYePvAuq6Xda5pfiPTbzTbGJZri5hvI ZIIYmBZXkkViqqQCQxIBAzXxV4w8DP4e1LV74eE5Lzw3ZfEWDVpdJgtwDqFs2iQq8lpbNtW7KXRa UxoGLNG+AWUivFfE/hPVPH+ufE/VPAPhTUND0i38SeFdR1HTVsIvttzaW9vNJPINMlBWR2aSOf7P KmX4LpvJWimuZX22+V+XXptzP7vW021afn87X0Xnp+Ppf9QdP8d+B9W0E+KdL8Q6deaKH8s30N3D Ja7ywTb5ysUzuIXGc5IHWtPQfEOgeKdMj1rwxqdrq+nzFlS5s5kuIXKMVYLJGWUlWBBweCMGvzpX 4bal4p8PfEOWDS9f1Ow8R3/he2nfUNIi0n7etvqMTXMsWnwwRShYoWIlnljG4A9VQkfo1o2h6L4c 0+PSPD+n2+mWMJYpb2sSQxKXYsxCIAoLMSTgckk0+XS7IT6GpRRRUlHdaNqH2yDypD+9i4PuOx/x r51r33w/YFAb6TgsMIPbua8CoAKKKKACuQn1S9u/EEWnac+2KA5lOAQcfez9On1qHX5NZ0y7bUbW UvbOu0qeVQ4x0+vIP4Ve8L6Y1nZm6nH7+5+Y56hew/HrQB09FFFABXfeLv8AkCeHv+vf/wBkjrga 77xd/wAgTw9/17/+yR0AcDRRRQAVmavqK6ZYyXJ5fog9WPT/ABqbUYLi5spYbWUwysPlYcYIPr2z 0rz6GHVda1CDTNSzttMmQnrj3PcnoD+NAHZeHpL+bTln1B97yksuRg7T06fnW5SKoVQqjAHAFLQA V33w6/5Dc/8A17t/6GlcDXffDr/kNz/9e7f+hpQA2iiivkz4cKKK57xNZape6WyaPcNBcIwcbW2l wM/LkdM//rrOrNxi5JXM61Rxi5JXt0KfjHXjoelk27Yurg7Ivb1b8B+uK1tBGojSLY6q++6ZcuSM Hk5AOO4GAa8x0G31PxXr6XmtqfL01VVgRtBdegI9SeW/L0r2WuDBVJVZuttHZL82eZl9WVecq+qj sl+bCiiivTPXCu08R/8AH8n/AFzH8zXF12niP/j+T/rmP5mvWyv7Xy/U9zJvt/L9Tn6KKK9Y9wKK KKACiiigAroNH/48dR/65/0aufroNH/48dR/65/0agDn6KKKACiiigAooooAKKKKAM34i/8AIbg/ 691/9DeuBrvviL/yG4P+vdf/AEN64GgAoorI1q2vrmxK6fKYplIYbTgsB2zQBX8RaqdLssxHE8vy p7ep/Cr+lC8Gnw/b23Tlct688gH3AridKhvdd1VbjUh8lkACCMfMOgx655NejUAFFFFAHpHgP/jx 1r/rmn8pKsVX8B/8eOtf9c0/lJVigAooooAKKKKACiiigArN+Iv/ACG4P+vdf/Q3rSrN+Iv/ACG4 P+vdf/Q3oA4GiiigApkkiRRtLIdqICST2Ap9eY6j/b9u76NNI06XTDYxySwz0B7e47fSgDotB1HU NVvrq6dsWY+VFwOD2/HHX611lUdNsY9Oso7SPnYOT6sepq9QAUUUUAepeFf+RRvf+vj+kdNp3hX/ AJFG9/6+P6R02gAooooAKKKKACiiigC3Yf8AH9b/APXRP5irWt/8hOb/AID/AOgiqth/x/W//XRP 5irWt/8AITm/4D/6CKAMqiiigAooooAKKKKACttf+RZu/wDroP5pWJW2v/Is3f8A10H80rLEfw5e jMMV/Cl6M5CiiivmD44Kjmljt4nnmYJHGCzE9AByTUleHaz/AMJbZyyeG7iV7uO/kHlyHJLDPQHs Om4dvp14sbjPYxvyt/59PvPPzDHewjzcrd/z6fedj4T1jVte1S+v5H26cvyRoQOGyMYPqB1+tegV l6NpcOjabDp8PPlj5m/vMep/E1qVpg6co00pu76muBpThSSqO8t38wq7pv8AyEbX/rqn/oQqlV3T f+Qja/8AXVP/AEIV2U/iR30viRz/AI1/5Ga8/wC2f/ota5aup8a/8jNef9s//Ra1y1fUn2gUUVz/ AIgg1R4I7jTJWVoCWZF/iH9cenegCt4k1aezWKysT/pM5GMckDp+ZPFdHbrMtvGtw26UKA5Hdsc1 xPh63uNV1GTXL4fcOEGON3Tj2A/Wu8oAKKKKAO+0/wD5J9qf/Xwv84q4Gu+0/wD5J9qf/Xwv84q4 GgAooooAK5DXNVvDqEGk6U+2ZiC5GDjPQflyal8QjVraSPU7CQmKEYePt16kdx6+lV/C1jLI0utX nMtwTtz6Hqfx6D2oA7Ie9FFFABXU+Cv+Rms/+2n/AKLauWrqfBX/ACM1n/20/wDRbUAM1n/kMX3/ AF3l/wDQjWbWlrP/ACGL7/rvL/6Eaza+an8TP2LDfw4+iCiiioNgooooAKKKKAPTbT/kULH/AK6N /wChPWdWjaf8ihY/9dG/9Ces6vo6HwR9D8kzL/eKn+J/mFFFFanEFFFFABRRRQBq6J/yE4f+Bf8A oJry/XP+Q3qH/XxL/wChmvUNE/5CcP8AwL/0E15frn/Ib1D/AK+Jf/QzQBlUUUUAFchrmq3h1CDS dKfbMxBcjBxnoPy5NS+IRq1tJHqdhITFCMPH269SO49fSq/haxlkaXWrzmW4J259D1P49B7UAdkP eiiigArvtQ/5J9pn/Xw385a4Gu+1D/kn2mf9fDfzloA4GiiigAqteXUVlayXUx+WMZ+voPxqSdHl gkjjfy3dSAw/hJHB/CvM5o9cup4vD14xbD7t5ycr657gf/WoA6vw1dajfQz3l62Y5G/djGMY649u 34V01Q28EdrAlvCMJGAoHsKmoAK6nwV/yM1n/wBtP/RbVy1dT4K/5Gaz/wC2n/otqAOg1L/kI3X/ AF1f/wBCNUqu6l/yEbr/AK6v/wChGqVfLVPiZ8XV+JhRRWZrFreXumT21hOba4dfkcHBBBz1HIz0 yKynJpNpXMKkmotpXK/iHWI9D0qa+bBkA2xqf4nPT/E+1UfB8urXOjJdavIZJJ2LpkAERnpnHryR 7GvN7W317xLq9romt7tmnZMpPXbnqx7luAD6c+te3qqooRBtVRgAdABXm4StKtUdTVRWiXn1+7Y8 rBV54iq6uqitEvPrf02HUUUV6h7AV2Oqf8g7TP8Arl/7KtcdXY6p/wAg7TP+uX/sq16mWfEz2cn+ KRhUUUV7B74UUUUAFFFFABXQeHP+P5/+uZ/mK5+ug8Of8fz/APXM/wAxQBz9FFFABRRRQAUUUUAF FFFAFfx5/wAeOi/9c3/lHXm9ekePP+PHRf8Arm/8o683oAKKKpajBcXNlLDaymGVh8rDjBB9e2el AEOr6iumWMlyeX6IPVj0/wAareHpL+bTln1B97yksuRg7T06fnXGww6rrWoQaZqWdtpkyE9ce57k 9Afxr01VCqFUYA4AoAWiiigDvvh1/wAhuf8A692/9DSm074df8huf/r3b/0NKbXk5p9n5/oeHnP2 Pn+gUUUV5J4YV53d69qWoeLrfR9Hk2wWpzOcAhsffB9h90e9VvFs/iXQ9QfWbGdpLKVdhQ5KRnGM lfryD68H31PAuiNpumm/ugftV787buoTsD7nqf8A61eRVrzq1VRimrO7fl0t6niVsTOtWWHinGzu 35La3qdzRRRXrnthXT67/wAg7Sv+uX/sqVzFdPrv/IO0r/rl/wCypXTS+Cfy/M66P8Op8vzOYooo rmOQKKK8e8UTeKNEu7tVne4s9SyqE5bZuP3VH8JxwMdRz16cmMxXsY8zTaOLHY32EOdxbXkbula7 qWu+LJVsZMaXaKQwwMN1AOeuS3I9hXolc14U0QaHpMcDjFxL88p/2j2/AcV0tLAwmoXqPV6+nkLL 6dRU71X7z19L9PkFFFFdh3HVeHv+PHU/+uY/k1ZNa3h7/jx1P/rmP5NWTX0OB/hL+up9Vlv8GPz/ ADCiiius7gooooAKKKKACug8R/8AH8n/AFzH8zXP10HiP/j+T/rmP5mgDn6KKKACiiigAooooAKt 2H/H9b/9dE/mKqVbsP8Aj+t/+uifzFAHpNYPib/kDyf9dIP/AEalb1YPib/kDyf9dIP/AEalAH// 1f3o0P8A5Amn/wDXvF/6AK1Ky9D/AOQJp/8A17xf+gCtSgD4T8JeNdS8GS3E+l29vNJchQWnQsyh c8KVZcZzz64HpXcf8L18Yf8APtZf9+5P/jlP/wCF7+Lv+fSx/wC/cv8A8co/4Xv4u/59LH/v3L/8 coA4Txb411LxnLbz6nb28MlsGAaBCrMGxwxZmzjHHpk19MV5F/wvfxd/z6WP/fuX/wCOV77/AMJH ff3I/wAj/jQBz9FdB/wkd9/cj/I/40f8JHff3I/yP+NAHP0V0H/CR339yP8AI/40f8JHff3I/wAj /jQBz9FdB/wkd9/cj/I/40f8JHff3I/yP+NAHP0V0H/CR339yP8AI/40f8JHff3I/wAj/jQBz9Fd B/wkd9/cj/I/40f8JHff3I/yP+NAHP0V0H/CR339yP8AI/40f8JHff3I/wAj/jQB5b45+H/hH4k6 NHoPjKw+3WkM8V1CVkkglguITmOWGaFkkjdecMjA4JHQkVH4G+HXg74b6fc6b4PsDaJeztc3Mkk0 tzcXE79ZJp53klkbHALMcDgYHFerf8JHff3I/wAj/jR/wkd9/cj/ACP+NC02G3eyZz9FdB/wkd9/ cj/I/wCNH/CR339yP8j/AI0COfrS0yxN9chD/q05c+3p+NXv+Ejvv7kf5H/GtDTNce6uPIulVd33 SuRz6HJNAHRqoVQqjAHAFfLlfUleWYg/59bf/vxF/wDE0AeXUV6jiD/n1t/+/EX/AMTRiD/n1t/+ /EX/AMTQB5dRXqOIP+fW3/78Rf8AxNGIP+fW3/78Rf8AxNAHl1Feo4g/59bf/vxF/wDE0Yg/59bf /vxF/wDE0AeXV33i7/kCeHv+vf8A9kjrTxB/z62//fiL/wCJrf1cRfYdO3QxOPL4DRIwXhfugggD 6UAeH0V6jiD/AJ9bf/vxF/8AE0Yg/wCfW3/78Rf/ABNAHl1Feo4g/wCfW3/78Rf/ABNGIP8An1t/ +/EX/wATQB5dRXqOIP8An1t/+/EX/wATRiD/AJ9bf/vxF/8AE0AeXV33w6/5Dc//AF7t/wChpWni D/n1t/8AvxF/8TW/4cEQvn2QxRnyzykSIeo7qAcUAcXRWd/bmoesX/fiL/4ij+3NQ9Yv+/EX/wAR XzHJHv8A1950f8Q7xf8Az8j+P+Ro0Vnf25qHrF/34i/+Io/tzUPWL/vxF/8AEUcke/8AX3h/xDvF /wDPyP4/5GjRWd/bmoesX/fiL/4ij+3NQ9Yv+/EX/wARRyR7/wBfeH/EO8X/AM/I/j/kaNFZ39ua h6xf9+Iv/iKP7c1D1i/78Rf/ABFHJHv/AF94f8Q7xf8Az8j+P+Ro12niP/j+T/rmP5mvOv7c1D1i /wC/EX/xFel6/cSRXiKoQjywfmRWPU9yDXp5akua3kZz4dq4D+LJPm7X6eqXc5mirf2yb+7H/wB+ k/wo+2Tf3Y/+/Sf4V6hmVKKt/bJv7sf/AH6T/Cj7ZN/dj/79J/hQBUoq39sm/ux/9+k/wo+2Tf3Y /wDv0n+FAFSug0f/AI8dR/65/wBGrK+2Tf3Y/wDv0n+FbelXEj2d+zBAUjyMIoHRuoA5/GgDmaKt /bJv7sf/AH6T/Cj7ZN/dj/79J/hQBUoq39sm/ux/9+k/wo+2Tf3Y/wDv0n+FAFSirf2yb+7H/wB+ k/wo+2Tf3Y/+/Sf4UAVKKt/bJv7sf/fpP8KPtk392P8A79J/hQBhfEX/AJDcH/Xuv/ob1wNe4eIx Eb5N8MUh8scvEjnqe7AnFYGIP+fW3/78Rf8AxNAHl1Feo4g/59bf/vxF/wDE0Yg/59bf/vxF/wDE 0AeXUV6jiD/n1t/+/EX/AMTRiD/n1t/+/EX/AMTQB5dRXqOIP+fW3/78Rf8AxNGIP+fW3/78Rf8A xNAFbwH/AMeOtf8AXNP5SVYrodGKJZ6g0cUUZEYPyRogPDdQoGfxrJ+2Tf3Y/wDv0n+FAFSirf2y b+7H/wB+k/wo+2Tf3Y/+/Sf4UAVKKt/bJv7sf/fpP8KPtk392P8A79J/hQBUoq39sm/ux/8AfpP8 KPtk392P/v0n+FAFSs34i/8AIbg/691/9Det37ZN/dj/AO/Sf4Vq+IxEb5N8MUh8scvEjnqe7AnF AHh9Feo4g/59bf8A78Rf/E0Yg/59bf8A78Rf/E0AeXUV6jiD/n1t/wDvxF/8TRiD/n1t/wDvxF/8 TQB5dRXqOIP+fW3/AO/EX/xNGIP+fW3/AO/EX/xNAHl1Feo4g/59bf8A78Rf/E0Yg/59bf8A78Rf /E0AL4V/5FG9/wCvj+kdNrorRxFoFy8UcceJBwsaKv8AD1UDBP4VkfbJv7sf/fpP8KAKlFW/tk39 2P8A79J/hR9sm/ux/wDfpP8ACgCpRVv7ZN/dj/79J/hR9sm/ux/9+k/woAqUVb+2Tf3Y/wDv0n+F H2yb+7H/AN+k/wAKACw/4/rf/ron8xVrW/8AkJzf8B/9BFJZXcrXkClY8GRRxGgPX1AqzrFzJHqM yKEIG3rGjH7o7kZoAwqKt/bJv7sf/fpP8KPtk392P/v0n+FAFSirf2yb+7H/AN+k/wAKPtk392P/ AL9J/hQBUoq39sm/ux/9+k/wo+2Tf3Y/+/Sf4UAVK21/5Fm7/wCug/mlZ/2yb+7H/wB+k/wrXW4k /wCEeupcJuWQDGxdvVeq4wfyrKv8EvRmGJ/hy9GcTRV37fP/AHYv+/Mf/wATR9vn/uxf9+Y//ia+ btHufJWj3/D/AIJSoq79vn/uxf8AfmP/AOJo+3z/AN2L/vzH/wDE0Wj3C0e/4f8ABKVFXft8/wDd i/78x/8AxNH2+f8Auxf9+Y//AImi0e4Wj3/D/glKrum/8hG1/wCuqf8AoQo+3z/3Yv8AvzH/APE1 b0+9me/tlKxYMqDiKMH7w7hcirpqPMtS6SjzLX8P+Ccp41/5Ga8/7Z/+i1rlq7jxdqVxb+IbuGNI Sq+Xy8ETtyinlmUk/nXOf2xd/wDPO3/8BYP/AIivpj7EyqK1f7Yu/wDnnb/+AsH/AMRR/bF3/wA8 7f8A8BYP/iKAMqitX+2Lv/nnb/8AgLB/8RR/bF3/AM87f/wFg/8AiKAMqitX+2Lv/nnb/wDgLB/8 RR/bF3/zzt//AAFg/wDiKAOp0/8A5J9qf/Xwv84q4GvWfD1y134UvJJ44mxPjaIo1Q/c6qFCk+5F V8Qf8+tv/wB+Iv8A4mgDy6ivUcQf8+tv/wB+Iv8A4mjEH/Prb/8AfiL/AOJoA8uor1HEH/Prb/8A fiL/AOJoxB/z62//AH4i/wDiaAPLqK9RxB/z62//AH4i/wDiaMQf8+tv/wB+Iv8A4mgDy6up8Ff8 jNZ/9tP/AEW1dRiD/n1t/wDvxF/8TWpogi/tOHbBCh+blIY1YfKehVQaAOA1n/kMX3/XeX/0I1m1 0WralcR6reIqQkLNIBmCInhj1JTJ+prP/tW6/uQf+A8P/wARXzk1Hmep+t4eVT2cdFsuv/AM2itL +1br+5B/4Dw//EUf2rdf3IP/AAHh/wDiKm0e5vzVOy+//gGbRWl/at1/cg/8B4f/AIij+1br+5B/ 4Dw//EUWj3Dmqdl9/wDwDNorS/tW6/uQf+A8P/xFH9q3X9yD/wAB4f8A4ii0e4c1Tsvv/wCAd3af 8ihY/wDXRv8A0J6zq2bW6lbwtZzlU3NIwIEaBfvP0XG0fgKo/bJv7sf/AH6T/CvoKPwR9D8pzG/1 ipf+Z/mVKKt/bJv7sf8A36T/AAo+2Tf3Y/8Av0n+FanGVKKt/bJv7sf/AH6T/Cj7ZN/dj/79J/hQ BUoq39sm/ux/9+k/wo+2Tf3Y/wDv0n+FAFrRP+QnD/wL/wBBNeX65/yG9Q/6+Jf/AEM16xo9zJJq MKMEAO7pGin7p7gZrzjWdVuo9Xvo1SAhZ5QM28LHhj1JQkn3NAHM0Vq/2xd/887f/wABYP8A4ij+ 2Lv/AJ52/wD4Cwf/ABFAGVRWr/bF3/zzt/8AwFg/+Io/ti7/AOedv/4Cwf8AxFAGVRWr/bF3/wA8 7f8A8BYP/iKP7Yu/+edv/wCAsH/xFAGVXfah/wAk+0z/AK+G/nLXLf2xd/8APO3/APAWD/4iu1vr +dfA2nXQWLe87AgwxlOsnRCu0HjqB/M0Aea0Vq/2xd/887f/AMBYP/iKP7Yu/wDnnb/+AsH/AMRQ BlUVq/2xd/8APO3/APAWD/4ij+2Lv/nnb/8AgLB/8RQBlUVq/wBsXf8Azzt//AWD/wCIo/ti7/55 2/8A4Cwf/EUAZVdT4K/5Gaz/AO2n/otqy/7Yu/8Annb/APgLB/8AEV0fhHUri48Q2kMiQhW8zlII kbhGPDKoI/OgDR1L/kI3X/XV/wD0I1Spuq6xfRapeRIYtqTSAZhiJwGPcrk/jVD+3NQ9Yv8AvxF/ 8RXzVSMeZ6/195uvD/FT99Tjrr1/yNGis7+3NQ9Yv+/EX/xFH9uah6xf9+Iv/iKnkj3/AK+8f/EO 8X/z8j+P+Ro0Vnf25qHrF/34i/8AiKP7c1D1i/78Rf8AxFHJHv8A194f8Q7xf/PyP4/5GjRWd/bm oesX/fiL/wCIo/tzUPWL/vxF/wDEUcke/wDX3h/xDvF/8/I/j/kaNdjqn/IO0z/rl/7Ktee/25qH rF/34i/+Ir0W8upRpely4QtJCCcopGdq9ARgfhXo5ckpOxnPhmtgPfqyTvppf/I5+irf2yb+7H/3 6T/Cj7ZN/dj/AO/Sf4V6xmVKKt/bJv7sf/fpP8KPtk392P8A79J/hQBUoq39sm/ux/8AfpP8KPtk 392P/v0n+FAFSug8Of8AH8//AFzP8xWV9sm/ux/9+k/wrb0C4klvHVggHlk/Kiqeo7gCgDmaKt/b Jv7sf/fpP8KPtk392P8A79J/hQBUoq39sm/ux/8AfpP8KPtk392P/v0n+FAFSirf2yb+7H/36T/C j7ZN/dj/AO/Sf4UAVKKt/bJv7sf/AH6T/Cj7ZN/dj/79J/hQBmePP+PHRf8Arm/8o683r1PxpfTW 1npLRrETJG5O+KNx0ToGU469sVwP9sXf/PO3/wDAWD/4igDKorV/ti7/AOedv/4Cwf8AxFH9sXf/ ADzt/wDwFg/+IoAyqK1f7Yu/+edv/wCAsH/xFH9sXf8Azzt//AWD/wCIoAyqK1f7Yu/+edv/AOAs H/xFH9sXf/PO3/8AAWD/AOIoA6n4df8AIbn/AOvdv/Q0ptXvAd/PdavNHKsSgQMfkhjjP3l7ooOP ak+3z/3Yv+/Mf/xNeXmdvdv5ni5wl7t/P9ClRV37fP8A3Yv+/Mf/AMTR9vn/ALsX/fmP/wCJryrR 7ni2j3/D/glKirv2+f8Auxf9+Y//AImj7fP/AHYv+/Mf/wATRaPcLR7/AIf8EpUVd+3z/wB2L/vz H/8AE0fb5/7sX/fmP/4mi0e4Wj3/AA/4JSrp9d/5B2lf9cv/AGVKxft8/wDdi/78x/8AxNdFrNzJ HYaYyhCXiycxow+6vQEED8K6KSjyT+X5nTRUfZz17fn6nIUVd+3z/wB2L/vzH/8AE0fb5/7sX/fm P/4mue0e5zWj3/D/AIJSoq79vn/uxf8AfmP/AOJo+3z/AN2L/vzH/wDE0Wj3C0e/4f8ABKVFXft8 /wDdi/78x/8AxNH2+f8Auxf9+Y//AImi0e4Wj3/D/glKirv2+f8Auxf9+Y//AImj7fP/AHYv+/Mf /wATRaPcLR7/AIf8E3fD3/Hjqf8A1zH8mrJrd0O5kls9RZggKRgjbGijo3UADP41m/bJv7sf/fpP 8K9/BfwlY+ny63sY2/rUqUVb+2Tf3Y/+/Sf4UfbJv7sf/fpP8K6jtKlFW/tk392P/v0n+FH2yb+7 H/36T/CgCpRVv7ZN/dj/AO/Sf4UfbJv7sf8A36T/AAoAqV0HiP8A4/k/65j+ZrK+2Tf3Y/8Av0n+ Fbev3EkV4iqEI8sH5kVj1Pcg0AczRVv7ZN/dj/79J/hR9sm/ux/9+k/woAqUVb+2Tf3Y/wDv0n+F H2yb+7H/AN+k/wAKAKlFW/tk392P/v0n+FH2yb+7H/36T/CgCpVuw/4/rf8A66J/MUfbJv7sf/fp P8Ks2V3K15ApWPBkUcRoD19QKAPQKwfE3/IHk/66Qf8Ao1K3qwfE3/IHk/66Qf8Ao1KAP//W/ejQ /wDkCaf/ANe8X/oArUrL0P8A5Amn/wDXvF/6AK1KAPzjr21vglqyeHW1dr5Ptaw+d9m8s4wBu2+Z u+9j/Zxnv3rxRGCOrkBgpBwehx2r7qbxTZDwT/wlZgPkG187yT6kY2Zx68Zx70AfCdfZFfHDHcxb GMnoOlfY9AHzT40/aWtfBHihPCt/8OvGF7Nc3b2VncWmn27217MiNIfs7tdIWBRGYZUEhSccGvb/ AAd4lk8XeHbXxBLo2oaA115mbLVIkhu4tjsn7xEeRRu27lwxypB9q8m+M/8AyO/wf/7Gl/8A01X1 eRfGgfDCb43G3/aHlEfgxfD8b6Mt+8kemHUPOnF4VKkIbsQ+Vsyd4UnYM81EZaWfdr7o3/EJfFou if3tr8D7dor8gdQ/4SXUv+EAh+L19a2vgltG1JtNbxpHdvZy3H9oTi28/wAmWE/ahp3lGIzk/LuK AyHI9Z+H/wAPNF+Kl38LPD/xEubrxPoseieJby3+0rd2X2iCPULJLQlJJTO0UaODCZXLFQj9cGto Qu1fz+Vr7+em34iqPl8/Tztt3Wu/4H354O8Xab430iXWtKjligivb6xImCq/m6fcyWkpAVmG0vEx U5yVwSAcgdTX5X+NI7+XRvBVlrV1p9l4FfxL40/tFtajuJNGa9XV5zZJei3ki4++Y/Nby9w5BOKw rq205/hz4bs9S8U2E/huPxBq39jjW9Pvl8IywJbxrHayTPcmUQRv5jWcrl1LBgowoFZRlePN/W6W vZ63S7W7lqPvcvr+F392lm+mvY/W2kZgqlj0AzX5L6xd6Br3gH4etqz6doulWY1y3srPxVLfX3hi /CToqSw6gWimjbyw5szLE5EZIXlRu+9/2d9a/wCEg+CHhvVFsLrTYpLeVYoby4lu5TDHK6RuJp1S V45EAeIuoPlleowaqcWqcprp/wAH/LYhPVI4bw9+1VbeK9OtNa8P/C7xve6bfcw3Uem2phddxXeD 9ryVyDyByORX1XX5a/s//E/4ceH/AIaeE7fW/jzd6JNYoDPoxjsBFFsmYmAmSyefaRxnzScHKkDG Oj8W3Hwobxh8Sbn40T6mnj2HV4T4bTT5JRq405o4vsH9hq3ybnk8zzdgxv3CbitXBc/KvP8ANKy7 vW6S8xvq3p/T+dlbV+h99+E/GOmeMo9Vk0yKaIaPqN1pk3nKq7prRtrsm1myhP3ScH1ArrK/MjT5 dW0b4ny+KviURc/CyPxrq1vHCrMq2Osyyx/ZrzUQvySReZujTJ8uJ2V25IrzLQl1OfxTDc694hsN O+Kx8WNHJGtrqU3ibIuiyw4FysB09rUDpH9mEJ7uMnOmubkv1S/KP/yV/S3V2TrLldS2vK3915fl y2b7+Wp+sPi3xXo3gnQLnxLr8jxWNqYlcxo0jbppFiQBVBJy7qPQZySBk10dfmF4v+Enw8vfhH8T vix4k019R1qLxLqytcyyTyG3sLfXAHjSNXKhFSNnOEyMt6nP6O+E38OSeF9Ifwg0TaE1pAbAwHMJ tdg8ryz/AHdmMe1EbOCfXT8VcJaNpbXa+52OgooopCClBKkEHBFJRQB6DpV+L62BY/vU4Yf1/GvP q6nw7aSBmvGJCEbQP73r+VctQAUUUUAFFFFABRRRQAV0Gsf8eOnf9c/6LXP10Gsf8eOnf9c/6LQB z9FFFABRRRQAUUUUAFdB4c/4/n/65n+Yrn66Dw5/x/P/ANcz/MUAeR0UUV8uftAUUUUAFFFFABRR RQAV654j/wCP5P8ArmP5mvI69c8R/wDH8n/XMfzNeplv2vkfF8X/APLr5/oc/RRRXqHxYUUUUAFF FFABXQaP/wAeOo/9c/6NXP10Gj/8eOo/9c/6NQBz9FFFABRRRQAUUUUAFFFFAHQeI/8Aj+T/AK5j +Zrn66DxH/x/J/1zH8zXP0AFFFFABRRRQAUUUUAdBo//AB46j/1z/o1c/XQaP/x46j/1z/o1c/QA UUUUAFFFFABRRRQAV0HiP/j+T/rmP5mufroPEf8Ax/J/1zH8zQBz9FFFABRRRQAUUUUAFFFFAHQW /wDyL11/10H81rn66C3/AOReuv8AroP5rXP0AFFFFABRRRQAUUUUAW7D/j+t/wDron8xVrW/+QnN /wAB/wDQRVWw/wCP63/66J/MVa1v/kJzf8B/9BFAGVRRRQAUUUUAFFFFABW2v/Is3f8A10H80rEr bX/kWbv/AK6D+aVliP4cvRmGK/hS9GchRRRXzB8cFIzKil2OFUZJPQAUteJaz4h8UQJdeHNTQPcX LBUdAFyjHGFwOQ3Qd+oPPTjxmNjRV5J6/wBficGPzCOHinJPX8+3zO28OeJL7XtYvVjjUadAMI2C G3ZwOfcZPtxXb1heHNGTQ9KishgyfekI7uev5dB7Ct2rwkZqmvaPX+tDTAwqKkvau8nq/wDL5BV3 Tf8AkI2v/XVP/QhVKrum/wDIRtf+uqf+hCuyn8SO+l8SOf8AGv8AyM15/wBs/wD0WtctXU+Nf+Rm vP8Atn/6LWuWr6k+0Ciiuf8AEFxqtpDHdadgpGSZRjJI7fh645oATxBrLaVAi24DXExwoIzgDqcf oK27dpmt42uAFlKguB0DY5rhtHSXX9YfV7lcRQYCL1GR0H4dT7139ABRRRQB6l4V/wCRRvf+vj+k dNp3hX/kUb3/AK+P6R02gAooooAKKKKACiiigArV0T/kJw/8C/8AQTWVWron/ITh/wCBf+gmgDgN Z/5DF9/13l/9CNZtaWs/8hi+/wCu8v8A6Eaza+an8TP2LDfw4+iCiiioNgooooAKKKKAPTbT/kUL H/ro3/oT1nVo2n/IoWP/AF0b/wBCes6vo6HwR9D8kzL/AHip/if5hRRRWpxBRRRQAUUUUAauif8A ITh/4F/6Ca8v1z/kN6h/18S/+hmvUNE/5CcP/Av/AEE15frn/Ib1D/r4l/8AQzQBlUUUUAFcxrmt XFncwWGnqJLiUjIPOAeAPxpNev8AVdMnhvLcB7MDEi45znueo9vfrWf4atpb+7m167GWckR/yJH0 HAoA7ge9FFFABXfah/yT7TP+vhv5y1wNd9qH/JPtM/6+G/nLQBwNFFFABUU88dtC9xMdqRgsT7Ci cTGCQW5AlKnYT0DY4z+NeaXeo6zqITQblMTmTDHGMjtkDjA65FAHXeH9UvdVW4nuEVIQ2I8dfce+ OOa6KqtlaRWNrHaQ/djGPqe5/E1aoAK6nwV/yM1n/wBtP/RbVy1dT4K/5Gaz/wC2n/otqAGaz/yG L7/rvL/6Eaza0tZ/5DF9/wBd5f8A0I1m181P4mfsWG/hx9EFFFFQbBRRRQAUUUUAFeqXv/IH0j/r gv8A6CteV16pe/8AIH0j/rgv/oK16WXfEz5Li3+HD1MeiiivWPhAooooAKKKKACug8Of8fz/APXM /wAxXP10Hhz/AI/n/wCuZ/mKAOfooooAKKKKACiiigAooooAr+PP+PHRf+ub/wAo683r0jx5/wAe Oi/9c3/lHXm9ABRRVLURemyl/s8gXGPlz9eevGcdKADUb2PTrOS7k5CDgepPQVS0G9vNQsPtV6oU ux27RjK+v55rimutQ8R3NtpdwvlmIkykDHTqSOxA4+temRRpDGsUY2ogAAHYCgB9FFFAHffDr/kN z/8AXu3/AKGlNp3w6/5Dc/8A17t/6GlNryc0+z8/0PDzn7Hz/QKKKK8k8MK4bUPE15/wk9roOlIs oDD7QSM4B5IB7bV5+vFUfE2v+IfDuqG42LNpsq7YxgAK+3u3XOecdCP0k8BaRJFbS69e5a5viSCe uwnOf+BHn6YryauLdSqqFO6aevov8zxa2NlVrLD0rpp6+i/zPQ6KKK9Y9oK6fXf+QdpX/XL/ANlS uYrp9d/5B2lf9cv/AGVK6aXwT+X5nXR/h1Pl+ZzFFFFcxyBRRXkviHxJ4l0O9vbS6AeC5DfZnAA2 AngggckDqD356deXF4uNGPNJaHHjcbGhHnmnY6G08TXmpeK30qwRXsbdWEr45yB1B/3sAevWu5rj /BWh/wBj6Ssky4ubvDyZ6gfwr+A6+5NdhU4FVPZ81R6vX08icuVT2fNVer19PIKKKK7DuOq8Pf8A Hjqf/XMfyasmtbw9/wAeOp/9cx/Jqya+hwP8Jf11Pqst/gx+f5hRRRXWdwUUUUAFFFFABXQeI/8A j+T/AK5j+Zrn66DxH/x/J/1zH8zQBz9FFFABRRRQAUUUUAFW7D/j+t/+uifzFVKt2H/H9b/9dE/m KAPSawfE3/IHk/66Qf8Ao1K3qwfE3/IHk/66Qf8Ao1KAP//X/ejQ/wDkCaf/ANe8X/oArUrL0P8A 5Amn/wDXvF/6AK1KAPhbwb4n0zwvcT3d/o0WrSvs8oyPt8rbnJAKsCTkc9Rj3r1j/hfzY2/2EMdM faf/ALVXP/8ACz/CP/Qi2P5xf/GKP+Fn+Ef+hFsfzi/+MUAcR4z8UaZ4puYbyx0ePSpV3+aY33eb uxgkBVAIweepzz0r6UryL/hZ/hH/AKEWx/OL/wCMV77/AGvY/wDQOj/T/wCJoA5+kZVYYYAj3rof 7Xsf+gdH+n/xNH9r2P8A0Do/0/8AiaAOdZVcbXAYehp1dB/a9j/0Do/0/wDiaP7Xsf8AoHR/p/8A E0Ac8yqw2sMg9jSFVZdhAK+naui/tex/6B0f6f8AxNH9r2P/AEDo/wBP/iaAOdZVYbWAI9DTq6D+ 17H/AKB0f6f/ABNH9r2P/QOj/T/4mgDn6QqpIYgEjofSuh/tex/6B0f6f/E0f2vY/wDQOj/T/wCJ oA5+m7V3b8DdjGe+K6L+17H/AKB0f6f/ABNH9r2P/QOj/T/4mgDn6OnAroP7Xsf+gdH+n/xNH9r2 P/QOj/T/AOJoA5+iug/tex/6B0f6f/E0f2vY/wDQOj/T/wCJoA5+rlhZvfXKwrwOrH0Fan9r2P8A 0Do/0/8Aia1NK1K0nmaGO3W2ZhkbcfNj6AUAbscaRRrFGNqqMAV5dXqlebfaIf8An1j/ADf/AOLo AqUVb+0Q/wDPrH+b/wDxdH2iH/n1j/N//i6AKlFW/tEP/PrH+b//ABdH2iH/AJ9Y/wA3/wDi6AKl FW/tEP8Az6x/m/8A8XR9oh/59Y/zf/4ugCpXQax/x46d/wBc/wCi1lfaIf8An1j/ADf/AOLp3ivV n06z0sx28Ugljbh9+FwE6bWHr3zQBSormP8AhKZ/+fK3/wDIv/xyj/hKZ/8Anyt//Iv/AMcoA6ei uY/4Smf/AJ8rf/yL/wDHKP8AhKZ/+fK3/wDIv/xygDp6K5j/AISmf/nyt/8AyL/8co/4Smf/AJ8r f/yL/wDHKAOnroPDn/H8/wD1zP8AMV5x/wAJTP8A8+Vv/wCRf/jldd4L1qXUdUlge3iiCws2U354 ZRj5mYY59KAPPKK6vZp//PhF/wB9S/8AxdGzT/8Anwi/76l/+Lr5my7n2H/EQcD2l9y/zOUorq9m n/8APhF/31L/APF0bNP/AOfCL/vqX/4uiy7h/wARBwPaX3L/ADOUorq9mn/8+EX/AH1L/wDF0bNP /wCfCL/vqX/4uiy7h/xEHA9pfcv8zlKK6vZp/wDz4Rf99S//ABdGzT/+fCL/AL6l/wDi6LLuH/EQ cD2l9y/zOUr1zxH/AMfyf9cx/M1x2zT/APnwi/76l/8Ai67fX5Y0vEDQpIfLHLFs9T6MK9PLre9Z 9jx814goY/l9in7t7387eb7HM0Vb+0Q/8+sf5v8A/F0faIf+fWP83/8Ai69M8cqUVb+0Q/8APrH+ b/8AxdH2iH/n1j/N/wD4ugCpRVv7RD/z6x/m/wD8XR9oh/59Y/zf/wCLoAqV0Gj/APHjqP8A1z/o 1ZX2iH/n1j/N/wD4utvSpY2s78rCiBY+QC2Dw3XLH9MUAczRVv7RD/z6x/m//wAXR9oh/wCfWP8A N/8A4ugCpRVv7RD/AM+sf5v/APF0faIf+fWP83/+LoAqUVb+0Q/8+sf5v/8AF0faIf8An1j/ADf/ AOLoAqUVb+0Q/wDPrH+b/wDxdH2iH/n1j/N//i6ANXxH/wAfyf8AXMfzNc/XTa/LGl4gaFJD5Y5Y tnqfRhWJ9oh/59Y/zf8A+LoAqUVb+0Q/8+sf5v8A/F0faIf+fWP83/8Ai6AKlFW/tEP/AD6x/m// AMXR9oh/59Y/zf8A+LoAqUVb+0Q/8+sf5v8A/F0faIf+fWP83/8Ai6ANXR/+PHUf+uf9Grn66Czu VTS9UnjhRTFCWx82GwrHBy2cfQivOP8AhKZ/+fK3/wDIv/xygDp6K5j/AISmf/nyt/8AyL/8co/4 Smf/AJ8rf/yL/wDHKAOnormP+Epn/wCfK3/8i/8Axyj/AISmf/nyt/8AyL/8coA6eiuY/wCEpn/5 8rf/AMi//HKP+Epn/wCfK3/8i/8AxygDp66DxH/x/J/1zH8zXnH/AAlM/wDz5W//AJF/+OV13jTW pdO1SKBLeKUNCrZffnlmGPlZRjj0oAgormP+Epn/AOfK3/8AIv8A8co/4Smf/nyt/wDyL/8AHKAO normP+Epn/58rf8A8i//AByj/hKZ/wDnyt//ACL/APHKAOnormP+Epn/AOfK3/8AIv8A8co/4Smf /nyt/wDyL/8AHKAOnormP+Epn/58rf8A8i//AByj/hKZ/wDnyt//ACL/APHKAPR7f/kXrr/roP5r XP1PZ61LJ4OvtQNvEGimC7Bv2HmPk/Nuzz2Ncj/wlM//AD5W/wD5F/8AjlAHT0VzH/CUz/8APlb/ APkX/wCOUf8ACUz/APPlb/8AkX/45QB09Fcx/wAJTP8A8+Vv/wCRf/jlH/CUz/8APlb/APkX/wCO UAdPRXMf8JTP/wA+Vv8A+Rf/AI5R/wAJTP8A8+Vv/wCRf/jlAHZWH/H9b/8AXRP5irWt/wDITm/4 D/6CK5LSvEk0+qWcBtIFEk0a5HmZGWAyMuRn8Kv+KNflstcubVbWGQJs+Z/M3HKKedrgd/SgCzRX Mf8ACUz/APPlb/8AkX/45R/wlM//AD5W/wD5F/8AjlAHT0VzH/CUz/8APlb/APkX/wCOUf8ACUz/ APPlb/8AkX/45QB09Fcx/wAJTP8A8+Vv/wCRf/jlH/CUz/8APlb/APkX/wCOUAdPW2v/ACLN3/10 H80rz3/hKZ/+fK3/APIv/wAcrttI1I33ha8uZbeNdswXYu/afucnLE557Gsq/wAEvRmGJ/hy9Gc5 RV37VB/z5xfnJ/8AF0faoP8Anzi/OT/4uvm+Vdz5LkXf8ylUElrbTSRzTRI8kRyjMoJUn0J6fhWp 9qg/584vzk/+Lo+1Qf8APnF+cn/xdJwT3YnTi92vx/yKVFXftUH/AD5xfnJ/8XR9qg/584vzk/8A i6fKu4+Rd/zKVXdN/wCQja/9dU/9CFH2qD/nzi/OT/4uren3MLX9sotYlJlQZBkyPmHPL4q6cVzL UulBcy1/M5Txr/yM15/2z/8ARa1y1eva9ZabNq08lxZpLIduWLSAn5R/dcD9KyP7O0f/AKB8f/fc v/xyvpj7E84o68GvR/7O0f8A6B8f/fcv/wAco/s7R/8AoHx/99y//HKAPNIoYYE8uCNY164UADJ9 hUlej/2do/8A0D4/++5f/jlH9naP/wBA+P8A77l/+OUAecUV6P8A2do//QPj/wC+5f8A45R/Z2j/ APQPj/77l/8AjlAFvwr/AMije/8AXx/SOm1v6fHa2vh+5FvbokfmglMuQT8vPLE/rWX9oh/59Y/z f/4ugCpRVv7RD/z6x/m//wAXR9oh/wCfWP8AN/8A4ugCpRVv7RD/AM+sf5v/APF0faIf+fWP83/+ LoAqUVb+0Q/8+sf5v/8AF0faIf8An1j/ADf/AOLoAqVq6J/yE4f+Bf8AoJqr9oh/59Y/zf8A+LrS 0eaN9RhVYEQndyC+R8p9WIoA841n/kMX3/XeX/0I1m13GpLY/wBoXW+yidvNfJLS5J3HnhwPyqls 0/8A58Iv++pf/i6+bmlzPU+tp8eYKEVBqWmmy/zOUorq9mn/APPhF/31L/8AF0bNP/58Iv8AvqX/ AOLqbLuX/wARBwPaX3L/ADOUorq9mn/8+EX/AH1L/wDF0bNP/wCfCL/vqX/4uiy7h/xEHA9pfcv8 zlKK6vZp/wDz4Rf99S//ABdGzT/+fCL/AL6l/wDi6LLuH/EQcD2l9y/zOitP+RQsf+ujf+hPWdVz U78ab4Uspre2jKtMVCMXKjO85HzBs8dzXGf8JTP/AM+Vv/5F/wDjlfQ0Pgj6HyuIxEa1SVWO0m2v nqdPRXMf8JTP/wA+Vv8A+Rf/AI5R/wAJTP8A8+Vv/wCRf/jlamJ09Fcx/wAJTP8A8+Vv/wCRf/jl H/CUz/8APlb/APkX/wCOUAdPRXMf8JTP/wA+Vv8A+Rf/AI5R/wAJTP8A8+Vv/wCRf/jlAHeaJ/yE 4f8AgX/oJry/XP8AkN6h/wBfEv8A6Ga7Lwvr8t7rltatawxh9/zJ5m4YRjxucjt6Vb1Cw0p7+5eS xjd2lcli0uSSxyeHA/KgDy2ivR/7O0f/AKB8f/fcv/xyj+ztH/6B8f8A33L/APHKAPNnRJFKOoZW GCCMgikjjjiQRxKEReAFGAPoK9K/s7R/+gfH/wB9y/8Axyj+ztH/AOgfH/33L/8AHKAPOKK9H/s7 R/8AoHx/99y//HKP7O0f/oHx/wDfcv8A8coA84rvtQ/5J9pn/Xw385as/wBnaP8A9A+P/vuX/wCO Voa81rZ+ErIJaRvEJ8CNjJtGfMOQQ4bP1PegDyiitX+0LT/oGW//AH1P/wDHaP7QtP8AoGW//fU/ /wAdoAyqiMEJlE5jXzQMB8Ddj0z1ra/tC0/6Blv/AN9T/wDx2j+0LT/oGW//AH1P/wDHaAMqitX+ 0LT/AKBlv/31P/8AHaP7QtP+gZb/APfU/wD8doAyq6nwV/yM1n/20/8ARbVl/wBoWn/QMt/++p// AI7XR+Eby3l8Q2kcdjDCx8z50MpYfI3TdIw/SgDN1n/kMX3/AF3l/wDQjWbXcaktj/aF1vsonbzX yS0uSdx54cD8qpbNP/58Iv8AvqX/AOLr5uaXM9T62nx5goRUGpaabL/M5Siur2af/wA+EX/fUv8A 8XRs0/8A58Iv++pf/i6my7l/8RBwPaX3L/M5Siur2af/AM+EX/fUv/xdGzT/APnwi/76l/8Ai6LL uH/EQcD2l9y/zOUorq9mn/8APhF/31L/APF0bNP/AOfCL/vqX/4uiy7h/wARBwPaX3L/ADOUr1S9 /wCQPpH/AFwX/wBBWuW2af8A8+EX/fUv/wAXW34m1RtM0/SPJt4nWSI8PvwoVUwBhge/fNehl1uZ 2Z5Wa8SYfHRUKKd13X/BKtFcx/wlM/8Az5W//kX/AOOUf8JTP/z5W/8A5F/+OV6x4h09Fcx/wlM/ /Plb/wDkX/45R/wlM/8Az5W//kX/AOOUAdPRXMf8JTP/AM+Vv/5F/wDjlH/CUz/8+Vv/AORf/jlA HT10Hhz/AI/n/wCuZ/mK84/4Smf/AJ8rf/yL/wDHK67wXrUuo6pLA9vFEFhZspvzwyjHzMwxz6UA QUVzH/CUz/8APlb/APkX/wCOUf8ACUz/APPlb/8AkX/45QB09Fcx/wAJTP8A8+Vv/wCRf/jlH/CU z/8APlb/APkX/wCOUAdPRXMf8JTP/wA+Vv8A+Rf/AI5R/wAJTP8A8+Vv/wCRf/jlAHT0VzH/AAlM /wDz5W//AJF/+OUf8JTP/wA+Vv8A+Rf/AI5QBv8Ajz/jx0X/AK5v/KOvN69m1VLS/wBL0me8tklL QhgMuAu5UJA2sDj6k1gf2do//QPj/wC+5f8A45QB5xRXo/8AZ2j/APQPj/77l/8AjlH9naP/ANA+ P/vuX/45QB5msEKSNMkarI/DMAMnHqalr0f+ztH/AOgfH/33L/8AHKP7O0f/AKB8f/fcv/xygDzi ivR/7O0f/oHx/wDfcv8A8co/s7R/+gfH/wB9y/8AxygCt8Ov+Q3P/wBe7f8AoaU2uu8MWlhBfyPa 2qQOYiCys5ONy8fMzCue+1Qf8+cX5yf/ABdeXma+HXueLnCvy69/0KVFXftUH/PnF+cn/wAXR9qg /wCfOL85P/i68rlXc8XkXf8AMzJ7eC6iMFzGs0bdVcBlP1B4qVVVFCIAFUYAHAAFXvtUH/PnF+cn /wAXR9qg/wCfOL85P/i6XIt7i9nG97r8f8ilRV37VB/z5xfnJ/8AF0faoP8Anzi/OT/4unyruPkX f8ylXT67/wAg7Sv+uX/sqVi/aoP+fOL85P8A4uui1maNLDTGaBHDRZAJfC/KvAwwP55ropRXJPXt +Z00Yr2c9e35nIUVd+1Qf8+cX5yf/F0faoP+fOL85P8A4uuflXc5uRd/zKVQT2ttdBVuYkmCEMA6 hsEdCM961PtUH/PnF+cn/wAXR9qg/wCfOL85P/i6Tgno2J04vRtfj/kUqKu/aoP+fOL85P8A4uj7 VB/z5xfnJ/8AF0+Vdx8i7/mUqKu/aoP+fOL85P8A4uj7VB/z5xfnJ/8AF0cq7hyLv+Zu+Hv+PHU/ +uY/k1ZNa+l3SJperTx28aGKEtgFyGwrnByxOPoRXA/8JTP/AM+Vv/5F/wDjle/gl+6R9Ply/cx/ rqdPRXMf8JTP/wA+Vv8A+Rf/AI5R/wAJTP8A8+Vv/wCRf/jldR2nT0VzH/CUz/8APlb/APkX/wCO Uf8ACUz/APPlb/8AkX/45QB09Fcx/wAJTP8A8+Vv/wCRf/jlH/CUz/8APlb/APkX/wCOUAdPXQeI /wDj+T/rmP5mvOP+Epn/AOfK3/8AIv8A8crrvGmtS6dqkUCW8UoaFWy+/PLMMfKyjHHpQBBRXMf8 JTP/AM+Vv/5F/wDjlH/CUz/8+Vv/AORf/jlAHT0VzH/CUz/8+Vv/AORf/jlH/CUz/wDPlb/+Rf8A 45QB09Fcx/wlM/8Az5W//kX/AOOUf8JTP/z5W/8A5F/+OUAdPVuw/wCP63/66J/MVxv/AAlM/wDz 5W//AJF/+OVf0rxJNPqlnAbSBRJNGuR5mRlgMjLkZ/CgD2ysHxN/yB5P+ukH/o1K3qwfE3/IHk/6 6Qf+jUoA/9D96ND/AOQJp/8A17xf+gCtSsvQ/wDkCaf/ANe8X/oArUoA/OOvTD8JvFy6CdfZIggi 87yd587ZjOduNucc43Z7YzxXmqFQ6lxuUEZHTIr71fXtHPhQ+IWLHTja+bj+IoV+71+9269aAPgi vsivjhiCxKjAzwK+x6AOWs/Gvhe+1HX9Kg1BBc+F2jXUhIGjS282EXCFncKhBiYMSpIHcggiofA/ jzwr8R9BXxP4MvG1DSpJJIo7gwTQpKYjtZo/ORDImcgOmUJBwTg1+evxU8E/FPxr8Q/jNH4TaC+8 NaTqGhX+p6Ihlju9dWCwgeSxE0ZzHG0QbAClnfC9OnaeP/ilP4+1D4V6H8I7lrbwb4j029uktrPV h4dkmlsfJjSyF1FHI8bW4Zt0EJUnBydq4J0Xd20+V7vy3t+INNfj/wAN66q/9W/QWszUda0nSZbG DU7uO2l1OcWtqrsA005RpPLQd22IzYHZSegr8/vBl78SvHc3gLwRrvji7Wyk1TxHbXF3pGpGS5ur CwiiaGCa+jhiEk0cjeW80SKSoJVg5Jou9Pn1C18D6Z4u8XatJB4b+I2p6NBfS6i0E7W0dtd+R58w 2mSUFVjEjfOQzLn5yKtQvJR72fybiv8A25fj81UfLBy9V80pP/21/h8vvDVvF/h3Qtc0Tw3qt39n 1HxFJPFYRlHYTPbxGaRd6qUUhAWG4jOOMnis7R/iL4L17xjrvw/0nU1uNf8ADSQPqFqEkUwLcrvi O9lCPlSCdjNtyA2Ca8t/aTjXSvBuj/EcF1bwDrWn6zI0Y3N9jSTyL0YGSR9lmlJA5OK+NNS1fVPh f4b0X9py0tGGqfEoeIoLjCs8rnWFa50FTgZxH9mijGeFEh96yjJu+m1/vsuX/wACd18jRw2t5fLf mfySX3n6WeEPGPhvx7oFv4p8JXg1DSrppUinCPGrmCRon2iRVJAdGAOMNjIJBBrTl1nSodXt9Alu o11K7hluIrcsPMeGBkWRwvXarSICfVhXwH4wsL3wbceHfgxompauYvB3hK2uLqKy1mHwzYwnMkTX 9zfhzcSZaM5jWJ40++wJOBkfD3WbjxRqPwn+JHifxfdw6zceB9ck+0Ndt5ElxY3NqAXgjwJiQzNM gXMhiUsMoMXUsryWyb/BS1/8l/rW0R1aS3dvx5dP/Ju3y2v+k1Fflx4X+J3xB8A6fLe3+qapquva x4W1XUNNuE1hfEGjavcWVt9p+1pbyLHcWBUniERrGwIj+8K3fh34k+Jul6v4Y1CfxK0tv4r0bULm 8ju/Eh1p71o7R7hLmyt1t0W0MUpwwjZYwmEwWANTVfJFyfRX/wDSv/kX5+W9iFpNLv8A8D/Nf1a/ 6VUV8NfDCz8X+HtS+Cnia98aa1rc/j6wkGr29/dm4tJGbS2vY2hhYBYTG6BQYwGccuWYsT9y1tWp OEnF7r9GTF3SfcKKKKyKCiiigApyO8brIhwynIPuKbRQB6Np96t9bLKOGHDD0Nec103hyGfzJJwc RY2n/aP/ANauZoAKKKKACiiigAooooAKr+PP+PHRf+ub/wAo6sVX8ef8eOi/9c3/AJR0Aeb0UUUA FV7u6israS6mOEjGT7+341FqM11b2Us1nGJZkGVU9+ef0rgbvVrnxIbXTIU8tmOZMdMjv9AOaAO0 0XUpNVszdSReV8xUc5BA7/0rXqG2t4rWCO2hGEjAA/CpqACu++HX/Ibn/wCvdv8A0NK4Gu++HX/I bn/692/9DSgBtFFFfJnw4UUVz/ibUtS0rTDe6bAs7xsN4bJCpzlsAg+n86zq1FCLk+hnWqqEXOWy LGu6xDoemy6hMNxXhFzjcx6D/H2p+iahLqul2+oTQ+Q0wJ25zxkgEexHIry2W+l8f61Z2aI0Nnbr vlHof4jkevCj869lREjRY4wFVQAAOgA6CuLCYiVapKcX7i0Xm+55+CxUq9SU4v3FovN9X+g6iiiv RPUCu08R/wDH8n/XMfzNcXXaeI/+P5P+uY/ma9bK/tfL9T3Mm+38v1Ofooor1j3AooooAKKKKACu g0f/AI8dR/65/wBGrn66DR/+PHUf+uf9GoA5+iiigAooooAKKKKACiiigDoPEf8Ax/J/1zH8zXP1 0HiP/j+T/rmP5mufoAKKKKACiiigAooooA1rX/kCaz/17t/6A9eM17Na/wDIE1n/AK92/wDQHrxm gAooooAKwF1wS61/ZMEW9VB3uD0IGenp2+tZGoeJr2wuLq0ubcIQD5LD9Cc9fXj6Vd8Laa1raG9n H766+bJ6he359aAOpooooAK774i/8huD/r3X/wBDeuBrvviL/wAhuD/r3X/0N6AOBooooAKKK87v vE98Le50+5g8m6J2grnAU9fxx0IoA6XTtcGpajcWkMWYYRxJnqQcfr2rfrE0DTP7M09Y3GJpPmf6 nt+FbdABRRRQB32n/wDJPtT/AOvhf5xVwNd9p/8AyT7U/wDr4X+cVcDQAUUUUAFYGna4NS1G4tIY swwjiTPUg4/XtXNX3ie+Fvc6fcweTdE7QVzgKev446EV1OgaZ/ZmnrG4xNJ8z/U9vwoA26KKKANX Q/8AkN6f/wBfEX/oYrU8a/8AIzXn/bP/ANFrWXof/Ib0/wD6+Iv/AEMVqeNf+RmvP+2f/otaAOWo oooAKxtb1dNIthLt3yOcKucZ9T9BUWu6neaXHFcW8Ili3fvCc8Dt06Z9a5y0LeJdc+1upFpagYU/ oD9TyfbigDu7eVpreOZ08tnUMVPYkZxU1FFABXpvhz/kTL7/AK+P/jdeZV6b4c/5Ey+/6+P/AI3W WI/hy9GYYr+FL0ZnUUUV8wfHBRRXjuqeONVFpe6Re2v2a+ZvLUpnAU9epJzjoRwc5rkxeNhRV5nF jcfToK8+p2ujeKBrWs3en20Gba2HEwP3iDjp784+ldbXMeEtDGh6SkUgxcTfPKf9o9F/AcfXNdPV YP2ns06u7/qxWB9p7JOr8T19PL5BV3Tf+Qja/wDXVP8A0IVSq7pv/IRtf+uqf+hCuyn8SO+l8SNz W/8AkJzf8B/9BFZVaut/8hOb/gP/AKCKyq+pPtAooooAKKKKACiiigDoLf8A5F66/wCug/mtc/XQ W/8AyL11/wBdB/Na5+gAooooAKKKKACiiigArV0T/kJw/wDAv/QTWVWron/ITh/4F/6CaAMPUv8A kI3X/XV//QjVKrupf8hG6/66v/6EapV8tU+JnxdX4mFFFcX4l8S33h6+tWa1EmnyDDyDO4Nk8DnA wOeRzXNXrxpx5p7HJiMRGlHnnsWPEvihdCktrWCH7Tc3LcRg4O3OPQ8k8CusHTnivKfCtvN4j165 8U3q/uom2wqegOOP++R+pzXq1c+BrTqc1R/C9vTv8zly+vOrzVX8Lei8l1+YUUUV3Homj4j/AORM sf8Ar4/+OV5lXpviP/kTLH/r4/8AjleZV9Ph/wCHH0R9jhf4UfRBRRUU7SpBI8C75FUlVPGTjgVq bj3dIkaSQ7VUEknsBWJoustq5uGEPlxxMArZzuz/AF/xrkb7xBe6naDSvJ8u6kfY4HAIzwMHkc9a 7zTLGPTbKO0T+EfMfVj1NAF+iiigDqfBX/IzWf8A20/9FtXZX/8Ax/XH/XR/5muN8Ff8jNZ/9tP/ AEW1dlf/APH9cf8AXR/5mgCpRRRQAUUUUAFFFFABTvFX/Io2X/Xx/SSm07xV/wAijZf9fH9JKAPL aKKKACmu6RI0kh2qoJJPYCmTtKkEjwLvkVSVU8ZOOBXnN94gvdTtBpXk+XdSPscDgEZ4GDyOetAH XaLrLaubhhD5ccTAK2c7s/1/xrdqhpljHptlHaJ/CPmPqx6mr9ABXU+Cv+Rms/8Atp/6LauWrqfB X/IzWf8A20/9FtQB0Gpf8hG6/wCur/8AoRqlV3Uv+Qjdf9dX/wDQjVKvlqnxM+Lq/EwoorM1i5vr TTJ7nTYRPcRrlUOcHnngYJwOcd6ynLlTkzCpNRi5PoT6hfQabZTX1ycRwqWPv6Ae5PArK8M63Nr+ nG/lt/s/zsqjOQwHcdPp+FeZ6hr9740NhodvH5Du2Z8fdyO477QMnB/pXsllaQWFpFZWy7Y4VCqP p/U15+GxTrVXKD9xfi/+AeZhMY69Vypv3Evvb/yLNFFFekesFWfHH/IO0P8A65N/6DHVarPjj/kH aH/1yb/0GOvUyz4mezk/xSPOqKKK9g98Kr3d1FZW0l1McJGMn39vxqLUZrq3spZrOMSzIMqp788/ pXA3erXPiQ2umQp5bMcyY6ZHf6Ac0AdpoupSarZm6ki8r5io5yCB3/pWvUNtbxWsEdtCMJGAB+FT UAFd98Ov+Q3P/wBe7f8AoaVwNd98Ov8AkNz/APXu3/oaUAcDRRRQAUUVymp+ILrStQaG4t82zLlG HUnHr068Y/GgC5e64LfVLfS4IvOeQjeQfug//W5PtW/XF+FrOSd5tbu+ZJyQmfTuR/IV2lABRRRQ B7Ndf8gTRv8Ar3X/ANASsmta6/5Amjf9e6/+gJWTQAUUUUAFFFFABRRRQB0Hhz/j+f8A65n+Yri6 7Tw5/wAfz/8AXM/zFcXXk5p9n5/oeHnP2Pn+gUUUV5J4YVyWp+KBZ69aaFawfaJJivmEHGwN/gOT 7Vm654vvtA1hre7sw1k6Zidc7mbHrnHXgjGR1qn4E02a6luPFGofNPdMwjz6Z+Zh+PA9hXl1ca51 FRpb318kv8zx62PdSoqFF+9fXTZL/Poel0UUV6h7AV0+u/8AIO0r/rl/7KlcxXT67/yDtK/65f8A sqV00vgn8vzOuj/DqfL8zmKKKK5jkCiivMNX8b6lpN5f6feWgjYA/ZnXPOThWbJwRjnjHPFc2Jxc KK5p7HJi8bToJSqbHRJ4oE/if/hH7WDzUQN5koP3WUZPHoDgfWutrhPAmitYacdTuhm5vvnJPUJ1 H59T+Fd3UYKVSUOepu9fRdERl86kqfPV3etuy6IKKKK7DuOg0z/kCa3/ANe7f+gPXkdeuaZ/yBNb /wCvdv8A0B68jr6HA/wl/XU+qy3+DH5/mFFFFdZ3BWAuuCXWv7Jgi3qoO9wehAz09O31rI1DxNe2 FxdWlzbhCAfJYfoTnr68fSrvhbTWtbQ3s4/fXXzZPUL2/PrQB1NFFFABXffEX/kNwf8AXuv/AKG9 cDXffEX/AJDcH/Xuv/ob0AcDRRRQAVXu7qKytpLqY4SMZPv7fjUWozXVvZSzWcYlmQZVT355/SuB u9WufEhtdMhTy2Y5kx0yO/0A5oA7TRdSk1WzN1JF5XzFRzkEDv8A0rXqG2t4rWCO2hGEjAA/CpqA CtXQ/wDkN6f/ANfEX/oYrKrV0P8A5Den/wDXxF/6GKAPo+sHxN/yB5P+ukH/AKNSt6sHxN/yB5P+ ukH/AKNSgD//0f3o0P8A5Amn/wDXvF/6AK1Ky9D/AOQJp/8A17xf+gCtSgD4W8G3/g3Trie48XWM 9/jZ5CRY2A87i4LLntjqOuR0r27/AIXJ4C+wf2V/ZFx9i27PJ8mHy9vpt34xXE/258D/APoXr7/v tv8A5Io/tz4H/wDQvX3/AH23/wAkUAcR4zv/AAbqVzDc+EbGewzv89JdoQnjaUAZsd8jgdMDrX0p XkX9ufA//oXr7/vtv/kivfftHh7/AJ9ZPzP/AMXQBx1rpGk2N7e6lY2UFvd6kyPdTRxqkk7RoI0a VwAXKoAoLE4AAHFcpe/Cz4ZajplzouoeEdIuNPvLtr+e3ksIGhlvHGGuHQptaVhwZCNx7mvXPtHh 7/n1k/M//F0faPD3/PrJ+Z/+LoGnY8/sPCfhbSo9Ni0vRrKzTRkeKxWG3jjFpHIAHWAKo8tWAAYL gHHNU9T8B+Bta06fR9Y8O6dfWFzcm9lt57SGWGS6Y5M7IylTITyXI3H1r0z7R4e/59ZPzP8A8XR9 o8Pf8+sn5n/4unfW4uljktR03TtX0+40nVrWK9sbyNoZ4J0WSKWNxtZHRgVZWBwQRgiqNz4Z8N3u m2mjXmlWk+n2DQvb20kEbQwtbEGFo4yCqGMgFCANuBjGK7v7R4e/59ZPzP8A8XR9o8Pf8+sn5n/4 ukB5f4j+HvgHxhe2ep+LfDem61d6f/x7TXtnDcSQ87v3bSKxXkA8d+aRPh38P4m0to/DOmIdEllm sCtlCPsks7b5Xgwn7tpG+ZimCx5PNeo/aPD3/PrJ+Z/+Lo+0eHv+fWT8z/8AF0LTYGeV+Hfhv8Pf CGo3Wr+FPDGmaNfXoInuLKzht5ZQx3EO8aqzAnkgnrzTNE+Gfw48M3l7qPhzwrpWl3WpKyXUtrZQ QyTo5yyyMiAuGPJByCeter/aPD3/AD6yfmf/AIuj7R4e/wCfWT8z/wDF0AcPF4e0CFdMSHTLWNdF XbYBYUAtF8sxYgwP3Y8slMJj5fl6cVsV0H2jw9/z6yfmf/i6PtHh7/n1k/M//F0229WBz9FdB9o8 Pf8APrJ+Z/8Ai6PtHh7/AJ9ZPzP/AMXSA5+iug+0eHv+fWT8z/8AF0faPD3/AD6yfmf/AIugDn6s WttJdzrBH1bv6Dua2PtHh7/n1k/M/wDxda2kzaU8rrYxmJyOd3Uj25NAGxbwR20KwRDCoMV5jXql ebb7H/nlJ/38H/xFAFSire+x/wCeUn/fwf8AxFG+x/55Sf8Afwf/ABFAFSire+x/55Sf9/B/8RRv sf8AnlJ/38H/AMRQBUoq3vsf+eUn/fwf/EUb7H/nlJ/38H/xFAFSq/jz/jx0X/rm/wDKOtPfY/8A PKT/AL+D/wCIq54isLC+s9N+1LLhIzsCOqkAheuUOentQB4xRXe/2Don9y4/7+p/8bo/sHRP7lx/ 39T/AON0AcFVKLTrKC5kvIYQs0nDMO/4dK9K/sHRP7lx/wB/U/8AjdH9g6J/cuP+/qf/ABugDgqK 73+wdE/uXH/f1P8A43R/YOif3Lj/AL+p/wDG6AOCrvvh1/yG5/8Ar3b/ANDSk/sHRP7lx/39T/43 XTeFNM06y1GSW0WUOYip3urDG5T0CLz+NAHMUVB/a2nf8+kv/f8AX/43R/a2nf8APpL/AN/1/wDj dfL+z8zj/wBScy/59/iv8yeggEYNQf2tp3/PpL/3/X/43R/a2nf8+kv/AH/X/wCN0ez8xf6k5l/z 7/Ff5lPT9H0zS3mfT7dYWnOXxnn8+g9hxWnUH9rad/z6S/8Af9f/AI3R/a2nf8+kv/f9f/jdTChG KtGyJhwNmEVaNJJesf8AMnoqD+1tO/59Jf8Av+v/AMbo/tbTv+fSX/v+v/xuq9n5l/6k5l/z7/Ff 5k9dp4j/AOP5P+uY/ma4T+1tO/59Jf8Av+v/AMbrqPF+sW2n6nFDNbPMWhVsrIEGCzDGCjenrXqZ bG3Nr2NqOSYnB3+sRtzbap7enqUqKwv+Ensf+fGT/v8Aj/43R/wk9j/z4yf9/wAf/G69Q2N2isL/ AISex/58ZP8Av+P/AI3R/wAJPY/8+Mn/AH/H/wAboA3aKwv+Ensf+fGT/v8Aj/43R/wk9j/z4yf9 /wAf/G6AN2ug0f8A48dR/wCuf9Grgv8AhJ7H/nxk/wC/4/8AjddV4f1i2u9M1eaO2eMW8O5gZAxY bXOAdgx09DQBSorC/wCEnsf+fGT/AL/j/wCN0f8ACT2P/PjJ/wB/x/8AG6AN2isL/hJ7H/nxk/7/ AI/+N0f8JPY/8+Mn/f8AH/xugDdorC/4Sex/58ZP+/4/+N0f8JPY/wDPjJ/3/H/xugDdorC/4Sex /wCfGT/v+P8A43R/wk9j/wA+Mn/f8f8AxugDvfEf/H8n/XMfzNc/XTa+1sLxPOR2PljlXCjGT6qa xN9j/wA8pP8Av4P/AIigCpRVvfY/88pP+/g/+Io32P8Azyk/7+D/AOIoAqUVb32P/PKT/v4P/iKN 9j/zyk/7+D/4igCpRVvfY/8APKT/AL+D/wCIo32P/PKT/v4P/iKALdr/AMgTWf8Ar3b/ANAevGa9 ysFtZ9O1KJUdUeIq3zgkgqw4O0YP4GuK/sHRP7lx/wB/U/8AjdAHBUV3v9g6J/cuP+/qf/G6P7B0 T+5cf9/U/wDjdAHmt5p9lfhBeRCTYcjORj8v5VdAAGBXe/2Don9y4/7+p/8AG6P7B0T+5cf9/U/+ N0AcFRXe/wBg6J/cuP8Av6n/AMbo/sHRP7lx/wB/U/8AjdAHBV33xF/5DcH/AF7r/wChvSf2Don9 y4/7+p/8brpvFemade6jHLdrKXEQUbHVRjcx6FG5/GgDxyiu9/sHRP7lx/39T/43R/YOif3Lj/v6 n/xugDgqpT6dZXM8d1PCHli5Vj2/x/GvSv7B0T+5cf8Af1P/AI3R/YOif3Lj/v6n/wAboA4Kiu9/ sHRP7lx/39T/AON0f2Don9y4/wC/qf8AxugDgqK73+wdE/uXH/f1P/jdH9g6J/cuP+/qf/G6AF0/ /kn2p/8AXwv84q4GvWXtdOsPBt/GkcrQGVWZTIu8ktGOG2YA6fwmvO/O0T/n0uP/AAIT/wCM0AZV FavnaJ/z6XH/AIEJ/wDGaPO0T/n0uP8AwIT/AOM0Ac7Pp1lczx3U8IeWLlWPb/H8au1q+don/Ppc f+BCf/GaPO0T/n0uP/AhP/jNAGVRWr52if8APpcf+BCf/GaPO0T/AJ9Lj/wIT/4zQAaH/wAhvT/+ viL/ANDFanjX/kZrz/tn/wCi1pmjS6QdXsRFbTq5ni2kzqQDuGCR5QyPbIrS8XSaWviG7FzbzPJ+ 7yUmVFPyLjAMbEce9AHD0Vq+don/AD6XH/gQn/xmjztE/wCfS4/8CE/+M0AZDokiGOQBlYYIPQg1 Ws7G0sIjDaRiNCckDJ5Pua6DztE/59Lj/wACE/8AjNHnaJ/z6XH/AIEJ/wDGaAMqitXztE/59Lj/ AMCE/wDjNHnaJ/z6XH/gQn/xmgDKr03w5/yJl9/18f8AxuuH87RP+fS4/wDAhP8A4zXe6NcWMXg6 +mhgkEKzjKNKpYn93yGCAAdONp/wyr/BL0JlQlVTpw3ei9WZNFQf2tp3/PpL/wB/1/8AjdH9rad/ z6S/9/1/+N1857PzOX/UnMv+ff4r/MnrMutG0y+u4b66t1kntzlGOcjHIzjrjtnNXP7W07/n0l/7 /r/8bo/tbTv+fSX/AL/r/wDG6mdCMlaVmRPgbMJK0qSfzj/mT0VB/a2nf8+kv/f9f/jdH9rad/z6 S/8Af9f/AI3Vez8y/wDUnMv+ff4r/Mnq7pv/ACEbX/rqn/oQrL/tbTv+fSX/AL/r/wDG6vaZqdhJ qVpGlrKrNNGATMpAJYc48sZ/Orp0/eWoLgzMIvmlT0Xmv8zotb/5Cc3/AAH/ANBFZVbusNajUZhJ G7N8uSHAH3R22n+dZu+x/wCeUn/fwf8AxFfSnYVKKt77H/nlJ/38H/xFG+x/55Sf9/B/8RQBUoq3 vsf+eUn/AH8H/wARRvsf+eUn/fwf/EUAVKKt77H/AJ5Sf9/B/wDEUb7H/nlJ/wB/B/8AEUAatv8A 8i9df9dB/Na5+umga2/sK4IRxH5gyN4znK99v9KxN9j/AM8pP+/g/wDiKAKlFW99j/zyk/7+D/4i jfY/88pP+/g/+IoAqUVb32P/ADyk/wC/g/8AiKN9j/zyk/7+D/4igCpRVvfY/wDPKT/v4P8A4ijf Y/8APKT/AL+D/wCIoAqVq6J/yE4f+Bf+gmqu+x/55Sf9/B/8RWlo7Wp1GERxurfNglwR909to/nQ Bzepf8hG6/66v/6EapVsag9gL+5DwylvNfJEigZ3HtsNVPM07/nhL/39X/43XzNSK5nqfHVYLmev 5lKq13aW19bvaXcYlikGGU961vM07/nhL/39X/43R5mnf88Jf+/q/wDxus3BNWbMpUotWbX4/wCR kWVja6dbJZ2UYihj+6oyevPU8n8atVd8zTv+eEv/AH9X/wCN0eZp3/PCX/v6v/xuiNOKVk0EaUUr Jq39eRSoq75mnf8APCX/AL+r/wDG6PM07/nhL/39X/43T5V3K5F3/Mk8R/8AImWP/Xx/8crzKvV9 fexHhOyaaGRoTPwqyKrA/vOSxQgjrxgV5752if8APpcf+BCf/Ga+kofBH0R9bhv4cfRGVRWr52if 8+lx/wCBCf8AxmjztE/59Lj/AMCE/wDjNam5zp06yN4L8wj7QBjf/wDW6Z96u1q+don/AD6XH/gQ n/xmjztE/wCfS4/8CE/+M0AZVFavnaJ/z6XH/gQn/wAZo87RP+fS4/8AAhP/AIzQBqeCv+Rms/8A tp/6Lauyv/8Aj+uP+uj/AMzXOeEZNLbxDaC2t5kk/eYLzK6j5GzkCNSePeusvXs/tk+6KQnzGyRI AM5/3KAMuire+x/55Sf9/B/8RRvsf+eUn/fwf/EUAVKKt77H/nlJ/wB/B/8AEUb7H/nlJ/38H/xF AFSire+x/wCeUn/fwf8AxFG+x/55Sf8Afwf/ABFAFSneKv8AkUbL/r4/pJVnfY/88pP+/g/+IrQ1 S0sr7w7axzrIIhLuAVwGz845JUjHXtQB4pRXe/2Don9y4/7+p/8AG6P7B0T+5cf9/U/+N0AcFVI6 dZG8F+YR9oAxv/8ArdM+9elf2Don9y4/7+p/8bo/sHRP7lx/39T/AON0AcFRXe/2Don9y4/7+p/8 bo/sHRP7lx/39T/43QBwVdT4K/5Gaz/7af8Aotq1P7B0T+5cf9/U/wDjdbPh7SNLtdYt57ZZhIu/ G+RWXlSDkBAenvQBS1L/AJCN1/11f/0I1SqfU9TsI9Su43tZWZZpASJlAJDHnHlnH51R/tbTv+fS X/v+v/xuvmqlP3nqcb4MzCT5o09H5r/MnoqD+1tO/wCfSX/v+v8A8bo/tbTv+fSX/v8Ar/8AG6j2 fmH+pOZf8+/xX+ZTt9G0y1vpdSt7dY7mcYdxnn146DPfA5rTqD+1tO/59Jf+/wCv/wAbo/tbTv8A n0l/7/r/APG6mNCMdI2REOBswirRpJfOP+ZPRUH9rad/z6S/9/1/+N0f2tp3/PpL/wB/1/8AjdV7 PzL/ANScy/59/iv8yerPjj/kHaH/ANcm/wDQY6z/AO1tO/59Jf8Av+v/AMbrZ8XTWB03RZLmCV1e ElAkqoVBVOCSjZ/IV6WXRtJ6mtLIcVg/exEbJ+af5HmNFavnaJ/z6XH/AIEJ/wDGaPO0T/n0uP8A wIT/AOM16xuZVUotOsoLmS8hhCzScMw7/h0rovO0T/n0uP8AwIT/AOM0edon/Ppcf+BCf/GaAMqi tXztE/59Lj/wIT/4zR52if8APpcf+BCf/GaAMqu++HX/ACG5/wDr3b/0NK5bztE/59Lj/wACE/8A jNdr4Dk05tXmFpBLG/kNkvKrjG5eMCNeffNAHmtFavnaJ/z6XH/gQn/xmjztE/59Lj/wIT/4zQBl VVu7K1v4vIu4xImc4PHPsRyK3/O0T/n0uP8AwIT/AOM0edon/Ppcf+BCf/GaAMeKOOGNYolCogAA HQAU+tXztE/59Lj/AMCE/wDjNHnaJ/z6XH/gQn/xmgDKorV87RP+fS4/8CE/+M0edon/AD6XH/gQ n/xmgD1G6/5Amjf9e6/+gJWTW7cNa/2RpJaNyhgXaN4yBtXgnbyffArN32P/ADyk/wC/g/8AiKAK lFW99j/zyk/7+D/4ijfY/wDPKT/v4P8A4igCpRVvfY/88pP+/g/+Io32P/PKT/v4P/iKAKlFW99j /wA8pP8Av4P/AIijfY/88pP+/g/+IoA1fDn/AB/P/wBcz/MVxdd1oDWxvH8lHU+WeWcMMZHoorz7 +1tO/wCfSX/v+v8A8bry8yjfl17mNbJMTjLfV435d9Ut/X0J6Kg/tbTv+fSX/v8Ar/8AG6P7W07/ AJ9Jf+/6/wDxuvL9n5mP+pOZf8+/xX+ZBqGm2Oq25tdQhE0WQcHIwR3BGCPwNWYIYraFLeBQkcYC qo6ADoKb/a2nf8+kv/f9f/jdH9rad/z6S/8Af9f/AI3U+wjfm0uQuBswvzeyV/WP+ZPRUH9rad/z 6S/9/wBf/jdH9rad/wA+kv8A3/X/AON1Xs/Mv/UnMv8An3+K/wAyeun13/kHaV/1y/8AZUrkf7W0 7/n0l/7/AK//ABuuq1++tIdN0iSWB3WSHKgSBSo2pwTsOevoK6KUPcnr2/MpcJ46CdOUNZbarpr3 7HOUVB/a2nf8+kv/AH/X/wCN0f2tp3/PpL/3/X/43XP7PzJ/1JzL/n3+K/zJ6zdR0fTNWEa6jbrN 5R3LnIIP1GOPUdKt/wBrad/z6S/9/wBf/jdH9rad/wA+kv8A3/X/AON1M6EZK0rNET4GzCS5ZUk1 6x/zJgABgcAUtQf2tp3/AD6S/wDf9f8A43R/a2nf8+kv/f8AX/43Vez8yv8AUnMv+ff4r/MnoqD+ 1tO/59Jf+/6//G6P7W07/n0l/wC/6/8Axuj2fmP/AFJzL/n3+K/zOn0z/kCa3/17t/6A9eR17B4f ns7/AE7VokhkiQxBXzIGJDK44OwYP4Guc/sHRP7lx/39T/43XvYJWpI6aeBqYZexrK0l+upwVFd7 /YOif3Lj/v6n/wAbo/sHRP7lx/39T/43XUWea3mn2V+EF5EJNhyM5GPy/lV0AAYFd7/YOif3Lj/v 6n/xuj+wdE/uXH/f1P8A43QBwVFd7/YOif3Lj/v6n/xuj+wdE/uXH/f1P/jdAHBV33xF/wCQ3B/1 7r/6G9J/YOif3Lj/AL+p/wDG66bxXpmnXuoxy3aylxEFGx1UY3MehRufxoA8corvf7B0T+5cf9/U /wDjdH9g6J/cuP8Av6n/AMboA4KqUWnWUFzJeQwhZpOGYd/w6V6V/YOif3Lj/v6n/wAbo/sHRP7l x/39T/43QBwVFd7/AGDon9y4/wC/qf8Axuj+wdE/uXH/AH9T/wCN0AcFWrof/Ib0/wD6+Iv/AEMV 1H9g6J/cuP8Av6n/AMbq5pui6RFqNrLEs+9JUZcyqRkMCMjyxx+NAHrdYPib/kDyf9dIP/RqVvVg +Jv+QPJ/10g/9GpQB//S/ejQ/wDkCaf/ANe8X/oArUrL0P8A5Amn/wDXvF/6AK1KAPzjrrf+EE8W /wBjHXzpsgsQnmb8rnZ13bM78Y5zjGOelcomwuokJC5Gcdcd6+/nvNIbw4180w/s02pcyAceTs64 x/d7Y/CgD8/6+yK+OG27jt6Z4z1xX2PQB55rnxc+FHhnV5dA8SeNNE0nVIdoktLvUbaC4TeAy7o5 JFYbgQRkcggiu/hmhuIUuLd1lilUMjqQysrDIII4II6Gvgu58MeJfEPxo+Mi6F4E8M+LkNxpcbSa 9MY3Rm0uLCIotLjeh6kF05Pvkcx8J9U+JWo+APhJ8Lfhn4nbwnJNY+IY9VuZ7O31CSCfSLmKMxwL IzxtGkspjjO45iIJ+YDDjZpLq7P5Wu/u0+8JaPy2+f8AwdT9EbDU9N1WKSfS7uG8jhllgdoZFkVZ oWKSRsVJAdHBVlPKkEHkVer4JufiX4rsNNsvDmhau+k3upeJfFKSx6FoiXuq3UOn6g8YaGERNaR5 LA3E9wMknIJYsQ7wz8T/AI0+MPB3hHRrbXDpGv6j4w1Tw9d31zp9qbkWljbXcpaW3Rnt1uV8kf6s mMOBwy5DKC5ldeX42X5sU2o792vuv+iPvSuL8VfEj4eeBZre38a+J9L0CW7BaFL+9htWkUHBKiVl JAPUjgVw/wAF9Z8Z3R8Y+GPHGrrr954V1ttPhv8A7PHayT28lpbXcZljixH5ii42Eoqg7QdoOa8t +CPhLwj4x8U/FrxD400+21rxHL4kv9LuRfQJM8OmQqi2luqyBsQPDh+AA5POdowJXena/wCX+aK0 Su+9vz/yZ9cW9xb3cEd1ayrNDModHQhldWGQykcEEcgipq+B5PFOh+DND8K/DT4AeK9QGi/aNaJj 0zTG1jVm+y3QVorU3MP2WK0hmkZDNNkEBFjZss4i8OfEb47fELQ/h/4a0vxMvh3WtZ1DxJZalqMu m2stwItGkKRu1tueBZiQFdUcoCxIyAKSkpaxBqz5Zf1v/kfftFfBWr+P/jXo/hb4hfFP/hNraWx+ H2tXVpHpD2NssV7bWbRrIlzMF82OWTf+58srj5S28NhcbxZ8bPjnq/iTx7qXgSPULex8FX72Nnaw 6bYT6ZcPaxJLMdSu7m4iuE8zf1g8sRJtbMhyKOZXS7q/ydtfxXn5DcGr+Ta+avdfh6eZ+h1RiaEz Nbh1MqqGKZG4KxIBI64JBwfY18NeKfHHxx1WH4peMvD3iqLw5pngG1tr21002Ftd+fJ/ZcGoT29x MwLeX8xUNHtbLkhyFC1gfEjxz41+F/jD4o/F3S9T+3S2vhfw1JBpklvD9n8y+ubu2hDOAJSsEheU DeC+8qzYVNraaduv+advvsTG0knHr/mk/uufoRRXwJafFP46eE7DxbD4il1K6htfCup6tbXut6fp un3MGo2MQIEMNlNIstu2d2HjJQgAyODX1X8JdM+INh4WS6+JHiVfEmqakY7oFLOGzjtEliQm2QRZ 8xUfcQ7EsQcHpVcu/wDXVr9GJy2/ron+qPUKKKKkYVLBNJbyrNEcMhyKiooA9Ls7qO8t1nj79R6H uK80rpfDn2jzZNv+px82f73bFc1QAUUUUAFFFFABRRRQAV0Gsf8AHjp3/XP+i1z9dBrH/Hjp3/XP +i0Ac/RRRQAUUUUAFFFFABXQeHP+P5/+uZ/mK5+ug8Of8fz/APXM/wAxQB5HRRRXy5+0BRRRQAUU UUAFFFFABXVfEX/kNwf9e6/+hvXK11XxF/5DcH/Xuv8A6G9eplv2vkfF8X/8uvn+hwNFFFeofFhV S+vIdPtXu5z8iDt1J7AVW1fUjpVp9qEJmG4KQDjAPcnBrj9Rvv8AhJr6106yJEHDuSOh75+g4+po A7jT71NQtI7yNSiyZ4brwcVcqOKKOCJIYhtRAFA9AKkoAK77wj/yBPEP/Xv/AOySVwNd94R/5Ani H/r3/wDZJKAOBooooAKKK5O58VRW013bTQNHJBkR553nt24z1+lAGqdZtv7VXSVDNKRksPug4zg/ hWvXIeFbBxHJq11zNck4J67c5J/E119ABRRRQB7h4j/4/k/65j+Zrn66DxH/AMfyf9cx/M1z9ABR RRQAUUUUAFFFFAHQaP8A8eOo/wDXP+jVz9dBo/8Ax46j/wBc/wCjVz9ABRRRQAUUUUAFFFFABXQe I/8Aj+T/AK5j+Zrn66DxH/x/J/1zH8zQBz9FFFABRRRQAUUUUAFFFFAFzUf+RL1D/ron/oaV5HXr mo/8iXqH/XRP/Q0ryOgAooooAKyLXWba81CbT4QxaEElv4Tg4I/OuduvFyNZ3EaxNb3QOxVPPXjP QYI9K1vDOmfYLASyjE1xhmz1A7CgDo6KKKANXQ/+Q3p//XxF/wChitTxr/yM15/2z/8ARa1l6H/y G9P/AOviL/0MVqeNf+RmvP8Atn/6LWgDlqKKKACs7VNTt9KtvtE+WycKo6k1W1jWRpAhd4GlSViG YHG3H9fauYdx4n1xETJsrYZPbI7/APfR4+lAHd28y3EEdwgIWRQwB64IzzU1AAAwKKACvQ9I/wCR D1H/AK+B/OKvPK9D0j/kQ9R/6+B/OKsq/wAEvQ7ct/3in/iX5nIUUUV84frYUUUUAFFFFABWlo3/ ACGLH/rvF/6EKza0tG/5DFj/ANd4v/QhVw+JGOJ/hy9Gd/rf/ITm/wCA/wDoIrKrV1v/AJCc3/Af /QRWVX0p+OhRRRQAUUUUAFFFFAHQW/8AyL11/wBdB/Na5+ugt/8AkXrr/roP5rXP0AFFFFABRRRQ AUUUUAFauif8hOH/AIF/6Cayq1dE/wCQnD/wL/0E0AYepf8AIRuv+ur/APoRqlV3Uv8AkI3X/XV/ /QjVKvlqnxM+Lq/Ewoork9b8Vw6DqVtZ3lu/kTrkzA8LzjGMc46nnoa561aNNc03ZHLXxEKceabs i3r3iSy8PrD9pVpHnbComC2B1PNdCDkZrybRI38XeKJdduFJs7IgRKemR9wf+zH3r1mubBV5Veaf 2en+ZyYDEzrc1T7N9Pl1+YUUUV3Homj4j/5Eyx/6+P8A45XmVem+I/8AkTLH/r4/+OV5lX0+H/hx 9EfY4X+FH0QUUVFPKYYJJlQyFFLBR1OB0Fam5ISACScAVlaZrFtqrzrbqwEJA3EcNnOCPyrlNR8U Lf6b9mto2juZ22MvXC+xxznpXWaLpy6ZYR2//LQ/M59WPX8ulAGrRRRQB1Pgr/kZrP8A7af+i2rs r/8A4/rj/ro/8zXG+Cv+Rms/+2n/AKLauyv/APj+uP8Aro/8zQBUooooAKKKKACiiigAroLj/kXr X/rof5tXP10Fx/yL1r/10P8ANqAOfooooAKKKKACiiigArV0T/kJw/8AAv8A0E1lVq6J/wAhOH/g X/oJoA4DWf8AkMX3/XeX/wBCNZtaWs/8hi+/67y/+hGs2vmp/Ez9iw38OPogoooqDYKKKKACiiig ArrPGP8AyB9A/wCuB/8AQY65Ous8Y/8AIH0D/rgf/QY69LLviZ8lxb/Dh6nn9FFFesfCBUU00dvE 88p2pGCxPsKr6jdtY2ct2sZmMYztHGef6VxGq62dchttO09Sr3BHmA9iDwM9x3zQB2WlanFq1u1z CjIqsVw3tz2+taVVLGzisLSO0i+7GMZ9T3P4mrdABXffDr/kNz/9e7f+hpXA133w6/5Dc/8A17t/ 6GlAHA0UUUAFFFc3eeI4NP1B7K6hZEVdwk67jjPAx+GfWgC7eazbWd9BYMGeWcgfL/Dk4BNa9cP4 btpdRvZ9euxySRGPfvj6DgV3FABRRRQB7Ndf8gTRv+vdf/QErJrWuv8AkCaN/wBe6/8AoCVk0AFF FFABRRRQAUUUUAdB4c/4/n/65n+YryOvXPDn/H8//XM/zFeR15eZfZ+Z9pwh/wAvfl+oUUUV5Z9o FFFFABRRRQAV23ij/kD6F/1w/wDZY64mu28Uf8gfQv8Arh/7LHXRS+Cfy/M8zGf7xQ9X/wCks4mi iiuc9MKKKKACiiigAooooA77wZ/x46v/ANc1/k9Np3gz/jx1f/rmv8npte9gv4SPzHiH/fJ/L8kF FFFdR4oUUUUAFFFFABXQeI/+P5P+uY/ma5+ug8R/8fyf9cx/M0Ac/RRRQAUUUUAFFFFABVuw/wCP 63/66J/MVUq3Yf8AH9b/APXRP5igD0msHxN/yB5P+ukH/o1K3qwfE3/IHk/66Qf+jUoA/9P96ND/ AOQJp/8A17xf+gCtSsvQ/wDkCaf/ANe8X/oArUoA+FvBtn4LubieTxlfS2kUWzy440ZvNJzuyyq2 AMD0znrxX0IfHXwmOhf8I0bwnTvLEXl+XcfdHON23d196i/4UR4R/wCfu+/7+Rf/ABuj/hRHhH/n 7vv+/kX/AMboA8B8Z2ngu3uYZfBl9JdQy7/MjkRl8ojG3DMqkg5PqRjk819KVk/8KI8I/wDP3ff9 /Iv/AI3Xpf8Awjlj/fk/Mf4UAfLHir9nD4PeNfEWp+KvEOj3MupayIxePDqeoWqTiKMRJviguI4z hFC/d5HXqa7jQ/hn4E8Mvob+HtGh04eG7a5s9PSDdHHBBeNG86hFO1jI0SMzMC2QTnJbPt//AAjl j/fk/Mf4Uf8ACOWP9+T8x/hQtNED11Z82az8CPhfri2xu9Lmgms7u+voZ7S+vLO5jn1OQy3ZWe3m SULM5yybtnTCgAYteFvgl8L/AAVFYweFtDXT4tN1GXVbZEnnKRXs1s1pJKqtIR80LMpXG3JLY3/N X0T/AMI5Y/35PzH+FH/COWP9+T8x/hRHTRA9dzy7SfDmi6He6tqGl2/kXGu3QvLxt7t5s6wx24fD Ehf3cSLhQBxnGSSfN/GnwA+E/j7XJ/EviLRnGqXkH2a5uLO8urCS6gwF8u4NpLF5y7QFHmbsAADj ivpn/hHLH+/J+Y/wo/4Ryx/vyfmP8KVloNNrb+up81ar8BfhVq1jounf2KdNh8Owy29h/Zl1c6Y8 ME+DLGJLOWFykhALBiQTyeSTV/wl8F/hl4Fk0+Twnoq6d/ZU15PaKk87Rwvfqi3GxGkKgOEX5cbV 6qASSfob/hHLH+/J+Y/wo/4Ryx/vyfmP8KpSau+5NlZLsfGPhj9mjwXH4i1/xX4209NS1LVNfudX jVLu7Nq6b91obi03pbySwjON0bhT0Y9a7LxX+z58IvG2v3XiXxHoRuLzUfs/21Y7q5gt737Kcw/a 7eGVIbjZgAeajcAA5AAr6c/4Ryx/vyfmP8KP+Ecsf78n5j/CktEkull9yS/RFNtycurbf3tv9dDx W5+Hfg27svE2nT6cDbeMVKaqgkkUXCm2W0xww8v9wip+729M/eyaxtW+Dfw213Xn8Saxoy3d7Lpn 9jy75pjDNYfNiGWDf5UgG9iGdCwJyCMCvoP/AIRyx/vyfmP8KP8AhHLH+/J+Y/wpW/r8PybXzEv6 /B/ml9yPl/RP2ePhF4fttWtbLRpJhremto9zJd315eTf2cwKm1jmuJnkiiIP3Y2UZweoBHstvBFa 28drAu2KFVRRknCqMAZPPSu7/wCEcsf78n5j/Cj/AIRyx/vyfmP8Kpyb3EkjiqK7X/hHLH+/J+Y/ wo/4Ryx/vyfmP8KQziqlhhkuJVhiGWc4Fdh/wjlj/fk/Mf4VcstJtbFzJEWZiMZYg4+mAKALNnax 2dusEfbqfU9zXmteqVyv/CM/9PP/AI5/9egDlaK6r/hGf+nn/wAc/wDr0f8ACM/9PP8A45/9egDl aK6r/hGf+nn/AMc/+vR/wjP/AE8/+Of/AF6AOVorqv8AhGf+nn/xz/69H/CM/wDTz/45/wDXoA5W ug1j/jx07/rn/Ratf8Iz/wBPP/jn/wBetC80f7XBbQ+ds+zrtztzngD146UAcLRXVf8ACM/9PP8A 45/9ej/hGf8Ap5/8c/8Ar0AcrRXVf8Iz/wBPP/jn/wBej/hGf+nn/wAc/wDr0AcrRXVf8Iz/ANPP /jn/ANej/hGf+nn/AMc/+vQBytdB4c/4/n/65n+Yq1/wjP8A08/+Of8A160NN0f+z52m87zNylcb cdSD6n0oA8Jor0j/AIV9/wBP/wD5C/8As6P+Fff9P/8A5C/+zrwfqVXsfp3+sOD/AJ/wf+R5vRXp H/Cvv+n/AP8AIX/2dH/Cvv8Ap/8A/IX/ANnR9Sq9g/1hwf8AP+D/AMjzeivSP+Fff9P/AP5C/wDs 6P8AhX3/AE//APkL/wCzo+pVewf6w4P+f8H/AJHm9Fekf8K+/wCn/wD8hf8A2dH/AAr7/p//APIX /wBnR9Sq9g/1hwf8/wCD/wAjzeuq+Iv/ACG4P+vdf/Q3re/4V9/0/wD/AJC/+zrV8ReEf7fvUvPt fkbIxHt8vdnBJzncPWu/A0ZQvzI+Y4jzGjiPZ+yle1+/l3PDqK9S/wCFa/8AUR/8g/8A2dH/AArX /qI/+Qf/ALOu8+YPK3RJEMcgDKwwQehBrL07RbHS5JZbUHdL/eOcD0HtXtH/AArX/qI/+Qf/ALOj /hWv/UR/8g//AGdAHltFepf8K1/6iP8A5B/+zo/4Vr/1Ef8AyD/9nQB5bXfeEf8AkCeIf+vf/wBk krU/4Vr/ANRH/wAg/wD2db+keEf7KstRs/tfm/b4/L3eXt2cMM43HP3vagDw6ivUv+Fa/wDUR/8A IP8A9nR/wrX/AKiP/kH/AOzoA8trJ1LRLHVSj3KkMn8SnBI9D7V7R/wrX/qI/wDkH/7Oj/hWv/UR /wDIP/2dAHlaIsaKiDaqgAAdgKdXqX/Ctf8AqI/+Qf8A7Oj/AIVr/wBRH/yD/wDZ0AeW0V6l/wAK 1/6iP/kH/wCzo/4Vr/1Ef/IP/wBnQBveI/8Aj+T/AK5j+Zrn67rUtH/tCdZvO8vaoXG3PQk+o9az /wDhGf8Ap5/8c/8Ar0AcrRXVf8Iz/wBPP/jn/wBej/hGf+nn/wAc/wDr0AcrRXVf8Iz/ANPP/jn/ ANej/hGf+nn/AMc/+vQBytFdV/wjP/Tz/wCOf/Xo/wCEZ/6ef/HP/r0AVdH/AOPHUf8Arn/Rq5+u 6s9H+yQXMPnb/tC7c7cY4I9eetZ//CM/9PP/AI5/9egDlaK6r/hGf+nn/wAc/wDr0f8ACM/9PP8A 45/9egDlaK6r/hGf+nn/AMc/+vR/wjP/AE8/+Of/AF6AOVorqv8AhGf+nn/xz/69H/CM/wDTz/45 /wDXoA5Wug8R/wDH8n/XMfzNWv8AhGf+nn/xz/69aGpaP/aE6zed5e1QuNuehJ9R60AcLRXVf8Iz /wBPP/jn/wBej/hGf+nn/wAc/wDr0AcrRXVf8Iz/ANPP/jn/ANej/hGf+nn/AMc/+vQBytFdV/wj P/Tz/wCOf/Xo/wCEZ/6ef/HP/r0AcrRXVf8ACM/9PP8A45/9ej/hGf8Ap5/8c/8Ar0AYOo/8iXqH /XRP/Q0ryOvoC58PfaNFuNI+0bfPYNv2Zxgqemf9n1rkf+Fa/wDUR/8AIP8A9nQB5bRXqX/Ctf8A qI/+Qf8A7Oj/AIVr/wBRH/yD/wDZ0AeK3ehade3cd7Mh8xCCccBsdNw71sV6l/wrX/qI/wDkH/7O j/hWv/UR/wDIP/2dAHltFepf8K1/6iP/AJB/+zo/4Vr/ANRH/wAg/wD2dAHBaH/yG9P/AOviL/0M VqeNf+RmvP8Atn/6LWuzsfh99ivbe8+37/IkSTb5WM7SDjO/vireteB/7Y1ObUftvk+dt+Xy92Nq heu4enpQB4xRXqX/AArX/qI/+Qf/ALOj/hWv/UR/8g//AGdAHk9xbw3ULW9woeNxgg1T0zSrXSom itcnecksck+nTHSvZP8AhWv/AFEf/IP/ANnR/wAK1/6iP/kH/wCzoA8tor1L/hWv/UR/8g//AGdH /Ctf+oj/AOQf/s6APLa9D0j/AJEPUf8Ar4H84qv/APCtf+oj/wCQf/s66G08J/ZdBudE+1bvtEgk 8zZjGNvG3dz93171nVi3FpHVgakYVoTlsmn+J5BRXpH/AAr7/p//APIX/wBnR/wr7/p//wDIX/2d eL9Sq9j9E/1hwf8AP+D/AMjzeivSP+Fff9P/AP5C/wDs6P8AhX3/AE//APkL/wCzo+pVewf6w4P+ f8H/AJHm9Fekf8K+/wCn/wD8hf8A2dH/AAr7/p//APIX/wBnR9Sq9g/1hwf8/wCD/wAjzetLRv8A kMWP/XeL/wBCFdt/wr7/AKf/APyF/wDZ1Zs/A32S8gu/tu/yZFfHl4ztOcZ3VUMHUTWhlXz/AAjh JKfTs/8AINb/AOQnN/wH/wBBFZVdre6F9sunufP2b8cbc9AB1zVT/hGf+nn/AMc/+vXuH5scrRXV f8Iz/wBPP/jn/wBej/hGf+nn/wAc/wDr0AcrRXVf8Iz/ANPP/jn/ANej/hGf+nn/AMc/+vQBytFd V/wjP/Tz/wCOf/Xo/wCEZ/6ef/HP/r0AVbf/AJF66/66D+a1z9d1Ho/l6dLYednzG3btvTp2z7Vn /wDCM/8ATz/45/8AXoA5Wiuq/wCEZ/6ef/HP/r0f8Iz/ANPP/jn/ANegDlaK6r/hGf8Ap5/8c/8A r0f8Iz/08/8Ajn/16AOVorqv+EZ/6ef/ABz/AOvR/wAIz/08/wDjn/16AOVrV0T/AJCcP/Av/QTW r/wjP/Tz/wCOf/Xq3ZaF9jukufP37M8bcdQR1zQBwepf8hG6/wCur/8AoRqlXd3Phb7Rcy3H2rb5 rs2NmcbjnH3qg/4RD/p7/wDIf/2VeBPBVW27fkfMVMurOTaj+KOLrO1TSrLWLRrK+TcjcgjhlPqD 2Nei/wDCIf8AT3/5D/8AsqP+EQ/6e/8AyH/9lWc8uqSVnHT5GU8qqyTjKN18jznSdJtNFsksLIHy 1JJLcsxPUk+taVdp/wAIh/09/wDkP/7Kj/hEP+nv/wAh/wD2VEMuqRSjGOnyCGVVYpRjHRehxdFd p/wiH/T3/wCQ/wD7Kj/hEP8Ap7/8h/8A2VV9Rq9vyK/s2t/L+KOc8R/8iZY/9fH/AMcrzKveNS8L /wBoaNBpH2ny/Ik8zfszn73GNw/vetcz/wAK1/6iP/kH/wCzr3aMWoJPsfS0IuMIp9keW0V6l/wr X/qI/wDkH/7Oj/hWv/UR/wDIP/2daGp4r/YWnf2iNTCESjnA+7u/vY9a2K9S/wCFa/8AUR/8g/8A 2dH/AArX/qI/+Qf/ALOgDy2ivUv+Fa/9RH/yD/8AZ0f8K1/6iP8A5B/+zoA5bwV/yM1n/wBtP/Rb V2V//wAf1x/10f8AmauaL4H/ALH1OHUftvneTu+Xy9udyleu4+vpWxP4e8+eSb7Rt8xi2NmcZOfW gDkKK6r/AIRn/p5/8c/+vR/wjP8A08/+Of8A16AOVorqv+EZ/wCnn/xz/wCvR/wjP/Tz/wCOf/Xo A5Wiuq/4Rn/p5/8AHP8A69H/AAjP/Tz/AOOf/XoA5WuguP8AkXrX/rof5tVr/hGf+nn/AMc/+vWh Jo/madFYedjy23btvXr2z70AcLRXVf8ACM/9PP8A45/9ej/hGf8Ap5/8c/8Ar0AcrRXVf8Iz/wBP P/jn/wBej/hGf+nn/wAc/wDr0AcrRXVf8Iz/ANPP/jn/ANej/hGf+nn/AMc/+vQBytauif8AITh/ 4F/6Ca1f+EZ/6ef/ABz/AOvVuy0L7HdJc+fv2Z4246gjrmgDyDWf+Qxff9d5f/QjWbXqN54G+13k 939t2edIz48vONxzjO6q3/Cvv+n/AP8AIX/2deHPB1G3ofpNDP8ACKEU59Oz/wAjzeivSP8AhX3/ AE//APkL/wCzo/4V9/0//wDkL/7Op+pVexr/AKw4P+f8H/keb0V6R/wr7/p//wDIX/2dH/Cvv+n/ AP8AIX/2dH1Kr2D/AFhwf8/4P/I83or0j/hX3/T/AP8AkL/7Oj/hX3/T/wD+Qv8A7Oj6lV7B/rDg /wCf8H/keb11njH/AJA+gf8AXA/+gx1uf8K+/wCn/wD8hf8A2da2s+Ev7Ws9PtPtflfYYymdm7dw ozjcMfd967cFQnBtyR87xFmdCvCKpSvZ9n+qPDaK9S/4Vr/1Ef8AyD/9nR/wrX/qI/8AkH/7OvRP kzy3rwax7XQtPsr176BCHbOBn5Vz12jtmvav+Fa/9RH/AMg//Z0f8K1/6iP/AJB/+zoA8tor1L/h Wv8A1Ef/ACD/APZ0f8K1/wCoj/5B/wDs6APLa774df8AIbn/AOvdv/Q0rU/4Vr/1Ef8AyD/9nW/4 d8I/2Bevefa/P3xmPb5e3GSDnO4+lAHh1Fepf8K1/wCoj/5B/wDs6P8AhWv/AFEf/IP/ANnQB5bW bqWlWmqxCK6B+U5Vl4YfQ817J/wrX/qI/wDkH/7Oj/hWv/UR/wDIP/2dAHk1tbxWkCW0A2pGMAVP XqX/AArX/qI/+Qf/ALOj/hWv/UR/8g//AGdAHltFepf8K1/6iP8A5B/+zo/4Vr/1Ef8AyD/9nQBq XX/IE0b/AK91/wDQErJrtZdD8yys7Pz8fZIxHu2/ewAM4zx0qp/wjP8A08/+Of8A16AOVorqv+EZ /wCnn/xz/wCvR/wjP/Tz/wCOf/XoA5Wiuq/4Rn/p5/8AHP8A69H/AAjP/Tz/AOOf/XoA5Wiuq/4R n/p5/wDHP/r0f8Iz/wBPP/jn/wBegCr4c/4/n/65n+YryOvdtN0f+z52m87zNylcbcdSD6n0rkf+ Fff9P/8A5C/+zrgx1GU7cqPp+HMxo4f2ntZWvbv59jzeivSP+Fff9P8A/wCQv/s6P+Fff9P/AP5C /wDs64PqVXsfT/6w4P8An/B/5Hm9Fekf8K+/6f8A/wAhf/Z0f8K+/wCn/wD8hf8A2dH1Kr2D/WHB /wA/4P8AyPN6K9I/4V9/0/8A/kL/AOzo/wCFff8AT/8A+Qv/ALOj6lV7B/rDg/5/wf8Akeb123ij /kD6F/1w/wDZY60v+Fff9P8A/wCQv/s629U8Lf2lZ2Fp9q8v7FHszszu4UZxuGPu+9bQwtRRkmtz gxOd4WValJT0Td9H2a7HjlFekf8ACvv+n/8A8hf/AGdH/Cvv+n//AMhf/Z1j9Sq9jv8A9YcH/P8A g/8AI83or0j/AIV9/wBP/wD5C/8As6P+Fff9P/8A5C/+zo+pVewf6w4P+f8AB/5Hm9Fekf8ACvv+ n/8A8hf/AGdH/Cvv+n//AMhf/Z0fUqvYP9YcH/P+D/yPN6K9I/4V9/0//wDkL/7Oj/hX3/T/AP8A kL/7Oj6lV7B/rDg/5/wf+RV8Gf8AHjq//XNf5PTa6vRvDX9kQXkP2nzftahc7Nu3AYepz1pP+EZ/ 6ef/ABz/AOvXr4WDjBJnwuc4iFXEyqU3dO35I5Wiuq/4Rn/p5/8AHP8A69H/AAjP/Tz/AOOf/Xrc 8s5Wiuq/4Rn/AKef/HP/AK9H/CM/9PP/AI5/9egDlaK6r/hGf+nn/wAc/wDr0f8ACM/9PP8A45/9 egDla6DxH/x/J/1zH8zVr/hGf+nn/wAc/wDr1oalo/8AaE6zed5e1QuNuehJ9R60AcLRXVf8Iz/0 8/8Ajn/16P8AhGf+nn/xz/69AHK0V1X/AAjP/Tz/AOOf/Xo/4Rn/AKef/HP/AK9AHK0V1X/CM/8A Tz/45/8AXo/4Rn/p5/8AHP8A69AHK1bsP+P63/66J/MVv/8ACM/9PP8A45/9epYPD3kTxzfaN3ls GxsxnBz60AdLWD4m/wCQPJ/10g/9GpW9WD4m/wCQPJ/10g/9GpQB/9T96ND/AOQJp/8A17xf+gCt SsvQ/wDkCaf/ANe8X/oArUoAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKK ACiiigAooooAKKKKAOP8deLk8E+Hn1oWE2qXDyw21taW+0ST3FzIsUaAuQqgswLMTgKCecYrH8Ae P7jxhcazo2s6NLoOt+H5oory0kljuFAnTzYXjmj+V1dOegIPBFWPidqPj3TfB93L8NNKXV/EEhWO COSSKNIwx+aVvNeNW2Dou7k47ZrmPgxoOpaDpWoprehX2m6peTi4vL7Ubm1ubjUZ3GGkJtZJFRUA CpHwqrgKDyS6f2r/ANbf8H8OzCfS39f1/T2PZ6KKKQBRRRQAUUUUAFeVeN/i1oXgrxb4X8FTRNea p4mukhWONgPs8LkqJpOvyl/lUcbsNg/Ka9Vr5F8b/BL4kT+L4fFPhzxFFeNqHiOz1GYS2MfmWVvb I6RfvGnXzYoFYgRqoZi5brk1VNXnFPa6v94P4ZNb2dvu/r/gn11RRRUgFFFFABRRRQAUUUUAeW+I Pitoeh/Efw78MVie71TXvNZyhwlpGkUkiNJxyZDGwVeuAWPAGfUq+TLr4KfEbTfiFpXifSvEsV/B c+IJ9VvZJbCMTQRtbSworSNcbpUWMiCNVUbN28DgivrOlD4bvf8A4C/4bzt8gl8Vlt/wWFFFFMAo oooAKKKKACvKr34taFbfFfTfhJbRNdaleW81xcSow2WuxPMRH9XdQTjggbT0YV6rXyLpHwS+JHhj 4k+FNbg8RRavYW97ql9qN01jHDNvvVQMJCZy0hlVRGjIuIgo4xgVVNXlZ7a/8D+v8we39f15fM+u qKKKkAooooAKKKKACuG8d+L9Q8J2lgujaHceINT1W5FrbW0DLEu7Y0jPLM/yxoqoeTkk4AHPHc15 38SD4lOlW9to2hr4i067kaDVLNJhBdPZyxspa3keWJA6tgkMwyuQCDzUyvbQqPmX/AHjS38eeHF1 yKzl06aOee1ubWYqzwXNrI0UqFkJVgGU4ZTgjB4PA7WvGfgV4P1rwR4Km0bVrX+zLd9QvLiw08yi d7Cymk3xW7yqzB2BLMSGb72MnFezVpO19P6/r+myF1+YUUUVIwooooAKKKKAPB7T42yz+ILK3ufD F3a+HNV1SXR7PVnliIlvI2dBm3B8xYnaNwknOcAkLmveK+WNGsvif4i+J0XiX4jeDbxrHTrt00iK O9sTY2ELDZ9rljWcyzXBUnnaQgJ2Lk5H1PRH4E3v/wAN/X4dAl8bXT/h/wCvx6hRRRQAUUUUAFFF FAGB4o8TaP4O8PX/AIn16YQWGnRGWRupOOAqjuzMQqqOSxAHJrH+HHjSH4ieCdK8aQWj2KapGziB 2Dsm12QgkAZ5X0rA+Jvw+1zx3PoE+ka8mjjQrs3vlTWYvIZ51XELOhki5iJLLyRuwcZUVQ+AfhTx Z4K+GGl+HfGcinULdpj5Sqg8iN5Cyxlo3dXPJbcD0YDGRk1BaO/l/X9dvMJdLf1/X6+R7LRRRUgF FFFABRRRQAVyfjjxlo/gDwvf+K9cY/ZrJMhEGZJpGO2OKMd3kYhVHqecDJrrK8Y+Knw28R+OdQ0X V9C19NMbQRcyxW01mt5DLcyx+WkpVpYwHjUsEY52liRg1nVbUXyl00r6noPgzxJH4x8I6N4sigNq msWcF2ImbcYxMgfaWAGcZxnAzXTV5n8G/D3iTwp8MfDnh3xZKsmpWFnDFIqoqeSFUBYSUd1cxj5S 4OHxu716ZW9RJSdjGm24q+4UUUVBYUUUUAFFFFAHmnjzx5rPha8sNJ8OeGbnxLqF7FPcMkUsdtDD Bbbd7PNL8u8l1CIOW5yQBz1HhDxPp3jTwvpfizSQ62erW8dxGsgCuqyDO1gCRuHQ4JGehI5rz/4s WWvavBFoL+FP+Eu8L6jBKl9bW90tpeJOpVoGDyTQqYjghwG3A4PIBB3PhD4d8QeEvhp4e8NeKZVm 1LTrVYpNh3BFUny4t38XlptTcODtzRD4W33/AM/+B/Tsie6t/W3/AAf6Vz0eiiigAooooAKKKKAC vKtB+LWheJfidrXw00iJp5dCtRNcXYYGLzvMCPCo7sm4bjnhsqRkV6Lq1reX2lXllp92bC6uIZI4 rhVDmGR1IWQKeGKk5weDivmX4Z/Bzx78PviZY3U2rw6h4esdCNkZ1s0geeRrh5TGw8+STzC7ec8x BDklcZ5FU1edntZ/kwl8N1vp+a/r+rn1VRRRUgFFFFABRRRQAV418Wvi/F8LptCsINEudf1HxBLN Hb21qyq5Fugd2+bOcAjivZa+Zvj74I1fxPqmganaeA7Tx5aWUV5DJBLetaTwPOihHj3SpCVJA3Eo zjAK461E29Lf1/WxcEup7t4S1u+8R+HLHW9S0qfRLm7Qs9nc486EhiMPjuQM/Q10deV/BHwn4h8D /Cvw94V8VTCbVNPgZZcOZAgaRnSIMeojQqnHHy4HGK9UreqkpNLYyg7pXCiiisygooooAKKKz9Wt by+0q8stPuzYXVxDJHFcKocwyOpCyBTwxUnODwcUm9NBpa6nnWg/FrQvEvxO1r4aaRE08uhWomuL sMDF53mBHhUd2TcNxzw2VIyK9Vr5V+Gfwc8e/D74mWN1Nq8OoeHrHQjZGdbNIHnka4eUxsPPkk8w u3nPMQQ5JXGeR9VVo0uWPfr97/Qn7T7f8Bf1/VgoooqBhRRRQAUUUUAUNU1CHSNMu9VuVd4rKGSZ 1iQySFY1LEIg5ZiBwByTxXlfgL4r3fizXz4Z1/w3deG9Qn09dVtEnljm86xdxGHbyzmKQMRujbkZ 68GvUtXOqjSr06EITqQhk+y/aN3k+ftPl+Ztw2zdjdjnGcV88fDrwn4qPxSm8fXvhiTwkt7pjRau st6l2L+/eRXUwLHLKEiiw+GOwkOFCcEhw+Kz2/4D/W3+Wujl8N1v/wAFf8H+lr9MUUUUhBRRRQAU UUUAFZGv6za+HdC1LxBegm30y2mupAOuyFC7Y98CteuQ8f6Rea/4I13RNPtYL25vrKeFLe5eSOGY uhHlu8TI6q3QlWBGetRVbUXbcunbmV9jz34R/GHU/iozzv4Qv9C042y3EF5cMrQT7yMKhUDnB3fT 04z7jXyB8A/hn4s8M+PNQ8U3nhKLwHpEmj2+nvp0N6Ltbq9jcMbkBHkACqCo3sW5zklmNfX9bzS0 t/WrMo31v/WgUUUVmUFFFFABRRRQB4x8Qvi1feB9Qu4LPwte61Y6PZLqOp3cUkUMdtbMzD92JSPO kARmKKRgAc5OK9gtbmG8toby3bdFOiyIcYyrDIPPtXzn8dPDfizxvZ6l4Qk8If8ACR6TdWivplzb 3iWr2epYdN90JJo98a7lddiv0IZTkY988P2up2Og6bZa1ci81C3toY7mdRgSzIgEjgdgzAmiHwu/ f/P+vx1voT3Vv62/4P8AS116KKKACiiigAooooAxfEeuW/hnQNR8Q3UM1zFptvJcNFbp5k0gjUtt Re7HGAMgZ6kDmuF8BfEfUPFOsah4Z8SeHp/DWs2Fvb3n2eWeK5WS1uS6o4eI4DBkZXRgCDjBI6dx 4lfxBFoGoS+FI4JtYSF2tEut3kPMBlVcqVIBPGQRivDPhZ4N17T/AIleIPG58OzeEdM1qxhW7s7m 7ju5brUhK0jXCmKWZURFYoBld2chFoh8TT2t/n/X/D3RP4brf/hv6/4az+j6KKKACiiigAooooAK 8Y+IXxavvA+oXcFn4WvdasdHsl1HU7uKSKGO2tmZh+7EpHnSAIzFFIwAOcnFez182fHTw34s8b2e peEJPCH/AAkek3Vor6Zc294lq9nqWHTfdCSaPfGu5XXYr9CGU5GJk3pb+v6+Xa6Lgk9/6/r/AIJ9 GWtzDeW0N5btuinRZEOMZVhkHn2qesjw/a6nY6DptlrVyLzULe2hjuZ1GBLMiASOB2DMCa161mkp NIyg3yq+4UUUVBQUUUUAFFFFAHz78QfjtceDvHA8BaF4SvvFOoLZR3sosmXMaSOyAFSCSeAf+BCv oBGLIrFSpIBweo9q+IPjr8I/GHjDxdrkmh+A7LVJtagsY7HXxqDQTWDwsvmNLFJJj5QDt8iMEjrv YkD7W0+Ce2sLa2uZTPNFEiPIersqgFueeTzRD4Lve/8An/X5BPSVltb/AC/4P6luiiigAooooAKK KKACvnjxT8ernRfiJefDvw/4P1DxHdacts11LZsu2L7Uu9cqRnhec/XpjNfQ9fCXxb+DvjjxV461 uTQPBFmt3q17p9xZ+KY9QeKWzW3272lheVm3KF2gQooIwcMwGCH8SKe39f8AD/Ib+GT6n3bRSDpz zS0CCiiigAooooAKrXt7aabZz6jqEyW9raxtLLLIwVI40G5mYngAAZJNWa83+KngTUPiN4WHhqx1 caQj3MM05a3FzHcRQtvMEkZePKOwXcN3IG08E0pX6Dja+pH8KvibpvxX8PXXiXSLSW0tIL2e0jE3 35FhwVk24BXeGB2nkV6ZXhvwQ8G+OPB0HiuPxpdx3B1LWrq7thHCkW5JDzP8kkmFl4IjOCmMEnPH uVaTS0t2X5K5Kvd37v8AMKKKKgYUUUUAFFFFAHiPiL4x3Hh7xLPYTeF72Tw/YXtpp13q5kjjSO5v dgj8uBiJJY1MqB3XoScBsV7dXyr8WvCHj/x5qw02PwypvdL1G1udA1+G7WO3soQ8Ukz3MDTB3lQo wAWJlYEY2kEn6qoh8Cb3/wCAv+D+WtrhL4tNv+H/AK/yCiiigAooooAKKKKAK17e2mm2c+o6hMlv a2sbSyyyMFSONBuZmJ4AAGSTXnnwq+Jum/Ffw9deJdItJbS0gvZ7SMTffkWHBWTbgFd4YHaeRUnx U8Cah8RvCw8NWOrjSEe5hmnLW4uY7iKFt5gkjLx5R2C7hu5A2ngmuV+CHg3xx4Og8Vx+NLuO4Opa 1dXdsI4Ui3JIeZ/kkkwsvBEZwUxgk54qmr81+2n3r/g/1sT2Vu/6P+v619yoooqQCiiigAooooAK zdZ1jTPD2k3muazcLaWNhE808r/dSNBlie/TsOT0FaVeX/FT4f6n8RNJ07StP1ldISyvob2VZbUX cNz5BLJFLEZI9yB9r4JIJUZBqZX6f1/ww1bqaPwx8fW3xN8G2vjGzspdPiu5biNYZiDIvkTPF82O hOzJHbOMnGa7+vHPgh4U8Z+D/Cd3pvjW7S5updS1C4jVIUi2xz3Mkm4mOSQHzS3mgZBQNsP3a9jq uifoSr637v8AMKKKKBhRRRQAUUUUAcN478X6h4TtLBdG0O48QanqtyLW2toGWJd2xpGeWZ/ljRVQ 8nJJwAOeJPAHjS38eeHF1yKzl06aOee1ubWYqzwXNrI0UqFkJVgGU4ZTgjB4PAofEg+JTpVvbaNo a+ItOu5Gg1SzSYQXT2csbKWt5HliQOrYJDMMrkAg81zvwK8H614I8FTaNq1r/Zlu+oXlxYaeZRO9 hZTSb4rd5VZg7AlmJDN97GTiiH2r/wBbf1/lbUn0t/W//A/p6ezUUUUAFFFFABRRRQAV4PafG2Wf xBZW9z4Yu7Xw5quqS6PZ6s8sREt5GzoM24PmLE7RuEk5zgEhc17xXyxo1l8T/EXxOi8S/EbwbeNY 6ddumkRR3tibGwhYbPtcsazmWa4Kk87SEBOxcnIIfGk9v+G/r8egS+Btb/1/X4dT6nooooAKKKKA CsHxN/yB5P8ArpB/6NSt6sHxN/yB5P8ArpB/6NSgD//V/ejQ/wDkCaf/ANe8X/oArUrL0P8A5Amn /wDXvF/6AK1KACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKK ACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooA KKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAo oooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACii igAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKK ACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooA KKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAo oooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACii igAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACsHxN/yB5P+ukH/AKNSt6sHxN/yB5P+ ukH/AKNSgD//2Q== --_004_4C23A411F64446BEBB22F821F7A86D52ciscocom_-- From nobody Wed Dec 2 00:08:01 2015 Return-Path: X-Original-To: anima-bootstrap@ietfa.amsl.com Delivered-To: anima-bootstrap@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1FDB21B343E for ; Wed, 2 Dec 2015 00:08:00 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.601 X-Spam-Level: X-Spam-Status: No, score=-2.601 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id posx5p9Rr5_O for ; Wed, 2 Dec 2015 00:07:57 -0800 (PST) Received: from lb3-smtp-cloud6.xs4all.net (lb3-smtp-cloud6.xs4all.net [194.109.24.31]) (using TLSv1 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4086E1B341E for ; Wed, 2 Dec 2015 00:07:57 -0800 (PST) Received: from webmail.xs4all.nl ([194.109.20.212]) by smtp-cloud6.xs4all.net with ESMTP id oY7u1r00S4aYjWA01Y7uU3; Wed, 02 Dec 2015 09:07:55 +0100 Received: from [2001:983:a264:1:f574:f7b2:d399:ec9e] by webmail.xs4all.nl with HTTP (HTTP/1.1 POST); Wed, 02 Dec 2015 09:07:54 +0100 MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII; format=flowed Content-Transfer-Encoding: 7bit Date: Wed, 02 Dec 2015 09:07:54 +0100 From: peter van der Stok To: Brian E Carpenter Organization: vanderstok consultancy Mail-Reply-To: consultancy@vanderstok.org In-Reply-To: <565DF0D5.1050508@gmail.com> References: <13717.1448463285@sandelman.ca> <688d88e6dc86ae236e3c987d1526fb40@xs4all.nl> <28804.1448919598@sandelman.ca> <565DF0D5.1050508@gmail.com> Message-ID: <27aaa06c3304778cdc434fcda4cd3cad@xs4all.nl> X-Sender: stokcons@xs4all.nl (Vy0w4qtAkSgt+M9oF4DuPlNWrhbsfWe2) User-Agent: XS4ALL Webmail Archived-At: Cc: anima-bootstrap@ietf.org Subject: Re: [Anima-bootstrap] IoT and scope of bootstrap X-BeenThere: anima-bootstrap@ietf.org X-Mailman-Version: 2.1.15 Precedence: list Reply-To: consultancy@vanderstok.org List-Id: Mailing list for the bootstrap design team of the ANIMA WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 02 Dec 2015 08:08:00 -0000 Hi Brian, Brian E Carpenter schreef op 2015-12-01 20:11: > Hi Peter, > > On 02/12/2015 02:11, peter van der Stok wrote: > ... >> Such a network will be composed of LLNs, and includes constrained >> devices. >> Sleepy nodes (energy harvesting sensors) may include ANIMA services, >> but special provisions to include them in the network are >> more likely to be deployed. >> >> For the moment I have no idea what ACP and Anima bootstrapping implies >> in terms of resources and resource consumption. >> But excluding everything smaller than a tablet may be premature. > > ANs are basically nodes that participate in management actions that > historically > would have been carried out by a centralised NMS or NOC. So in my view > an individual > light switch isn't an AN but should be managed by an AN. The lighting > controller > for a section of a building could be an AN. Or to say it another way, > a node that > just does what it's told isn't an AN. Strictly speaking from a network management point of view? In that case the numerous light controllers are probably not ANs. However, the building control can (will) be part other networks, and the management of all these network components will include ANs. For the moment these aspects are far from clear to me. (It may of course need a > security bootstrap > anyway.) That's where my interest comes from. Listening to Max in Yokohama, where he explained his central table, I understood the bootstrap and the accompanying ACP to realize a domain wide neighbor discovery including secure bootstrap (beyond single link or mesh); with apologies for my over-simplification. The domain being (one of) the building control component(s) in the total network. For the moment I did not see the need for a multi-threaded OS to realize this part. Therefore my optimism that (this part of) Anima could be used to separate network installation responsibility from application installation responsibility. > > However, indeed the resource question is important. An AN is going to > need a > multi-threading OS, a full network stack, and a heap of software on > top. For > example, GRASP alone is about 2500 lines of C (in the now-obsolete > BUPT prototype) > and looks as if it will also be a couple of thousand lines of Python. > Add to > that the ACP, the security bootstrap, and all the supporting code, > before > you install any ASAs. Therefore I will try to look for possibilities to install ACP with bootstrap in a given node without using all the other goodies. Unless such a separation is unwanted, and my view needs to find expression elsewhere. > > Brian > > _______________________________________________ > Anima-bootstrap mailing list > Anima-bootstrap@ietf.org > https://www.ietf.org/mailman/listinfo/anima-bootstrap From nobody Wed Dec 2 04:51:24 2015 Return-Path: X-Original-To: anima-bootstrap@ietfa.amsl.com Delivered-To: anima-bootstrap@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 815FA1A89AC for ; Wed, 2 Dec 2015 04:51:21 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -14.511 X-Spam-Level: X-Spam-Status: No, score=-14.511 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2xPV78-1rDa0 for ; Wed, 2 Dec 2015 04:51:19 -0800 (PST) Received: from rcdn-iport-2.cisco.com (rcdn-iport-2.cisco.com [173.37.86.73]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9EDA51A89AA for ; Wed, 2 Dec 2015 04:51:19 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=3288; q=dns/txt; s=iport; t=1449060679; x=1450270279; h=date:from:to:cc:subject:message-id:references: mime-version:in-reply-to; bh=v8AXi2fEGWSYYLu6IFfAZjq6IorYNdQmwaxdFDBGST0=; b=PpZb+fS04R49e6pEbKXsYRIZrBeIWv2U2mLQYHZFd2rfaWfnBV3T9ziC lNIno4GE704FBcuMrKLelHOB7D/4Wp3d4wXoZKP5MSJXXw/+4t9nZu9CC MuRUlX4One+eNNJJkh8mxnQXgaD9iseSDXX2MA4ECXOjALBie38YfCxpy I=; X-IronPort-AV: E=Sophos;i="5.20,373,1444694400"; d="scan'208";a="54745834" Received: from alln-core-2.cisco.com ([173.36.13.135]) by rcdn-iport-2.cisco.com with ESMTP/TLS/DHE-RSA-AES256-SHA; 02 Dec 2015 12:51:18 +0000 Received: from mcast-linux1.cisco.com (mcast-linux1.cisco.com [172.27.244.121]) by alln-core-2.cisco.com (8.14.5/8.14.5) with ESMTP id tB2CpIMW004979 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Wed, 2 Dec 2015 12:51:19 GMT Received: from mcast-linux1.cisco.com (localhost.cisco.com [127.0.0.1]) by mcast-linux1.cisco.com (8.13.8/8.13.8) with ESMTP id tB2CpIrp021955; Wed, 2 Dec 2015 04:51:18 -0800 Received: (from eckert@localhost) by mcast-linux1.cisco.com (8.13.8/8.13.8/Submit) id tB2CpIGX021954; Wed, 2 Dec 2015 04:51:18 -0800 Date: Wed, 2 Dec 2015 04:51:18 -0800 From: "Toerless Eckert (eckert)" To: "Max Pritikin (pritikin)" Message-ID: <20151202125118.GX29056@cisco.com> References: <31DBE67A-30DD-48E9-A533-B854A5B4C79C@cisco.com> <1049515D-3512-441F-B14B-ED8FBE3A1EF6@cisco.com> <5654D44B.60906@gmail.com> <66260958-ED53-4308-9D20-B70BEB38641C@cisco.com> <4C23A411-F644-46BE-BB22-F821F7A86D52@cisco.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <4C23A411-F644-46BE-BB22-F821F7A86D52@cisco.com> User-Agent: Mutt/1.4.2.2i Archived-At: Cc: anima-bootstrap , Kent Watsen Subject: Re: [Anima-bootstrap] DOODLE POLL: Bootstrap Design Meeting Rescheduling X-BeenThere: anima-bootstrap@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Mailing list for the bootstrap design team of the ANIMA WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 02 Dec 2015 12:51:21 -0000 Well, i should be able to make it every second week, my 10AM slot is only every second week. Cheers Toerless On Tue, Dec 01, 2015 at 11:56:41PM +0000, Max Pritikin (pritikin) wrote: > I don???t think we???re getting any more updates. > > Of these THURSDAY at 10am (central) looks like the best bet. Unfortunately this is bad for Toerless so I???m loath to claim we have a winner. > > Folks, please let us know if you can stretch to join one of the other calls. > > If I don???t hear anything i???ll setup a webex and let everybody know the details before the THURSDAY 10am (central) slot. > > - max > > [cid:CC3E712A-3110-47F9-BF27-EC27D9244519@cisco.com] > - max > > On Nov 24, 2015, at 2:31 PM, Max Pritikin (pritikin) > wrote: > > Thanks. As you all can tell there isn???t an obvious winner > > > - max > > On Nov 24, 2015, at 2:19 PM, Brian E Carpenter > wrote: > > I've responded, but please don't take my "vote" as very > important - I'm here mainly to watch for issues that > directly affect GRASP, rather than to contribute. > > Regards > Brian > > On 25/11/2015 08:26, Max Pritikin (pritikin) wrote: > > Folks, > > Currently 3 people in addition to myself have filled out the doodle poll. > > The only slot that has everybody able to attend so far is Thursday at 10am (this week that is of course Thanksgiving and I don???t expect anybody would be there). When you fill your information in please strain to help find a slot everybody can join. > > I???ve added a couple more people to this email but perhaps Toerless or Sheng has direct emails for the other ???team members??? and could ping them directly? (Their email addr isn???t listed on the bootstrap wiki). > > - max > > On Nov 20, 2015, at 1:47 PM, Max Pritikin (pritikin) > wrote: > > > ANIMA bootstrap design team has been meeting on Wed morning but attendance has been light with multiple conflicts lately. This poll is to see if a new time can be found. > > Please fill in this poll if you???d like to be joining the bootstrap design team calls but haven???t been able to due to scheduling conflicts. > > Some notes: > > I arbitrarily blocked some times for the meetings. If NONE of these work we can try to find some other slots (please suggest). > > The poll is for an entire week of days... but the date itself doesn???t matter. Please select the time that works most often for you for a recurring meeting. > > The timezone is set for central time??? but time zone support is enabled. Just remember to switch this to your time zone before filling in which times you would be available. > > Please enter your name in the input field and check the box for times that you are available. > > http://doodle.com/poll/89t6v7mrvtv9txg7 > > > - max > _______________________________________________ > Anima-bootstrap mailing list > Anima-bootstrap@ietf.org > https://www.ietf.org/mailman/listinfo/anima-bootstrap > > > > -- --- Toerless Eckert, eckert@cisco.com From nobody Wed Dec 2 10:47:03 2015 Return-Path: X-Original-To: anima-bootstrap@ietfa.amsl.com Delivered-To: anima-bootstrap@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E27231ACE5C for ; Wed, 2 Dec 2015 10:47:01 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.911 X-Spam-Level: X-Spam-Status: No, score=-1.911 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id s0qHQAex1dSx for ; Wed, 2 Dec 2015 10:47:00 -0800 (PST) Received: from tuna.sandelman.ca (tuna.sandelman.ca [IPv6:2607:f0b0:f:3:216:3eff:fe7c:d1f3]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5F1821ACE5B for ; Wed, 2 Dec 2015 10:47:00 -0800 (PST) Received: from sandelman.ca (obiwan.sandelman.ca [209.87.249.21]) by tuna.sandelman.ca (Postfix) with ESMTP id E277A20183 for ; Wed, 2 Dec 2015 13:52:11 -0500 (EST) Received: by sandelman.ca (Postfix, from userid 179) id EA67E63757; Wed, 2 Dec 2015 13:46:58 -0500 (EST) Received: from sandelman.ca (localhost [127.0.0.1]) by sandelman.ca (Postfix) with ESMTP id CFE0863753 for ; Wed, 2 Dec 2015 13:46:58 -0500 (EST) From: Michael Richardson To: anima-bootstrap X-Attribution: mcr X-Mailer: MH-E 8.6; nmh 1.3-dev; GNU Emacs 24.4.2 X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m Sender: mcr@sandelman.ca Archived-At: Subject: [Anima-bootstrap] Thursday 10am EDT? X-BeenThere: anima-bootstrap@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Mailing list for the bootstrap design team of the ANIMA WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 02 Dec 2015 18:47:02 -0000 --=-=-= Content-Type: text/plain Was 10am Thursday the conclusion from the doodle poll? if so, I can make an IETF webex for this. -- Michael Richardson , Sandelman Software Works -= IPv6 IoT consulting =- --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEVAwUBVl88ooCLcPvd0N1lAQKc+Af/VfQC5LQvH+M1U6OibRn9rTCir+7v8nGk uZ46QaNGBkLI73AptwZhP/8P4ZO8Qoitb0LjUs+Opse/1EpgMq7rU1XZ9QD8qB0K NqrhZTapkRWpzj9P+7/AfPwFfx5S+cXJSmIsBM+/riexmwm+EGynvnzVRAXa1u9Z UZDtrNb2keTotgkARYJymY/8JLkP0NCJEI73O/zPfRu4kpnGsw1F1TlKeAzCJp4y nkMGWITQbu4UNJjt+Sq1joL30O1GbSEMe5GdpD5bFXr2iBeDGzzDb21hnSb6HMWI js2ZifmOEGo4+MniLJU0RKopTMNdxJ1sQ4A6nmaj2QSpp6IX3iGM4w== =e8Dj -----END PGP SIGNATURE----- --=-=-=-- From nobody Wed Dec 2 10:49:57 2015 Return-Path: X-Original-To: anima-bootstrap@ietfa.amsl.com Delivered-To: anima-bootstrap@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A59051ACE6B for ; Wed, 2 Dec 2015 10:49:55 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.911 X-Spam-Level: X-Spam-Status: No, score=-1.911 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id M3Y6i1gNtyZe for ; Wed, 2 Dec 2015 10:49:54 -0800 (PST) Received: from tuna.sandelman.ca (tuna.sandelman.ca [IPv6:2607:f0b0:f:3:216:3eff:fe7c:d1f3]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7E1201ACE69 for ; Wed, 2 Dec 2015 10:49:54 -0800 (PST) Received: from sandelman.ca (obiwan.sandelman.ca [IPv6:2607:f0b0:f:2::247]) by tuna.sandelman.ca (Postfix) with ESMTP id 7F03A200A5; Wed, 2 Dec 2015 13:55:06 -0500 (EST) Received: by sandelman.ca (Postfix, from userid 179) id B9D9263757; Wed, 2 Dec 2015 13:49:53 -0500 (EST) Received: from sandelman.ca (localhost [127.0.0.1]) by sandelman.ca (Postfix) with ESMTP id 9E0E063753; Wed, 2 Dec 2015 13:49:53 -0500 (EST) From: Michael Richardson To: "Max Pritikin \(pritikin\)" In-Reply-To: <4C23A411-F644-46BE-BB22-F821F7A86D52@cisco.com> References: <31DBE67A-30DD-48E9-A533-B854A5B4C79C@cisco.com> <1049515D-3512-441F-B14B-ED8FBE3A1EF6@cisco.com> <5654D44B.60906@gmail.com> <66260958-ED53-4308-9D20-B70BEB38641C@cisco.com> <4C23A411-F644-46BE-BB22-F821F7A86D52@cisco.com> X-Mailer: MH-E 8.6; nmh 1.3-dev; GNU Emacs 24.4.2 X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m Sender: mcr@sandelman.ca Archived-At: Cc: "Toerless Eckert \(eckert\)" , anima-bootstrap , Kent Watsen Subject: Re: [Anima-bootstrap] DOODLE POLL: Bootstrap Design Meeting Rescheduling X-BeenThere: anima-bootstrap@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Mailing list for the bootstrap design team of the ANIMA WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 02 Dec 2015 18:49:55 -0000 Max Pritikin (pritikin) wrote: > I don=E2=80=99t think we=E2=80=99re getting any more updates. > Of these THURSDAY at 10am (central) looks like the best bet. Unfortun= ately > this is bad for Toerless so I=E2=80=99m loath to claim we have a winn= er. okay, found this email finally. So, it's 10am Central, not Eastern Standard, so, 1600 UTC, I think. -- ] Never tell me the odds! | ipv6 mesh network= s [ ] Michael Richardson, Sandelman Software Works | network architect= [ ] mcr@sandelman.ca http://www.sandelman.ca/ | ruby on rails = [ From nobody Wed Dec 2 12:39:17 2015 Return-Path: X-Original-To: anima-bootstrap@ietfa.amsl.com Delivered-To: anima-bootstrap@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1DC121B2D04 for ; Wed, 2 Dec 2015 12:39:16 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -6.21 X-Spam-Level: X-Spam-Status: No, score=-6.21 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, GB_I_INVITATION=-2, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id O_PncF8-G5s7 for ; Wed, 2 Dec 2015 12:39:14 -0800 (PST) Received: from sjmda10.webex.com (sjmda10.webex.com [64.68.124.127]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 30C3C1B2D06 for ; Wed, 2 Dec 2015 12:39:14 -0800 (PST) Received: from jva2tc202.webex.com (sjc02-wxp00-lbace03-core-vl120-np10-4.webex.com [64.68.121.248]) by sjmda10.webex.com (Postfix) with ESMTP id 4604A406C for ; Wed, 2 Dec 2015 20:39:13 +0000 (GMT) Received: from jva2tc202.webex.com (localhost [127.0.0.1]) by jva2tc202.webex.com (Postfix) with ESMTP id 0B92C411EE for ; Wed, 2 Dec 2015 20:39:13 +0000 (GMT) Date: Wed, 2 Dec 2015 20:39:13 +0000 (GMT) From: Michael Richardson To: anima-bootstrap@ietf.org Message-ID: <740211973.26579.1449088753045.JavaMail.nobody@jva2tc202.webex.com> MIME-Version: 1.0 Content-Type: multipart/Mixed; boundary="----=_Part_26577_1239883129.1449088753045" X-Priority: 3 Importance: normal Archived-At: Subject: [Anima-bootstrap] WebEx meeting invitation: anima bootstrap X-BeenThere: anima-bootstrap@ietf.org X-Mailman-Version: 2.1.15 Precedence: list Reply-To: mcr+nomcom@sandelman.ca List-Id: Mailing list for the bootstrap design team of the ANIMA WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 02 Dec 2015 20:39:16 -0000 ------=_Part_26577_1239883129.1449088753045 Content-Type: multipart/Alternative; boundary="----=_Part_26578_1681922262.1449088753045" ------=_Part_26578_1681922262.1449088753045 Content-Type: text/plain;charset=UTF-8 Content-Transfer-Encoding: base64 CkhlbGxvLAoKTWljaGFlbCBSaWNoYXJkc29uIGludml0ZXMgeW91IHRvIGpvaW4gdGhpcyBXZWJF eCBtZWV0aW5nLgoKCmFuaW1hIGJvb3RzdHJhcApFdmVyeSBUaHVyc2RheSwgZnJvbSBUaHVyc2Rh eSwgRGVjZW1iZXIgMywgMjAxNSwgdG8gVGh1cnNkYXksIE1hcmNoIDMxLCAyMDE2CjQ6MDAgcG0g IHwgIEdNVCBUaW1lIChMb25kb24sIEdNVCkgIHwgIDEgaHIgMTUgbWlucwoKCkpPSU4gV0VCRVgg TUVFVElORwpodHRwczovL2lldGYud2ViZXguY29tL2lldGYvai5waHA/TVRJRD1tM2FkOTc1MzU3 OTQ1NWY4OGEyOWIyMjI2ZDU2OGYyMjgKTWVldGluZyBudW1iZXI6IDY0OSA3NzAgNzQyCk1lZXRp bmcgcGFzc3dvcmQ6IGJvb3RzdHJhcAoKDQpKT0lOIEJZIFBIT05FDQoxLTg3Ny02NjgtNDQ5MyBD YWxsLWluIHRvbGwgZnJlZSBudW1iZXIgKFVTL0NhbmFkYSkgCjEtNjUwLTQ3OS0zMjA4IENhbGwt aW4gdG9sbCBudW1iZXIgKFVTL0NhbmFkYSkKQWNjZXNzIGNvZGU6IDY0OSA3NzAgNzQyCgpUb2xs LWZyZWUgZGlhbGluZyByZXN0cmljdGlvbnM6IApodHRwOi8vd3d3LndlYmV4LmNvbS9wZGYvdG9s bGZyZWVfcmVzdHJpY3Rpb25zLnBkZg0KDQoKQWRkIHRoaXMgbWVldGluZyB0byB5b3VyIGNhbGVu ZGFyOgpodHRwczovL2lldGYud2ViZXguY29tL2lldGYvai5waHA/TVRJRD1tOTQ2YTkwNzE3NDNm NjFkN2M1MWRlMDVhMjEwM2FkMWENCg0KCkNhbid0IGpvaW4gdGhlIG1lZXRpbmc/IENvbnRhY3Qg c3VwcG9ydCBoZXJlOgpodHRwczovL2lldGYud2ViZXguY29tL2lldGYvbWMKCgpJTVBPUlRBTlQg Tk9USUNFOiBQbGVhc2Ugbm90ZSB0aGF0IHRoaXMgV2ViRXggc2VydmljZSBhbGxvd3MgYXVkaW8g YW5kIG90aGVyIGluZm9ybWF0aW9uIHNlbnQgZHVyaW5nIHRoZSBzZXNzaW9uIHRvIGJlIHJlY29y ZGVkLCB3aGljaCBtYXkgYmUgZGlzY292ZXJhYmxlIGluIGEgbGVnYWwgbWF0dGVyLiBCeSBqb2lu aW5nIHRoaXMgc2Vzc2lvbiwgeW91IGF1dG9tYXRpY2FsbHkgY29uc2VudCB0byBzdWNoIHJlY29y ZGluZ3MuIElmIHlvdSBkbyBub3QgY29uc2VudCB0byBiZWluZyByZWNvcmRlZCwgZGlzY3VzcyB5 b3VyIGNvbmNlcm5zIHdpdGggdGhlIGhvc3Qgb3IgZG8gbm90IGpvaW4gdGhlIHNlc3Npb24uCg== ------=_Part_26578_1681922262.1449088753045 Content-Type: text/html;charset=UTF-8 Content-Transfer-Encoding: base64 PG1ldGEgaHR0cC1lcXVpdj0iQ29udGVudC1UeXBlIiBjb250ZW50PSJ0ZXh0L2h0bWw7IGNoYXJz ZXQ9dXRmLTgiPjxtZXRhIG5hbWU9InZpZXdwb3J0IiBjb250ZW50PSJ3aWR0aD1kZXZpY2Utd2lk dGgsIGluaXRpYWwtc2NhbGU9MSIgLz48Ym9keT48c3R5bGUgdHlwZT0idGV4dC9jc3MiPgpkaXYs cCx0ZCxzcGFuIHt3b3JkLXdyYXA6IGJyZWFrLXdvcmQ7d29yZC1icmVhazogbm9ybWFsO30KCnRh YmxlIHtib3JkZXItY29sbGFwc2U6IHNlcGFyYXRlOyBib3JkZXI6IDA7Ym9yZGVyLXNwYWNpbmc6 IDA7Ym9yZGVyLWNvbG9yOiB3aGl0ZTsgd2lkdGg6MTAwJSFpbXBvcnRhbnQ7d2lkdGg6NTI1cHg7 IG1heC13aWR0aDo1MjVweCFpbXBvcnRhbnQ7IG1pbi13aWR0aDogMjc5cHghaW1wb3J0YW50O30K dHIge2xpbmUtaGVpZ2h0OiAyMHB4O30KCnRkLGEge2ZvbnQtc2l6ZTogMTVweDtmb250LWZhbWls eTogQXJpYWw7Y29sb3I6ICM2NjY2NjY7cGFkZGluZzowO30KPC9zdHlsZT4KCjx0YWJsZSBzdHls ZT0icGFkZGluZzowOyBtYXJnaW46MCIgd2lkdGg9IjEwMCUiIGFsaWduPSJsZWZ0Ij4KICAgPHRy PgogICAgICA8dGQgc3R5bGU9InBhZGRpbmctdG9wOjVweDsiPgogICAgICAgIDx0YWJsZSBzdHls ZT0id2lkdGg6IDUyNXB4O21hcmdpbi1sZWZ0OjVweCIgYWxpZ249ImxlZnQiPgoJCQk8dHI+CgkJ CQk8dGQgdmFsaWduPSJ0b3AiPgoKPHRhYmxlPgogICAgICAgPHRyPgogICAgICAgICAgPHRkIHN0 eWxlPSJmb250LXNpemU6IDE1cHg7Zm9udC1mYW1pbHk6IEFyaWFsO2NvbG9yOiM0RDRENEQiPgog ICAgICAgICAgICAgSGVsbG8sCiAgICAgICAgICA8L3RkPgogICAgICAgPC90cj4KICAgICAgIDx0 cj4KICAgICAgICAgICA8dGQgc3R5bGU9ImZvbnQtc2l6ZTogMTVweDtmb250LWZhbWlseTogQXJp YWw7Y29sb3I6IzRENEQ0RDtwYWRkaW5nLXRvcDoxMHB4OyI+CiAgICAgICAgICAgICAgICBNaWNo YWVsIFJpY2hhcmRzb24gaW52aXRlcyB5b3UgdG8gam9pbiB0aGlzIFdlYkV4IG1lZXRpbmcuCiAg ICAgICAgICAgICAgICAJICAgICAgICAgICA8L3RkPgogICAgICA8L3RyPgo8L3RhYmxlPgoKCgoK PHRhYmxlPjx0ciBzdHlsZT0ibGluZS1oZWlnaHQ6IDIwcHg7Ij48dGQgc3R5bGU9ImhlaWdodDoy MHB4Ij4mbmJzcDs8L3RkPjwvdHI+PC90YWJsZT4KCQkJCQkJPHRhYmxlICB3aWR0aD0iMTAwJSI+ CgkJCQkJCQk8dHI+CgkJCQkJCQkJPHRkIHN0eWxlPSJmb250LXNpemU6MTZweDsgY29sb3I6IzRE NEQ0RCI+CgkJCQkJCQkJCTxiPmFuaW1hIGJvb3RzdHJhcDwvYj4KCQkJCQkJCQk8L3RkPgoJCQkJ CQkJPC90cj4KCQkJCQkJCTx0ciBzdHlsZT0ibWFyZ2luOjBweCI+CgkJCQkJCQkJPHRkPkV2ZXJ5 IFRodXJzZGF5LCBmcm9tIFRodXJzZGF5LCBEZWNlbWJlciAzLCAyMDE1LCB0byBUaHVyc2RheSwg TWFyY2ggMzEsIDIwMTYKCQkJCQkJCQk8L3RkPgoJCQkJCQkJPC90cj4KCQkJCQkJCTx0ciBzdHls ZT0ibWFyZ2luOjBweCI+CgkJCQkJCQkJPHRkPjQ6MDAgcG0mbmJzcDsmbmJzcDt8Jm5ic3A7Jm5i c3A7R01UIFRpbWUgKExvbmRvbiwgR01UKSZuYnNwOyZuYnNwO3wmbmJzcDsmbmJzcDsxIGhyIDE1 IG1pbnMKCQkJCQkJCQk8L3RkPgoJCQkJCQkJPC90cj4KCQkJCQkJPC90YWJsZT4KCjx0YWJsZT48 dHIgc3R5bGU9ImxpbmUtaGVpZ2h0OiAyMHB4OyI+PHRkIHN0eWxlPSJoZWlnaHQ6MjBweCI+Jm5i c3A7PC90ZD48L3RyPjwvdGFibGU+CgkJCQkJCTx0YWJsZSBzdHlsZT0id2lkdGg6YXV0bzsgd2lk dGg6YXV0byFpbXBvcnRhbnQiPgoJCQkJCQkJPHRyPgoJCQkJCQkJCTx0ZCBzdHlsZT0iY29sb3I6 IzAwQUZGOTtmb250LXNpemU6MTZweCI+CgkJCQkJCQkJCTxhIGhyZWY9Imh0dHBzOi8vaWV0Zi53 ZWJleC5jb20vaWV0Zi9qLnBocD9NVElEPW0zYWQ5NzUzNTc5NDU1Zjg4YTI5YjIyMjZkNTY4ZjIy OCIKCQkJCQkJCQkJCXN0eWxlPSJ0ZXh0LWRlY29yYXRpb246bm9uZTtmb250LXNpemU6MTZweDtj b2xvcjojMDBBRkY5Ij4KCQkJCQkJCQkJCTxiPkpvaW4gV2ViRXggbWVldGluZzwvYj4KCQkJCQkJ CQkJPC9hPgoJCQkJCQkJCTwvdGQ+CgkJCQkJCQk8L3RyPgoJCQkJCQk8L3RhYmxlPgoJCQkJCQk8 dGFibGUgc3R5bGU9IndpZHRoOmF1dG87IHdpZHRoOmF1dG8haW1wb3J0YW50Ij4KCQkJCQkJCTx0 ciBzdHlsZT0ibWFyZ2luOjBweCI+CgkJCQkJCQkJPHRkIHN0eWxlPSJwYWRkaW5nLXJpZ2h0OiA1 cHg7Ij4KCQkJCQkJCQkJTWVldGluZyBudW1iZXI6CgkJCQkJCQkJPC90ZD4KCQkJCQkJCQk8dGQ+ NjQ5IDc3MCA3NDIKCQkJCQkJCQk8L3RkPgoJCQkJCQkJPC90cj4KCQkJCQkJCTx0cj4KCQkJCQkJ CQk8dGQgc3R5bGU9InBhZGRpbmctcmlnaHQ6IDVweDsiPk1lZXRpbmcgcGFzc3dvcmQ6PC90ZD4K CQkJCQkJCQk8dGQ+Ym9vdHN0cmFwPC90ZD4KCQkJCQkJCTwvdHI+CgkJCQkJCTwvdGFibGU+CgoK CgkKCgk8dGFibGU+PHRyIHN0eWxlPSJsaW5lLWhlaWdodDoyMHB4Ij48dGQgc3R5bGU9ImhlaWdo dDoyMHB4Ij4mbmJzcDs8L3RkPjwvdHI+PC90YWJsZT48dGFibGU+PHRyPjx0ZCBzdHlsZT0iZm9u dC1zaXplOjE2cHgiPjxiPkpvaW4gYnkgcGhvbmU8L2I+PC90ZD48L3RyPjx0ciBzdHlsZT0ibWFy Z2luOjBweCI+PHRkPjxiPjEtODc3LTY2OC00NDkzPC9iPiZuYnNwO0NhbGwtaW4gdG9sbCBmcmVl IG51bWJlciAoVVMvQ2FuYWRhKTwvdGQ+PC90cj48dHIgc3R5bGU9Im1hcmdpbjowcHgiPjx0ZD48 Yj4xLTY1MC00NzktMzIwODwvYj4mbmJzcDtDYWxsLWluIHRvbGwgbnVtYmVyIChVUy9DYW5hZGEp PC90ZD48L3RyPjx0ciBzdHlsZT0ibWFyZ2luOjBweCI+PHRkPkFjY2VzcyBjb2RlOiZuYnNwOzY0 OSA3NzAgNzQyPC90ZD48L3RyPjx0ciBzdHlsZT0ibWFyZ2luOjBweCI+PHRkPjxhIGhyZWY9Imh0 dHA6Ly93d3cud2ViZXguY29tL3BkZi90b2xsZnJlZV9yZXN0cmljdGlvbnMucGRmIiBzdHlsZT0i dGV4dC1kZWNvcmF0aW9uOm5vbmU7Zm9udC1zaXplOjEzcHg7Y29sb3I6IzAwQUZGOTsiPlRvbGwt ZnJlZSBjYWxsaW5nIHJlc3RyaWN0aW9uczwvYT48L3RkPjwvdHI+PC90YWJsZT4KCgkJCQkJPHRh YmxlPjx0ciBzdHlsZT0ibGluZS1oZWlnaHQ6MjBweCI+PHRkIHN0eWxlPSJoZWlnaHQ6MjBweCI+ Jm5ic3A7PC90ZD48L3RyPjwvdGFibGU+PHRhYmxlPjx0cj48dGQgc3R5bGU9ImZvbnQtc2l6ZTox M3B4Ij48YSBocmVmPSJodHRwczovL2lldGYud2ViZXguY29tL2lldGYvai5waHA/TVRJRD1tOTQ2 YTkwNzE3NDNmNjFkN2M1MWRlMDVhMjEwM2FkMWEiIHN0eWxlPSJ0ZXh0LWRlY29yYXRpb246bm9u ZTtjb2xvcjojMDBBRkY5OyBmb250LXNpemU6MTNweCI+QWRkIHRoaXMgbWVldGluZzwvYT4gdG8g eW91ciBjYWxlbmRhci48L3RkPjwvdHI+PC90YWJsZT4KPHRhYmxlPjx0ciBzdHlsZT0ibGluZS1o ZWlnaHQ6IDIwcHg7Ij48dGQgc3R5bGU9ImhlaWdodDoyMHB4Ij4mbmJzcDs8L3RkPjwvdHI+PC90 YWJsZT4KPHRhYmxlPgogICAgPHRyPgogICAgICAgPHRkIHN0eWxlPSJmb250LXNpemU6IDEzcHg7 Zm9udC1mYW1pbHk6IEFyaWFsO2NvbG9yOiAjNjY2NjY2OyI+CiAgICAgICAgQ2FuJ3Qgam9pbiB0 aGUgbWVldGluZz8KICAgICAJPGEgaHJlZj0iaHR0cHM6Ly9pZXRmLndlYmV4LmNvbS9pZXRmL21j IiBzdHlsZT0idGV4dC1kZWNvcmF0aW9uOm5vbmU7Zm9udC1zaXplOjEzcHg7Zm9udC1mYW1pbHk6 QXJpYWw7Y29sb3I6IzAwQUZGOTtmb250LWNvbG9yOiMwMEFGRjk7Ij4KICAgICAgICAJQ29udGFj dCBzdXBwb3J0LjwvYT4KCQk8L3RkPgogICAgPC90cj4KPC90YWJsZT4KPHRhYmxlPjx0ciBzdHls ZT0ibGluZS1oZWlnaHQ6IDEwcHg7Ij48dGQgc3R5bGU9ImhlaWdodDoxMHB4Ij4mbmJzcDs8L3Rk PjwvdHI+PC90YWJsZT4KCQkJCQkJPHRhYmxlPgoJCQkJCQkJPHRyPgoJCQkJCQkJCTx0ZCBzdHls ZT0iZm9udC1zaXplOjEycHg7Y29sb3I6ICNBMEEwQTA7Ij4KCQkJCQkJCQkJSU1QT1JUQU5UIE5P VElDRTogUGxlYXNlIG5vdGUgdGhhdCB0aGlzIFdlYkV4IHNlcnZpY2UgYWxsb3dzIGF1ZGlvIGFu ZCBvdGhlciBpbmZvcm1hdGlvbiBzZW50IGR1cmluZyB0aGUgc2Vzc2lvbiB0byBiZSByZWNvcmRl ZCwgd2hpY2ggbWF5IGJlIGRpc2NvdmVyYWJsZSBpbiBhIGxlZ2FsIG1hdHRlci4gQnkgam9pbmlu ZyB0aGlzIHNlc3Npb24sIHlvdSBhdXRvbWF0aWNhbGx5IGNvbnNlbnQgdG8gc3VjaCByZWNvcmRp bmdzLiBJZiB5b3UgZG8gbm90IGNvbnNlbnQgdG8gYmVpbmcgcmVjb3JkZWQsIGRpc2N1c3MgeW91 ciBjb25jZXJucyB3aXRoIHRoZSBob3N0IG9yIGRvIG5vdCBqb2luIHRoZSBzZXNzaW9uLjwvdGQ+ CgkJCQkJCQk8L3RyPgoJCQkJCQk8L3RhYmxlPgoJCQkJPC90ZD4KCQkJPC90cj4KCQk8L3RhYmxl PgoJPC90ZD4KICAgPC90cj4KPC90YWJsZT4KCjwvYm9keT4= ------=_Part_26578_1681922262.1449088753045-- ------=_Part_26577_1239883129.1449088753045 Content-Type: application/octet-stream; name="WebEx_Meeting.ics" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="WebEx_Meeting.ics" QkVHSU46VkNBTEVOREFSClBST0RJRDotLy9NaWNyb3NvZnQgQ29ycG9yYXRpb24vL091dGxvb2sg MTAuMCBNSU1FRElSLy9FTgpWRVJTSU9OOjIuMApNRVRIT0Q6UkVRVUVTVApCRUdJTjpWVElNRVpP TkUKVFpJRDpXZXN0ZXJuIEV1cm9wZWFuIFRpbWUKQkVHSU46U1RBTkRBUkQKRFRTVEFSVDoyMDEz MTAwMVQwMzAwMDAKUlJVTEU6RlJFUT1ZRUFSTFk7SU5URVJWQUw9MTtCWURBWT0tMVNVO0JZTU9O VEg9MTAKVFpPRkZTRVRGUk9NOiswMTAwClRaT0ZGU0VUVE86KzAwMDAKVFpOQU1FOlN0YW5kYXJk IFRpbWUKRU5EOlNUQU5EQVJECkJFR0lOOkRBWUxJR0hUCkRUU1RBUlQ6MjAxMzAzMDFUMDIwMDAw ClJSVUxFOkZSRVE9WUVBUkxZO0lOVEVSVkFMPTE7QllEQVk9LTFTVTtCWU1PTlRIPTMKVFpPRkZT RVRGUk9NOiswMDAwClRaT0ZGU0VUVE86KzAxMDAKVFpOQU1FOkRheWxpZ2h0IFNhdmluZ3MgVGlt ZQpFTkQ6REFZTElHSFQKRU5EOlZUSU1FWk9ORQpCRUdJTjpWRVZFTlQKQ0xBU1M6UFVCTElDCkRF U0NSSVBUSU9OOlxuXG5cbkpPSU4gV0VCRVggTUVFVElOR1xuaHR0cHM6Ly9pZXRmLndlYmV4LmNv bS9pZXRmL2oucGhwP01USUQ9bTI2ODVlNTJiNjI5ZTU3Mzk0M2MyMzRiM2EzNWU4NDE1XG5NZWV0 aW5nIG51bWJlcjogNjQ5IDc3MCA3NDJcbk1lZXRpbmcgcGFzc3dvcmQ6IGJvb3RzdHJhcFxuXG5c bkpPSU4gQlkgUEhPTkVcbjEtODc3LTY2OC00NDkzIENhbGwtaW4gdG9sbCBmcmVlIG51bWJlciAo VVMvQ2FuYWRhKSBcbjEtNjUwLTQ3OS0zMjA4IENhbGwtaW4gdG9sbCBudW1iZXIgKFVTL0NhbmFk YSlcbkFjY2VzcyBjb2RlOiA2NDkgNzcwIDc0MlxuXG5Ub2xsLWZyZWUgZGlhbGluZyByZXN0cmlj dGlvbnM6IFxuaHR0cDovL3d3dy53ZWJleC5jb20vcGRmL3RvbGxmcmVlX3Jlc3RyaWN0aW9ucy5w ZGZcblxuXG5cbkNhbid0IGpvaW4gdGhlIG1lZXRpbmc/IENvbnRhY3Qgc3VwcG9ydCBoZXJlOlxu aHR0cHM6Ly9pZXRmLndlYmV4LmNvbS9pZXRmL21jXG5cblxuSU1QT1JUQU5UIE5PVElDRTogUGxl YXNlIG5vdGUgdGhhdCB0aGlzIFdlYkV4IHNlcnZpY2UgYWxsb3dzIGF1ZGlvIGFuZCBvdGhlciBp bmZvcm1hdGlvbiBzZW50IGR1cmluZyB0aGUgc2Vzc2lvbiB0byBiZSByZWNvcmRlZCwgd2hpY2gg bWF5IGJlIGRpc2NvdmVyYWJsZSBpbiBhIGxlZ2FsIG1hdHRlci4gQnkgam9pbmluZyB0aGlzIHNl c3Npb24sIHlvdSBhdXRvbWF0aWNhbGx5IGNvbnNlbnQgdG8gc3VjaCByZWNvcmRpbmdzLiBJZiB5 b3UgZG8gbm90IGNvbnNlbnQgdG8gYmVpbmcgcmVjb3JkZWQsIGRpc2N1c3MgeW91ciBjb25jZXJu cyB3aXRoIHRoZSBob3N0IG9yIGRvIG5vdCBqb2luIHRoZSBzZXNzaW9uLlxuClgtQUxULURFU0M7 Rk1UVFlQRT10ZXh0L2h0bWw6CTxGT05UIFNJWkU9IjEiIEZBQ0U9IkFSSUFMIj4mbmJzcDs8QlI+ IDxGT05UIFNJWkU9IjQiIEZBQ0U9IkFSSUFMIj4JCTxhCQkJCQlocmVmPSJodHRwczovL2lldGYu d2ViZXguY29tL2lldGYvai5waHA/TVRJRD1tMjY4NWU1MmI2MjllNTczOTQzYzIzNGIzYTM1ZTg0 MTUiPjxGT05UIFNJWkU9IjMiIENPTE9SPSIjMDBBRkY5IiBGQUNFPSJBcmlhbCI+Sm9pbiBXZWJF eCBtZWV0aW5nPC9GT05UPjwvYT4JCQk8dGFibGU+CQkJCTx0cj4JCQkJCTx0ZD4JCQkJCQk8Rk9O VCBTSVpFPSIyIiBDT0xPUj0iIzY2NjY2NiIgRkFDRT0iYXJpYWwiPk1lZXRpbmcgbnVtYmVyOjwv Rk9OVD4JCQkJCTwvdGQ+CQkJCQk8dGQ+CQkJCQkJPEZPTlQgU0laRT0iMiIgQ09MT1I9IiM2NjY2 NjYiIEZBQ0U9ImFyaWFsIj42NDkgNzcwIDc0MjwvRk9OVD4JCQkJCTwvdGQ+CQkJCTwvdHI+CQkJ PC90YWJsZT4JCQk8dGFibGU+PHRyPjx0ZD48Rk9OVCBTSVpFPSIyIiBDT0xPUj0iIzY2NjY2NiIg RkFDRT0iYXJpYWwiPk1lZXRpbmcgcGFzc3dvcmQ6PC9GT05UPjwvdGQ+PHRkPjxGT05UIFNJWkU9 IjIiICBDT0xPUj0iIzY2NjY2NiIgRkFDRT0iYXJpYWwiPmJvb3RzdHJhcDwvRk9OVD48L3RkPjwv dHI+PC90YWJsZT4JCTwvRk9OVD48Rk9OVCBTSVpFPSIxIiBGQUNFPSJBUklBTCI+Jm5ic3A7PEJS PiZuYnNwOzxCUj48L0ZPTlQ+PEZPTlQgU0laRT0iNCIgRkFDRT0iQVJJQUwiPjxGT05UIFNJWkU9 IjMiIENPTE9SPSIjNjY2NjY2IiBGQUNFPSJhcmlhbCI+Sm9pbiBieSBwaG9uZTwvRk9OVD4mbmJz cDsgPEJSPjxGT05UIFNJWkU9IjIiIENPTE9SPSIjNjY2NjY2IiBGQUNFPSJhcmlhbCI+PHN0cm9u Zz4xLTg3Ny02NjgtNDQ5Mzwvc3Ryb25nPiZuYnNwO0NhbGwtaW4gdG9sbCBmcmVlIG51bWJlciAo VVMvQ2FuYWRhKTwvRk9OVD4mbmJzcDsgPEJSPjxGT05UIFNJWkU9IjIiIENPTE9SPSIjNjY2NjY2 IiBGQUNFPSJhcmlhbCI+PHN0cm9uZz4xLTY1MC00NzktMzIwODwvc3Ryb25nPiZuYnNwO0NhbGwt aW4gdG9sbCBudW1iZXIgKFVTL0NhbmFkYSk8L0ZPTlQ+Jm5ic3A7IDxCUj48Rk9OVCBTSVpFPSIy IiBDT0xPUj0iIzY2NjY2NiIgRkFDRT0iYXJpYWwiPkFjY2VzcyBjb2RlOiA2NDkgNzcwIDc0Mjwv Rk9OVD4mbmJzcDsgPEJSPjxhIGhyZWY9Imh0dHA6Ly93d3cud2ViZXguY29tL3BkZi90b2xsZnJl ZV9yZXN0cmljdGlvbnMucGRmIj48Rk9OVCBTSVpFPSIxIiBDT0xPUj0iIzAwQUZGOSIgRkFDRT0i YXJpYWwiPlRvbGwtZnJlZSBjYWxsaW5nIHJlc3RyaWN0aW9uczwvRk9OVD48L2E+ICZuYnNwOyA8 QlI+PC9GT05UPjxCUj48QlI+CSZuYnNwOzxCUj4JPEZPTlQgU0laRT0iMSIgQ09MT1I9IiM2NjY2 NjYiIEZBQ0U9ImFyaWFsIj4JCQkJQ2FuJ3Qgam9pbiB0aGUgbWVldGluZz88L0ZPTlQ+CTxhIGhy ZWY9Imh0dHBzOi8vaWV0Zi53ZWJleC5jb20vaWV0Zi9tYyI+CTxGT05UIFNJWkU9IjEiIENPTE9S PSIjMDBBRkY5IiBGQUNFPSJBcmlhbCI+Q29udGFjdCBzdXBwb3J0LjwvRk9OVD48L2E+CSZuYnNw OzxCUj4mbmJzcDs8QlI+PEZPTlQgQ09MT1I9IiNBMEEwQTAiIHNpemU9IjEiIEZBQ0U9ImFyaWFs Ij5JTVBPUlRBTlQgTk9USUNFOiBQbGVhc2Ugbm90ZSB0aGF0IHRoaXMgV2ViRXggc2VydmljZSBh bGxvd3MgYXVkaW8gYW5kIG90aGVyIGluZm9ybWF0aW9uIHNlbnQgZHVyaW5nIHRoZSBzZXNzaW9u IHRvIGJlIHJlY29yZGVkLCB3aGljaCBtYXkgYmUgZGlzY292ZXJhYmxlIGluIGEgbGVnYWwgbWF0 dGVyLiBCeSBqb2luaW5nIHRoaXMgc2Vzc2lvbiwgeW91IGF1dG9tYXRpY2FsbHkgY29uc2VudCB0 byBzdWNoIHJlY29yZGluZ3MuIElmIHlvdSBkbyBub3QgY29uc2VudCB0byBiZWluZyByZWNvcmRl ZCwgZGlzY3VzcyB5b3VyIGNvbmNlcm5zIHdpdGggdGhlIGhvc3Qgb3IgZG8gbm90IGpvaW4gdGhl IHNlc3Npb24uPC9GT05UPjwvRk9OVD4KQVRURU5ERUU7Q049IiI7Uk9MRT1SRVEtUEFSVElDSVBB TlQ7UlNWUD1UUlVFOk1BSUxUTzphbmltYS1ib290c3RyYXBAaWV0Zi5vcmcKRFRTVEFNUDoyMDE1 MTIwM1QxNjAwMDBaClVJRDo5NzExM2NjZi04N2EyLTQyMDMtYjQ1ZS00MWE2NDg0OGZkMTkKUFJJ T1JJVFk6NQpEVFNUQVJUO1RaSUQ9Ildlc3Rlcm4gRXVyb3BlYW4gVGltZSI6MjAxNTEyMDNUMTYw MDAwCkRURU5EO1RaSUQ9Ildlc3Rlcm4gRXVyb3BlYW4gVGltZSI6MjAxNTEyMDNUMTcxNTAwClJS VUxFOkZSRVE9V0VFS0xZO0lOVEVSVkFMPTE7QllEQVk9VEg7VU5USUw9MjAxNjAzMzFUMTcxNTAw WgpTRVFVRU5DRToxNDQ5MDg4NzUyClNVTU1BUlk6YW5pbWEgYm9vdHN0cmFwClRSQU5TUDpPUEFR VUUKT1JHQU5JWkVSO0NOPSJNaWNoYWVsIFJpY2hhcmRzb24iOk1BSUxUTzptY3Irbm9tY29tQHNh bmRlbG1hbi5jYQpMT0NBVElPTjpodHRwczovL2lldGYud2ViZXguY29tL2lldGYKQkVHSU46VkFM QVJNClRSSUdHRVI6LVBUMTBNCkFDVElPTjpESVNQTEFZCkRFU0NSSVBUSU9OOlJlbWluZGVyCkVO RDpWQUxBUk0KRU5EOlZFVkVOVApFTkQ6VkNBTEVOREFSCg== ------=_Part_26577_1239883129.1449088753045-- From nobody Wed Dec 2 12:41:42 2015 Return-Path: X-Original-To: anima-bootstrap@ietfa.amsl.com Delivered-To: anima-bootstrap@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C91491B2C4C for ; Wed, 2 Dec 2015 12:41:40 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -3.911 X-Spam-Level: X-Spam-Status: No, score=-3.911 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, GB_I_INVITATION=-2, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KEGop-ffD7M0 for ; Wed, 2 Dec 2015 12:41:39 -0800 (PST) Received: from tuna.sandelman.ca (tuna.sandelman.ca [IPv6:2607:f0b0:f:3:216:3eff:fe7c:d1f3]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DD87B1B2D00 for ; Wed, 2 Dec 2015 12:41:38 -0800 (PST) Received: from sandelman.ca (obiwan.sandelman.ca [IPv6:2607:f0b0:f:2::247]) by tuna.sandelman.ca (Postfix) with ESMTP id 087F3200A5; Wed, 2 Dec 2015 15:46:51 -0500 (EST) Received: by sandelman.ca (Postfix, from userid 179) id F1F0D63757; Wed, 2 Dec 2015 15:41:37 -0500 (EST) Received: from sandelman.ca (localhost [127.0.0.1]) by sandelman.ca (Postfix) with ESMTP id DA86D63753; Wed, 2 Dec 2015 15:41:37 -0500 (EST) From: Michael Richardson To: anima-bootstrap In-Reply-To: <21410.1449082193@sandelman.ca> References: <31DBE67A-30DD-48E9-A533-B854A5B4C79C@cisco.com> <1049515D-3512-441F-B14B-ED8FBE3A1EF6@cisco.com> <5654D44B.60906@gmail.com> <66260958-ED53-4308-9D20-B70BEB38641C@cisco.com> <4C23A411-F644-46BE-BB22-F821F7A86D52@cisco.com> <21410.1449082193@sandelman.ca> X-Mailer: MH-E 8.6; nmh 1.3-dev; GNU Emacs 24.4.2 X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m Sender: mcr@sandelman.ca Archived-At: Cc: "Max Pritikin \(pritikin\)" , Kent Watsen , "Toerless Eckert \(eckert\)" Subject: Re: [Anima-bootstrap] DOODLE POLL: Bootstrap Design Meeting Rescheduling X-BeenThere: anima-bootstrap@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Mailing list for the bootstrap design team of the ANIMA WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 02 Dec 2015 20:41:41 -0000 --=-=-= Content-Type: text/plain Here is a webex for Thursday at 1600UTC. I've set this until the next IETF, cancelling meetings Dec. 24 and Dec.31. https://ietf.webex.com/ietf/j.php?MTID=m09ce76fb7e9ae7af015d3033b42c54c2 meeting number: 649 770 742 Meeting password: bootstrap 1-877-668-4493 Call-in toll free number (US/Canada) 1-650-479-3208 Call-in toll number (US/Canada) I also sent an invitation to this list. -- Michael Richardson , Sandelman Software Works -= IPv6 IoT consulting =- --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEVAwUBVl9XgYCLcPvd0N1lAQJvWggAp97gfjzwxkQ6serq28igR3L9rLLVBoLE ka/VkU5dAxZTvXtajo1+5ix25V1ZIWnB+IyxtDEBrYgzmW9azrFDxpQYzXmK5Fxp S9yhnClFpwtwjtAhJmr7HrGq3GFEm2t4JROUW0tSa+DV8ZjjbSSG/gRhxdtQEuFp FZkluyLl6JVaMgMMvjou90V5/fwJUN+46z4vlceWE/L/dMiw8IWJ8Gt5LXz34yY9 ZUAgIr00oBWwx0SxKRGNV7k3NECKAHzKWC68lTestaWk0/DeK90SEZY1z+r6JAzk wAfnDsOQAMzH39sELIbdvz7Tac/i1p2UT/wtnxtE6P00qtarll2KTQ== =QIA8 -----END PGP SIGNATURE----- --=-=-=-- From nobody Wed Dec 2 16:19:07 2015 Return-Path: X-Original-To: anima-bootstrap@ietfa.amsl.com Delivered-To: anima-bootstrap@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BCD571B2ED0 for ; Wed, 2 Dec 2015 16:19:05 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2 X-Spam-Level: X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BqOc74SFvCFZ for ; Wed, 2 Dec 2015 16:19:04 -0800 (PST) Received: from mail-pf0-x22a.google.com (mail-pf0-x22a.google.com [IPv6:2607:f8b0:400e:c00::22a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 208F81B2ECE for ; Wed, 2 Dec 2015 16:19:04 -0800 (PST) Received: by pfnn128 with SMTP id n128so2758128pfn.0 for ; Wed, 02 Dec 2015 16:19:03 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=subject:to:references:cc:from:organization:message-id:date :user-agent:mime-version:in-reply-to:content-type :content-transfer-encoding; bh=zc0KUq0DReHJXCXhNPC8Gy3P3DkPPgAIzgB8yR1b24Q=; b=GELwNFUKFzYt9qH6bwliUk+CJ/vmlHW4AjtCnmFKSvCAsHJ3tUKn/MtOsfaEx9vgjC 4AjzBnw8pFcVY8MCZoVy23NVdDQdcmeE2RtrS3n/XdJhmSvNFKvrsuxuHN35zsCAAaQ0 YtFxQiT78/wudpVrO9mZQAi9QcTbFtbF65EIQsFhnyr6o4yqXK4CzVkqR9wVw9vtETem /phUoMmOQz6fGaVbeA90yS16zqGDjrfD2bXrKGLxJGzqKfY25i38PT2/mILPQZd5rd64 h0MraihlUmrf4m+zLuyatWvnm2jo2LTwdBPHecozZuTY/XVd3Am0V49YevdSY54kyJzN XoWg== X-Received: by 10.98.74.26 with SMTP id x26mr8874749pfa.15.1449101943781; Wed, 02 Dec 2015 16:19:03 -0800 (PST) Received: from ?IPv6:2406:e007:6e99:1:28cc:dc4c:9703:6781? ([2406:e007:6e99:1:28cc:dc4c:9703:6781]) by smtp.gmail.com with ESMTPSA id q65sm6582592pfa.18.2015.12.02.16.19.01 (version=TLSv1/SSLv3 cipher=OTHER); Wed, 02 Dec 2015 16:19:02 -0800 (PST) To: consultancy@vanderstok.org References: <13717.1448463285@sandelman.ca> <688d88e6dc86ae236e3c987d1526fb40@xs4all.nl> <28804.1448919598@sandelman.ca> <565DF0D5.1050508@gmail.com> <27aaa06c3304778cdc434fcda4cd3cad@xs4all.nl> From: Brian E Carpenter Organization: University of Auckland Message-ID: <565F8A7C.8090804@gmail.com> Date: Thu, 3 Dec 2015 13:19:08 +1300 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:38.0) Gecko/20100101 Thunderbird/38.4.0 MIME-Version: 1.0 In-Reply-To: <27aaa06c3304778cdc434fcda4cd3cad@xs4all.nl> Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit Archived-At: Cc: anima-bootstrap@ietf.org Subject: Re: [Anima-bootstrap] IoT and scope of bootstrap X-BeenThere: anima-bootstrap@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Mailing list for the bootstrap design team of the ANIMA WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 03 Dec 2015 00:19:05 -0000 On 02/12/2015 21:07, peter van der Stok wrote: ... > > Therefore I will try to look for possibilities to install ACP with bootstrap in a given node without using all the other goodies. > Unless such a separation is unwanted, and my view needs to find expression elsewhere. > fwiw, I can certainly imagine a tiny subset of GRASP that only supports client-side discovery/response, if that's what the bootstrap needs. We could fit that in a smart light switch. Brian From nobody Thu Dec 3 00:11:09 2015 Return-Path: X-Original-To: anima-bootstrap@ietfa.amsl.com Delivered-To: anima-bootstrap@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4945D1B300C for ; Thu, 3 Dec 2015 00:11:07 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.601 X-Spam-Level: X-Spam-Status: No, score=-2.601 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uoMiTPDLfzax for ; Thu, 3 Dec 2015 00:11:04 -0800 (PST) Received: from lb3-smtp-cloud2.xs4all.net (lb3-smtp-cloud2.xs4all.net [194.109.24.29]) (using TLSv1 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 47E3B1B2A1A for ; Thu, 3 Dec 2015 00:11:00 -0800 (PST) Received: from webmail.xs4all.nl ([194.109.20.207]) by smtp-cloud2.xs4all.net with ESMTP id owAx1r00H4U4Moq01wAxke; Thu, 03 Dec 2015 09:10:58 +0100 Received: from 2001:983:a264:1:f861:7434:3d4f:9cd3 by webmail.xs4all.nl with HTTP (HTTP/1.1 POST); Thu, 03 Dec 2015 09:10:57 +0100 MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII; format=flowed Content-Transfer-Encoding: 7bit Date: Thu, 03 Dec 2015 09:10:57 +0100 From: peter van der Stok To: Brian E Carpenter Organization: vanderstok consultancy Mail-Reply-To: consultancy@vanderstok.org In-Reply-To: <565F8A7C.8090804@gmail.com> References: <13717.1448463285@sandelman.ca> <688d88e6dc86ae236e3c987d1526fb40@xs4all.nl> <28804.1448919598@sandelman.ca> <565DF0D5.1050508@gmail.com> <27aaa06c3304778cdc434fcda4cd3cad@xs4all.nl> <565F8A7C.8090804@gmail.com> Message-ID: X-Sender: stokcons@xs4all.nl (11cdktK4XN0ls5y0bVTnfkZPVRxsoHA/) User-Agent: XS4ALL Webmail Archived-At: Cc: anima-bootstrap@ietf.org, consultancy@vanderstok.org Subject: Re: [Anima-bootstrap] IoT and scope of bootstrap X-BeenThere: anima-bootstrap@ietf.org X-Mailman-Version: 2.1.15 Precedence: list Reply-To: consultancy@vanderstok.org List-Id: Mailing list for the bootstrap design team of the ANIMA WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 03 Dec 2015 08:11:07 -0000 HI Brian, So, I have a mission. Peter Brian E Carpenter schreef op 2015-12-03 01:19: > On 02/12/2015 21:07, peter van der Stok wrote: > > ... >> >> Therefore I will try to look for possibilities to install ACP with >> bootstrap in a given node without using all the other goodies. >> Unless such a separation is unwanted, and my view needs to find >> expression elsewhere. >> > > fwiw, I can certainly imagine a tiny subset of GRASP that only supports > client-side discovery/response, if that's what the bootstrap needs. We > could > fit that in a smart light switch. > > Brian > > _______________________________________________ > Anima-bootstrap mailing list > Anima-bootstrap@ietf.org > https://www.ietf.org/mailman/listinfo/anima-bootstrap From nobody Thu Dec 3 17:43:39 2015 Return-Path: X-Original-To: anima-bootstrap@ietfa.amsl.com Delivered-To: anima-bootstrap@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 74CCE1AD0B3 for ; Thu, 3 Dec 2015 17:43:36 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -0.547 X-Spam-Level: X-Spam-Status: No, score=-0.547 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FR_ALMOST_VIAG2=10.357, LOCALPART_IN_SUBJECT=1.107, MANGLED_VIAGRA=2.5, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, USER_IN_DEF_DKIM_WL=-7.5] autolearn=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FSS_-hp3TN4u for ; Thu, 3 Dec 2015 17:43:35 -0800 (PST) Received: from alln-iport-6.cisco.com (alln-iport-6.cisco.com [173.37.142.93]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 12A191AD0A6 for ; Thu, 3 Dec 2015 17:43:35 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=6186; q=dns/txt; s=iport; t=1449193415; x=1450403015; h=date:from:to:subject:message-id:mime-version; bh=2UN5ndZochzaf/tP/dc/1k+f8y8rvSiERutQzv6/2kk=; b=ebMSc5Hxj7HdjEICAP0cR61IUSjh9BVp3xwpuhtFHaQf22G+6VTKIRKr DJoxXViOgk3JiSXza8Bk370LfLZjnBnRJvLGRVVsoOQbErD+nPwWNSaBj IgkEj331YmW8CXpC2ez3Q8fuBXAV7ktdyrUua7AdkEnCdXMXXW4Kgg0m0 0=; X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0D8AQCB7mBW/4YNJK1egzq/AgENgW6GH?= =?us-ascii?q?4E4OBQBAQEBAQEBgQqEYhMxSjQFiQuhEKEEASCQE4R5BYdMhV12PYgFjTMJnG0?= =?us-ascii?q?fAQFChCUdhiMBAQE?= X-IronPort-AV: E=Sophos;i="5.20,378,1444694400"; d="scan'208";a="214575710" Received: from alln-core-12.cisco.com ([173.36.13.134]) by alln-iport-6.cisco.com with ESMTP/TLS/DHE-RSA-AES256-SHA; 04 Dec 2015 01:43:34 +0000 Received: from mcast-linux1.cisco.com (mcast-linux1.cisco.com [172.27.244.121]) by alln-core-12.cisco.com (8.14.5/8.14.5) with ESMTP id tB41hXaC003085 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Fri, 4 Dec 2015 01:43:34 GMT Received: from mcast-linux1.cisco.com (localhost.cisco.com [127.0.0.1]) by mcast-linux1.cisco.com (8.13.8/8.13.8) with ESMTP id tB41hXaO016689 for ; Thu, 3 Dec 2015 17:43:33 -0800 Received: (from eckert@localhost) by mcast-linux1.cisco.com (8.13.8/8.13.8/Submit) id tB41hXqZ016688 for anima-bootstrap@ietf.org; Thu, 3 Dec 2015 17:43:33 -0800 Date: Thu, 3 Dec 2015 17:43:33 -0800 From: Toerless Eckert To: anima-bootstrap@ietf.org Message-ID: <20151204014333.GZ29056@cisco.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.4.2.2i Archived-At: Subject: [Anima-bootstrap] anima-bootstrap: Bootstrap proxy discovery options X-BeenThere: anima-bootstrap@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Mailing list for the bootstrap design team of the ANIMA WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 04 Dec 2015 01:43:36 -0000 As promised during call: Proposed Discovery phase for AN-Bootstrap: 1. Mandatory: Discovery of bootstrap-proxy link-local I think this should be via GRASP, but GRASP may not want to provide what i think is best, so let me maybe first describe what i think is best, independent of what protocol we use and solicit feedback on it and then we can discuss with GRAP if/how to fit it there: IMHO, i would let the proxy periodically (30 secs) just announce that its providing AN enrollment proxy function via link-local IPv6 multicast. Maybe with port-number and protocol (EST over IPv6 link-local ) as parameters so it's extensible. Why ? I don't want to make the proxy more attackable than it needs to be. Anything that it needs to respond to is something it can be attacked with. Unsolicited periodic link-local multicast that do not need/want any response are really hard to attack. I don't want the enrolling device to be more attackable than necessarily. Arguably such a greenfield device may be more attackable than a configured device. An unconfigured device that periodically broadcasts "hey, i am unconfigured and look for a proxy server" (especially when powered on in a non-AN enviroment) is the best victim ever to do a port-scan etc. pp. on (or just find the console interface). And just because a vendor has added autonomic networking doesn't mean he has now also fixed all security for all OS services many of which may not even be off by default but would likely be configured off by security sensitive operators. Sure, could an attacker find a greenfield device by also broadcasting the link-local "i am an AN-proxy" messages ? But now you have an active attacker. And for example, we could include in the periodic announcements a timestamp signed with the proxies domain certificate. Thats something the attacker can not fake. The greenfield device may not be able to figure out whose link-local multicast to trust, but the real an-proxy can listen to someone else multicasting itself as a proxy. And if thats not from another proxy in the same AN domain, then this could trigger an alert to ops (syslog or trap). And of course the greenfield device should not trust an L2 unicasted "i am proxy" message, because that might be a trick from an attacker to not be seen by a real proxy on the same (wired) LAN. So, i think we can use GARP DISCOVER for this periodic multicast, only that GARP DISCOVER really wants to see a GARP reply, but in our case we really just want the greenfield device to immediately connect to our EST TCP port, no need for any further chat before doing that. So thats where we'd need to have the discuss with GARP folks what they think. Also comparison with mDNS as we discussed it: - code size: We need GRASP for more functions in AN beside discovery, we do not need mDNS for anything in AN, so on IoT devices we would save code size. TBD: Size of an mDNS stack (note: We MAY want "normal" DNS, so the code size for mDNS may not be that large as a delta on top of "normal" DNS). - Number of packet exchanges (TBD: not clear how much this is a real problem, mDNS may optimize here): mDNS exchange is logical three step: PTR RR lookup -> SRV, TXT RR lookup, AAAA lookup - mDNS being a query/reply exchange wouldn't have the security properties i described above. Unless you abuse it and engineer an MDNS unsolicited announce periodically with all the four RRs included. And i guess one could define a TXT RR with the signed timestamp. Aka: I could probably do the same thing i was describing above also with mDNS. Not sure if mDNS people would like that... 2. If 1. failed: OPTIONAL Discovery of bootstrap proxy via L3 Does not need to be supported on all AN devices, but only those that want to be able to auto-bootstrap when connected to some "IP-network/Internet" connection. Would also like comments from Kent because his draft/use-cases will likely have a lot of overlap/opinions here. a) Try to get (routed) IPv6/IPv4 address. IPv4 by DHCP, IPv6 SLAAC and/or DHCP. b) If address via DHCP request DHCP option holding AN bootstrap parameter TBD: Option 124/125. Maybe Ralph Droms can quickly point to best practices from IETF standards perspective, else i need to dig more for what i've seen as best practices. c) If DHCP successfull, DHCP reply will provide IP/IPv6 address or domain-name of bootstrap proxy. Connect to it. This case will allow you to connect to a proxy in the customer network (aka: network that generates the DHCP reply). This option will not work when connecting to the Internet. d) If using SLAAC (IPv6): TBD. Need to ask IPv6 experts if IPv6 RA etc. can usefully provide add-on info like DHCP can (don't think so). e) If DHCP and/or SLAAC fail to find bootstrap proxy, use DNS: f) DHCP/SLAAC should have provided local . Look up autonomic-bootstrap-proxy. A/AAAA addresses (depending on whether device has IPv4 and/or IPv6 address from a). Connect to that IPv4/IPv6 address of bootstrap server. g) OPTIONAL: If f) has failed, create domain-name .. This connects to proxy in the internet operated by device vendor, which is the only option when connecting directly to the Internet, where no DHCP option is possible (from owner) and where you do not get a useful DNS prefix (but just DNS prefix from SP). Of course this only needs to be implemented if vendor is happy to operate (or outsource) such a proxy on the Internet. So it's even more optional then the whole L3 bootstrap option overall. Removed: I am somewhat a fan of link-local IPv4 (they're cute), but i really don't see a reason for them: The proxy also needs to support AN functions anyhow, so it will always be able to do IPv6. a) From nobody Thu Dec 3 20:27:32 2015 Return-Path: X-Original-To: anima-bootstrap@ietfa.amsl.com Delivered-To: anima-bootstrap@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 25E191B2D34 for ; Thu, 3 Dec 2015 20:27:32 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2 X-Spam-Level: X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3cppwRHYLhkv for ; Thu, 3 Dec 2015 20:27:30 -0800 (PST) Received: from mail-pa0-x231.google.com (mail-pa0-x231.google.com [IPv6:2607:f8b0:400e:c03::231]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D6C391B2D32 for ; Thu, 3 Dec 2015 20:27:30 -0800 (PST) Received: by pacwq6 with SMTP id wq6so3083927pac.1 for ; Thu, 03 Dec 2015 20:27:30 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=subject:to:references:from:organization:message-id:date:user-agent :mime-version:in-reply-to:content-type:content-transfer-encoding; bh=S07vnJC2iGKnPZTizPzuvz86rXHXjY249oAS1igCqM8=; b=kBefbDAWE0X+obsaB88fB+AasnrytC4OyEUiFd20qsAjZ8blc2msHhzhPnOShayXyk 7bQnSGttuvuY1W3aHiEhdY9o27USbqGGHYCmxIBcxolVcFZUfOkvO3z36ZBm820HzJH0 veze2XPKajqWXFvIyq+Hy1WoAoh8ljYYTrjZaadmQW2TZ5CpiP3SOUyZDzqS6xMn3Q7M h7XVBu+RI4wzHXbeNEDjMGHBZLqn78+vyrGZxDdXq+nMp2YsK7T1yXa0v/DLsCHj2pGy 8AUD5XDySrgqR54T7w5uVxuE3+P3uC/3lwR9lVvRvrfstTI78n4L9r5iz0qIX1pmzO5O JT6Q== X-Received: by 10.67.22.99 with SMTP id hr3mr18422642pad.10.1449203250497; Thu, 03 Dec 2015 20:27:30 -0800 (PST) Received: from ?IPv6:2406:e007:5307:1:28cc:dc4c:9703:6781? ([2406:e007:5307:1:28cc:dc4c:9703:6781]) by smtp.gmail.com with ESMTPSA id w8sm13710739pfi.41.2015.12.03.20.27.27 (version=TLSv1/SSLv3 cipher=OTHER); Thu, 03 Dec 2015 20:27:29 -0800 (PST) To: Toerless Eckert , anima-bootstrap@ietf.org References: <20151204014333.GZ29056@cisco.com> From: Brian E Carpenter Organization: University of Auckland Message-ID: <56611639.9060508@gmail.com> Date: Fri, 4 Dec 2015 17:27:37 +1300 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:38.0) Gecko/20100101 Thunderbird/38.4.0 MIME-Version: 1.0 In-Reply-To: <20151204014333.GZ29056@cisco.com> Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit Archived-At: Subject: Re: [Anima-bootstrap] anima-bootstrap: Bootstrap proxy discovery options X-BeenThere: anima-bootstrap@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Mailing list for the bootstrap design team of the ANIMA WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 04 Dec 2015 04:27:32 -0000 On 04/12/2015 14:43, Toerless Eckert wrote: ... > IMHO, i would let the proxy periodically (30 secs) just announce that its providing > AN enrollment proxy function via link-local IPv6 multicast. Here's the Python code to do that with my prototype: import grasp import time OK, nonce = grasp.register_asa("Boot") if not OK: #we've got a serious problem... raise RuntimeError("Can't register as ASA") obj = objective(0,":Boot") x = grasp.register_obj(nonce, obj) if not x == "OK": #we've got a different problem... raise RuntimeError(x) while True: grasp.discover(nonce, obj, 30000) What this does is register the caller as an ASA called "Boot" that handles the objective called ":Boot", and then LL multicast a discovery message every 30s. That will tell the others that it's there. It's running in another window as I type. I didn't write the handler code for the receiving end yet though, so I just get output like this twice a minute: CBOR->Python gives: [1, 1248700, b'$\x06\xe0\x07S\x07\x00\x01(\xcc\xdcL\x97\x03g\x81', ':Boot', 0, 6, 0] > Maybe with port-number > and protocol (EST over IPv6 link-local ) as parameters so it's extensible. If you want parameters, we'd need to use the (synch) flooding method instead. Maybe I'll write that code next week; it will be very similar to the discovery case. I don't think there are any real problems here. Python+CBOR is fun. Thanks, Toerless, for pushing the CBOR idea. Brian From nobody Fri Dec 4 15:44:58 2015 Return-Path: X-Original-To: anima-bootstrap@ietfa.amsl.com Delivered-To: anima-bootstrap@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1E1811A037E for ; Fri, 4 Dec 2015 15:44:57 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -13.911 X-Spam-Level: X-Spam-Status: No, score=-13.911 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, J_CHICKENPOX_64=0.6, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6n0my7bsK1rE for ; Fri, 4 Dec 2015 15:44:55 -0800 (PST) Received: from rcdn-iport-7.cisco.com (rcdn-iport-7.cisco.com [173.37.86.78]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 624A11A022C for ; Fri, 4 Dec 2015 15:44:55 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=3408; q=dns/txt; s=iport; t=1449272695; x=1450482295; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-id:content-transfer-encoding: mime-version; bh=EJtGxMx+wrFXtQnybTAnWMtz+pEvs7BhCKS0lza4EtU=; b=hiYM66Oo21Ngua5oFcsMtmbKqKoDSVag0YjbtB0xcL7yAXlQD+q1QvIT +ayCM3+59+RZvsZjT/u5ZVigJjcuEwzpo35Bd+21429k7DCdaqZdXhS7m Oo406BKRxiIDzmDM/EQ7cQv3C0HwznruoV6Rxw0Wt27A0EGxERF0yJ1VU 4=; X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0AAAgCgJGJW/5JdJa1dgzpTbga9PwENg?= =?us-ascii?q?W4XCoVtAhyBCzgUAQEBAQEBAYEKhDQBAQEDAQEBASAEDToLBQsCAQgYAgImAgI?= =?us-ascii?q?CHwYLFRACBA4FiBoDCggNrz6MCA2EWQEBAQEBAQEBAQEBAQEBAQEBAQEBARQEg?= =?us-ascii?q?QGHYoJuglOCBhiDBi+BFQWWYQGLRIF3lRSHWAEfAQFCghEdgVZyAYQkBj2BBwE?= =?us-ascii?q?BAQ?= X-IronPort-AV: E=Sophos;i="5.20,382,1444694400"; d="scan'208";a="50791262" Received: from rcdn-core-10.cisco.com ([173.37.93.146]) by rcdn-iport-7.cisco.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 04 Dec 2015 23:44:54 +0000 Received: from XCH-ALN-003.cisco.com (xch-aln-003.cisco.com [173.36.7.13]) by rcdn-core-10.cisco.com (8.14.5/8.14.5) with ESMTP id tB4NisuB003457 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Fri, 4 Dec 2015 23:44:54 GMT Received: from xch-aln-013.cisco.com (173.36.7.23) by XCH-ALN-003.cisco.com (173.36.7.13) with Microsoft SMTP Server (TLS) id 15.0.1104.5; Fri, 4 Dec 2015 17:44:53 -0600 Received: from xch-aln-013.cisco.com ([173.36.7.23]) by XCH-ALN-013.cisco.com ([173.36.7.23]) with mapi id 15.00.1104.000; Fri, 4 Dec 2015 17:44:53 -0600 From: "Max Pritikin (pritikin)" To: Brian E Carpenter Thread-Topic: [Anima-bootstrap] anima-bootstrap: Bootstrap proxy discovery options Thread-Index: AQHRLjUzUXhNiuqCZk29llWSg8eoaJ66oGCAgAFDVQA= Date: Fri, 4 Dec 2015 23:44:53 +0000 Message-ID: <29E5EEC1-9995-4137-B8BE-7E2103810CD9@cisco.com> References: <20151204014333.GZ29056@cisco.com> <56611639.9060508@gmail.com> In-Reply-To: <56611639.9060508@gmail.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ms-exchange-messagesentrepresentingtype: 1 x-ms-exchange-transport-fromentityheader: Hosted x-originating-ip: [10.99.106.4] Content-Type: text/plain; charset="utf-8" Content-ID: <748979C2AFA3A6408E2938F4C875C679@emea.cisco.com> Content-Transfer-Encoding: base64 MIME-Version: 1.0 Archived-At: Cc: "Toerless Eckert \(eckert\)" , "anima-bootstrap@ietf.org" Subject: Re: [Anima-bootstrap] anima-bootstrap: Bootstrap proxy discovery options X-BeenThere: anima-bootstrap@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Mailing list for the bootstrap design team of the ANIMA WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 04 Dec 2015 23:44:57 -0000 QnJpYW4sIA0KDQpBcmUgdGhlIHNlc3Npb24taWQgYW5kIHRoZSBub25jZSBlcXVpdmFsZW50Pw0K DQpXaHkgaXMgdGhlIDMwMDAwIGEgcGFyYW1ldGVyIHBhc3NlZCBpbnRvIHRoZSBpbnRvIHRoZSBn cmFzcC5kaXNjb3ZlciBjYWxsPyBUaGlzIGxvb2tzIGxpa2UgYSB0aW1lb3V0IGZvciBob3cgbG9u ZyB0byB3YWl0IGZvciBhIHJlc3BvbnNlIChHUkFTUF9ERUZfVElNRU9VVC8yKT8gSWYgc28gdGhp cyB3b3VsZCBwcm92aWRlIHRoZSAzMHMgYmVoYXZpb3IgYnV0IGlzIGxldmVyYWdpbmcgYSBzaWRl LWVmZmVjdCBkdWJpb3VzbHkuIFN1ZmZpY2llbnQgZm9yIFBvQzsgSeKAmW0ganVzdCBhc2tpbmcg dG8gdW5kZXJzdGFuZC4gDQoNClRvZXJsZXNz4oCZcyBzdWdnZXN0aW9uIGFwcGVhcnMgdG8gYmUg dG8gaW5jbHVkZSB0aGUg4oCcbG9jYXRvci1vcHRpb27igJ0gd2l0aGluIHRoZSBkaXNjb3ZlciBt ZXNzYWdlLiBEaWQgeW91IGluY2x1ZGUgdGhhdD8gQ3VycmVudGx5ICJsb2NhdG9yLW9wdGlvbuKA nSBpcyBub3QgcGFydCBvZiB0aGUgW2dyYXNwXSBzMy43LjIgRGlzY292ZXIgTWVzc2FnZS4gQXJl IHlvdSBjb21mb3J0YWJsZSBhZGRpbmcgdGhhdCBhcyBUb2VybGVzcyBhcmd1ZXMgZm9yPw0KDQot IG1heA0KDQo+IE9uIERlYyAzLCAyMDE1LCBhdCA5OjI3IFBNLCBCcmlhbiBFIENhcnBlbnRlciA8 YnJpYW4uZS5jYXJwZW50ZXJAZ21haWwuY29tPiB3cm90ZToNCj4gDQo+IE9uIDA0LzEyLzIwMTUg MTQ6NDMsIFRvZXJsZXNzIEVja2VydCB3cm90ZToNCj4gDQo+IC4uLg0KPj4gICBJTUhPLCBpIHdv dWxkIGxldCB0aGUgcHJveHkgcGVyaW9kaWNhbGx5ICgzMCBzZWNzKSBqdXN0IGFubm91bmNlIHRo YXQgaXRzIHByb3ZpZGluZw0KPj4gICBBTiBlbnJvbGxtZW50IHByb3h5IGZ1bmN0aW9uIHZpYSBs aW5rLWxvY2FsIElQdjYgbXVsdGljYXN0LiANCj4gDQo+IEhlcmUncyB0aGUgUHl0aG9uIGNvZGUg dG8gZG8gdGhhdCB3aXRoIG15IHByb3RvdHlwZToNCj4gDQo+IGltcG9ydCBncmFzcA0KPiBpbXBv cnQgdGltZQ0KPiANCj4gT0ssIG5vbmNlID0gZ3Jhc3AucmVnaXN0ZXJfYXNhKCJCb290IikNCj4g aWYgbm90IE9LOg0KPiAgICAjd2UndmUgZ290IGEgc2VyaW91cyBwcm9ibGVtLi4uDQo+ICAgIHJh aXNlIFJ1bnRpbWVFcnJvcigiQ2FuJ3QgcmVnaXN0ZXIgYXMgQVNBIikNCj4gDQo+IG9iaiA9IG9i amVjdGl2ZSgwLCI6Qm9vdCIpDQo+IHggPSBncmFzcC5yZWdpc3Rlcl9vYmoobm9uY2UsIG9iaikN Cj4gaWYgbm90IHggPT0gIk9LIjoNCj4gICAgI3dlJ3ZlIGdvdCBhIGRpZmZlcmVudCBwcm9ibGVt Li4uDQo+ICAgIHJhaXNlIFJ1bnRpbWVFcnJvcih4KQ0KPiANCj4gd2hpbGUgVHJ1ZToNCj4gICAg Z3Jhc3AuZGlzY292ZXIobm9uY2UsIG9iaiwgMzAwMDApDQo+IA0KPiBXaGF0IHRoaXMgZG9lcyBp cyByZWdpc3RlciB0aGUgY2FsbGVyIGFzIGFuIEFTQSBjYWxsZWQgIkJvb3QiIHRoYXQgaGFuZGxl cyB0aGUNCj4gb2JqZWN0aXZlIGNhbGxlZCAiOkJvb3QiLCBhbmQgdGhlbiBMTCBtdWx0aWNhc3Qg YSBkaXNjb3ZlcnkgbWVzc2FnZSBldmVyeQ0KPiAzMHMuIFRoYXQgd2lsbCB0ZWxsIHRoZSBvdGhl cnMgdGhhdCBpdCdzIHRoZXJlLiBJdCdzIHJ1bm5pbmcgaW4gYW5vdGhlciB3aW5kb3cNCj4gYXMg SSB0eXBlLiBJIGRpZG4ndCB3cml0ZSB0aGUgaGFuZGxlciBjb2RlIGZvciB0aGUgcmVjZWl2aW5n IGVuZCB5ZXQgdGhvdWdoLA0KPiBzbyBJIGp1c3QgZ2V0IG91dHB1dCBsaWtlIHRoaXMgdHdpY2Ug YSBtaW51dGU6DQo+IA0KPiBDQk9SLT5QeXRob24gZ2l2ZXM6ICBbMSwgMTI0ODcwMCwgYickXHgw Nlx4ZTBceDA3U1x4MDdceDAwXHgwMShceGNjXHhkY0xceDk3XHgwM2dceDgxJywgJzpCb290Jywg MCwgNiwgMF0NCj4gDQo+PiBNYXliZSB3aXRoIHBvcnQtbnVtYmVyDQo+PiAgIGFuZCBwcm90b2Nv bCAoRVNUIG92ZXIgSVB2NiBsaW5rLWxvY2FsICkgYXMgcGFyYW1ldGVycyBzbyBpdCdzIGV4dGVu c2libGUuDQo+IA0KPiBJZiB5b3Ugd2FudCBwYXJhbWV0ZXJzLCB3ZSdkIG5lZWQgdG8gdXNlIHRo ZSAoc3luY2gpIGZsb29kaW5nIG1ldGhvZA0KPiBpbnN0ZWFkLiBNYXliZSBJJ2xsIHdyaXRlIHRo YXQgY29kZSBuZXh0IHdlZWs7IGl0IHdpbGwgYmUgdmVyeSBzaW1pbGFyIHRvDQo+IHRoZSBkaXNj b3ZlcnkgY2FzZS4gSSBkb24ndCB0aGluayB0aGVyZSBhcmUgYW55IHJlYWwgcHJvYmxlbXMgaGVy ZS4NCj4gDQo+IFB5dGhvbitDQk9SIGlzIGZ1bi4gVGhhbmtzLCBUb2VybGVzcywgZm9yIHB1c2hp bmcgdGhlIENCT1IgaWRlYS4NCj4gDQo+ICAgQnJpYW4NCj4gDQo+IF9fX19fX19fX19fX19fX19f X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fDQo+IEFuaW1hLWJvb3RzdHJhcCBtYWlsaW5n IGxpc3QNCj4gQW5pbWEtYm9vdHN0cmFwQGlldGYub3JnDQo+IGh0dHBzOi8vd3d3LmlldGYub3Jn L21haWxtYW4vbGlzdGluZm8vYW5pbWEtYm9vdHN0cmFwDQoNCg== From nobody Fri Dec 4 16:06:31 2015 Return-Path: X-Original-To: anima-bootstrap@ietfa.amsl.com Delivered-To: anima-bootstrap@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3DD9F1B33F0 for ; Fri, 4 Dec 2015 16:06:30 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.4 X-Spam-Level: X-Spam-Status: No, score=-1.4 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, J_CHICKENPOX_64=0.6, SPF_PASS=-0.001] autolearn=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nWLhCTGz7eSq for ; Fri, 4 Dec 2015 16:06:28 -0800 (PST) Received: from mail-pf0-x22c.google.com (mail-pf0-x22c.google.com [IPv6:2607:f8b0:400e:c00::22c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A68E01B33EF for ; Fri, 4 Dec 2015 16:06:28 -0800 (PST) Received: by pfu207 with SMTP id 207so33408075pfu.2 for ; Fri, 04 Dec 2015 16:06:28 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=subject:to:references:cc:from:organization:message-id:date :user-agent:mime-version:in-reply-to:content-type :content-transfer-encoding; bh=oQg+vUAMkd5KtI+7m0NeO04yp5QeXdU5PizTCiqq5c0=; b=wUBm/XqelO+p6U260EmYHwdvzFAM2pe8fpHjcRfz3ieCuadryJE+V34/8EghuXSO0A 0sXGMxezv/F+mFvQOYpjJ/+kw6fjfRRbxOQ+csV456HzXH8HMxcjgaeaiF+2c6FFtKNC cCW2M0W1ND2ZUGRnSgZ+4KVCefNxoYrpKBL2Z1LEqULiMx+pEA8cmXFFqbLAk5jNp8AR /CZamd4W/R4Y4I2/Oyuj2QwZ54Cky8/XS/+CSFjP8EP7OJ2bUoxoN5aikKxDUgrkg0bp 8hsmeXJH21aMqHNf5/SwJd6kmamzrb8EG9KDEFOi4/sKvHXRuOewYa/Ujh2lbhYq5Q3B SMUQ== X-Received: by 10.98.10.2 with SMTP id s2mr25237065pfi.45.1449273988196; Fri, 04 Dec 2015 16:06:28 -0800 (PST) Received: from ?IPv6:2406:e007:74e1:1:28cc:dc4c:9703:6781? ([2406:e007:74e1:1:28cc:dc4c:9703:6781]) by smtp.gmail.com with ESMTPSA id uz4sm13132299pac.39.2015.12.04.16.06.24 (version=TLSv1/SSLv3 cipher=OTHER); Fri, 04 Dec 2015 16:06:26 -0800 (PST) To: "Max Pritikin (pritikin)" References: <20151204014333.GZ29056@cisco.com> <56611639.9060508@gmail.com> <29E5EEC1-9995-4137-B8BE-7E2103810CD9@cisco.com> From: Brian E Carpenter Organization: University of Auckland Message-ID: <56622A8C.2020106@gmail.com> Date: Sat, 5 Dec 2015 13:06:36 +1300 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:38.0) Gecko/20100101 Thunderbird/38.4.0 MIME-Version: 1.0 In-Reply-To: <29E5EEC1-9995-4137-B8BE-7E2103810CD9@cisco.com> Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Archived-At: Cc: "Toerless Eckert \(eckert\)" , "anima-bootstrap@ietf.org" Subject: Re: [Anima-bootstrap] anima-bootstrap: Bootstrap proxy discovery options X-BeenThere: anima-bootstrap@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Mailing list for the bootstrap design team of the ANIMA WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 05 Dec 2015 00:06:30 -0000 On 05/12/2015 12:44, Max Pritikin (pritikin) wrote: > Brian,=20 >=20 > Are the session-id and the nonce equivalent? Well, I made an implementation choice that when an ASA registers itself with GRASP it gets back a nonce, used to validate future calls, so that no other process can masquerade as the same ASA. And yes, I just re-used the existing Session ID mechanism to assign that nonce. However, each transaction that an ASA initiates will get its own Session ID. > Why is the 30000 a parameter passed into the into the grasp.discover ca= ll? This looks like a timeout for how long to wait for a response (GRASP_= DEF_TIMEOUT/2)? If so this would provide the 30s behavior but is leveragi= ng a side-effect dubiously. Sufficient for PoC; I=E2=80=99m just asking t= o understand. Correct. Again, it's just an implementation choice and I agree it's a bit= of a kludge. It could be done more elegantly. (Although I must say that t= he threading support in Python is a dream to use.) >=20 > Toerless=E2=80=99s suggestion appears to be to include the =E2=80=9Cloc= ator-option=E2=80=9D within the discover message. Did you include that? C= urrently "locator-option=E2=80=9D is not part of the [grasp] s3.7.2 Disco= ver Message. Are you comfortable adding that as Toerless argues for? It turns out that we have to do that anyway, for other reasons that Joel = Halpern pointed out (since Session IDs are unique per node, not network-wide). Th= at will be fixed in the next GRASP draft. But in any case, the recipient of a LL = multicast can know the source address (and interface #) even if they are not in the= payload. So this isn't a problem. However, I do think that the "announcement" nature of this is better suit= ed to the unsolicited flooding message than the Discovery message, because t= hen it's natural to include data in the message. Brian >=20 > - max >=20 >> On Dec 3, 2015, at 9:27 PM, Brian E Carpenter wrote: >> >> On 04/12/2015 14:43, Toerless Eckert wrote: >> >> ... >>> IMHO, i would let the proxy periodically (30 secs) just announce th= at its providing >>> AN enrollment proxy function via link-local IPv6 multicast.=20 >> >> Here's the Python code to do that with my prototype: >> >> import grasp >> import time >> >> OK, nonce =3D grasp.register_asa("Boot") >> if not OK: >> #we've got a serious problem... >> raise RuntimeError("Can't register as ASA") >> >> obj =3D objective(0,":Boot") >> x =3D grasp.register_obj(nonce, obj) >> if not x =3D=3D "OK": >> #we've got a different problem... >> raise RuntimeError(x) >> >> while True: >> grasp.discover(nonce, obj, 30000) >> >> What this does is register the caller as an ASA called "Boot" that han= dles the >> objective called ":Boot", and then LL multicast a discovery message ev= ery >> 30s. That will tell the others that it's there. It's running in anothe= r window >> as I type. I didn't write the handler code for the receiving end yet t= hough, >> so I just get output like this twice a minute: >> >> CBOR->Python gives: [1, 1248700, b'$\x06\xe0\x07S\x07\x00\x01(\xcc\xd= cL\x97\x03g\x81', ':Boot', 0, 6, 0] >> >>> Maybe with port-number >>> and protocol (EST over IPv6 link-local ) as parameters so it's exte= nsible. >> >> If you want parameters, we'd need to use the (synch) flooding method >> instead. Maybe I'll write that code next week; it will be very similar= to >> the discovery case. I don't think there are any real problems here. >> >> Python+CBOR is fun. Thanks, Toerless, for pushing the CBOR idea. >> >> Brian >> >> _______________________________________________ >> Anima-bootstrap mailing list >> Anima-bootstrap@ietf.org >> https://www.ietf.org/mailman/listinfo/anima-bootstrap >=20 From nobody Fri Dec 4 16:18:44 2015 Return-Path: X-Original-To: anima-bootstrap@ietfa.amsl.com Delivered-To: anima-bootstrap@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 87DB81B340E for ; Fri, 4 Dec 2015 16:18:43 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.654 X-Spam-Level: X-Spam-Status: No, score=-1.654 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FR_ALMOST_VIAG2=10.357, MANGLED_VIAGRA=2.5, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, USER_IN_DEF_DKIM_WL=-7.5] autolearn=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MKLZAVoUQy-e for ; Fri, 4 Dec 2015 16:18:41 -0800 (PST) Received: from rcdn-iport-8.cisco.com (rcdn-iport-8.cisco.com [173.37.86.79]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 40BAB1B340A for ; Fri, 4 Dec 2015 16:18:41 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=12854; q=dns/txt; s=iport; t=1449274721; x=1450484321; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-id:content-transfer-encoding: mime-version; bh=9sduVjyY+oYowLDChaJZW/tHYC5P8ioRIVX988H9iME=; b=CZShbld8hIcKLwVj6DC+lIJsUAnqbEH9TTvGhW66rO1BC61fnGnlLDw+ NvlbmjcR3Ibml7RfA5JXDRMmCk1JRdAxiROT2cx5yy9wM6bumxrbJdiZJ NoDYp/3nNx+OvJJwXQq09sdrohIMeGISaWZo3Liov3GejVAEunSSPrdda I=; X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0AwAgBeLGJW/5tdJa1egzpTXw8GhCW5G?= =?us-ascii?q?gENgW4XCoVtAhyBCzgUAQEBAQEBAYEKhDQBAQEDAQEBASAEDTcDCwULAgEIGAI?= =?us-ascii?q?CJgICAiULFRACBA4FG4gMCA2vVJBtAQEBAQEBAQEBAQEBAQEBAQEBAQEBFASBA?= =?us-ascii?q?Ydigm6EQheDHi+BFQWHTIVdgTOIBQGNO4FblyCDcQEfAQFChARyhGiBBwEBAQ?= X-IronPort-AV: E=Sophos;i="5.20,382,1444694400"; d="scan'208";a="50896036" Received: from rcdn-core-4.cisco.com ([173.37.93.155]) by rcdn-iport-8.cisco.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 05 Dec 2015 00:18:40 +0000 Received: from XCH-RCD-005.cisco.com (xch-rcd-005.cisco.com [173.37.102.15]) by rcdn-core-4.cisco.com (8.14.5/8.14.5) with ESMTP id tB50Idg4022071 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL) for ; Sat, 5 Dec 2015 00:18:40 GMT Received: from xch-aln-013.cisco.com (173.36.7.23) by XCH-RCD-005.cisco.com (173.37.102.15) with Microsoft SMTP Server (TLS) id 15.0.1104.5; Fri, 4 Dec 2015 18:18:39 -0600 Received: from xch-aln-013.cisco.com ([173.36.7.23]) by XCH-ALN-013.cisco.com ([173.36.7.23]) with mapi id 15.00.1104.000; Fri, 4 Dec 2015 18:18:39 -0600 From: "Max Pritikin (pritikin)" To: "Toerless Eckert (eckert)" Thread-Topic: [Anima-bootstrap] anima-bootstrap: Bootstrap proxy discovery options Thread-Index: AQHRLjUzUXhNiuqCZk29llWSg8eoaJ677SQA Date: Sat, 5 Dec 2015 00:18:39 +0000 Message-ID: References: <20151204014333.GZ29056@cisco.com> In-Reply-To: <20151204014333.GZ29056@cisco.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ms-exchange-messagesentrepresentingtype: 1 x-ms-exchange-transport-fromentityheader: Hosted x-originating-ip: [10.99.106.4] Content-Type: text/plain; charset="utf-8" Content-ID: <47429A22057B8F4E8C19D771367CF58D@emea.cisco.com> Content-Transfer-Encoding: base64 MIME-Version: 1.0 Archived-At: Cc: "anima-bootstrap@ietf.org" Subject: Re: [Anima-bootstrap] anima-bootstrap: Bootstrap proxy discovery options X-BeenThere: anima-bootstrap@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Mailing list for the bootstrap design team of the ANIMA WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 05 Dec 2015 00:18:43 -0000 VG9lcmxlc3MsIEkgc3VnZ2VzdCBicmVha2luZyB0aGlzIHRocmVhZCBpbnRvIHR3by4gSeKAmW0g b25seSByZXNwb25kaW5nIHRvIHRoZSBmaXJzdCBoYWxmIG9mIHlvdXIgbXNnIGJlbG93LA0KDQo+ IE9uIERlYyAzLCAyMDE1LCBhdCA2OjQzIFBNLCBUb2VybGVzcyBFY2tlcnQgKGVja2VydCkgPGVj a2VydEBjaXNjby5jb20+IHdyb3RlOg0KPiANCj4gQXMgcHJvbWlzZWQgZHVyaW5nIGNhbGw6IA0K PiANCj4gUHJvcG9zZWQgRGlzY292ZXJ5IHBoYXNlIGZvciBBTi1Cb290c3RyYXA6DQo+IA0KPiAx LiBNYW5kYXRvcnk6IERpc2NvdmVyeSBvZiBib290c3RyYXAtcHJveHkgbGluay1sb2NhbA0KPiAN Cj4gICBJIHRoaW5rIHRoaXMgc2hvdWxkIGJlIHZpYSBHUkFTUCwgYnV0IEdSQVNQIG1heSBub3Qg d2FudCB0byBwcm92aWRlIHdoYXQgaSB0aGluayBpcw0KPiAgIGJlc3QsIHNvIGxldCBtZSBtYXli ZSBmaXJzdCBkZXNjcmliZSB3aGF0IGkgdGhpbmsgaXMgYmVzdCwgaW5kZXBlbmRlbnQNCj4gICBv ZiB3aGF0IHByb3RvY29sIHdlIHVzZSBhbmQgc29saWNpdCBmZWVkYmFjayBvbiBpdCBhbmQgdGhl biB3ZSBjYW4gZGlzY3Vzcw0KPiAgIHdpdGggR1JBUCBpZi9ob3cgdG8gZml0IGl0IHRoZXJlOg0K PiANCj4gICBJTUhPLCBpIHdvdWxkIGxldCB0aGUgcHJveHkgcGVyaW9kaWNhbGx5ICgzMCBzZWNz KQ0KDQpJcyBpdCBhY2NlcHRhYmxlIHRoYXQgYSBuZXcgZGV2aWNlIHNpdHMgZm9yIDMwcyBiZWZv cmUgam9pbmluZz8gU2hvdWxkIHRoaXMgYmUgc2hvcnRlcj8gTG9uZ2VyPyBXaGF0IGNyaXRlcmlh IGRvIHdlIHVzZSB0byBjaG9vc2UgKHNlZSBiZWxvdyBiZWZvcmUgYW5zd2VyaW5nKS4gDQoNCj4g anVzdCBhbm5vdW5jZSB0aGF0IGl0cyBwcm92aWRpbmcNCj4gICBBTiBlbnJvbGxtZW50IHByb3h5 IGZ1bmN0aW9uIHZpYSBsaW5rLWxvY2FsIElQdjYgbXVsdGljYXN0LiBNYXliZSB3aXRoIHBvcnQt bnVtYmVyDQo+ICAgYW5kIHByb3RvY29sIChFU1Qgb3ZlciBJUHY2IGxpbmstbG9jYWwgKSBhcyBw YXJhbWV0ZXJzIHNvIGl0J3MgZXh0ZW5zaWJsZS4NCj4gDQo+ICAgV2h5ID8NCj4gDQo+ICAgSSBk b24ndCB3YW50IHRvIG1ha2UgdGhlIHByb3h5IG1vcmUgYXR0YWNrYWJsZSB0aGFuIGl0IG5lZWRz IHRvIGJlLiBBbnl0aGluZw0KPiAgIHRoYXQgaXQgbmVlZHMgdG8gcmVzcG9uZCB0byBpcyBzb21l dGhpbmcgaXQgY2FuIGJlIGF0dGFja2VkIHdpdGguIFVuc29saWNpdGVkDQo+ICAgcGVyaW9kaWMg bGluay1sb2NhbCBtdWx0aWNhc3QgdGhhdCBkbyBub3QgbmVlZC93YW50IGFueSByZXNwb25zZSBh cmUgcmVhbGx5IGhhcmQgdG8gYXR0YWNrLg0KPiANCj4gICBJIGRvbid0IHdhbnQgdGhlIGVucm9s bGluZyBkZXZpY2UgdG8gYmUgbW9yZSBhdHRhY2thYmxlIHRoYW4gbmVjZXNzYXJpbHkuDQo+ICAg QXJndWFibHkgc3VjaCBhIGdyZWVuZmllbGQgZGV2aWNlIG1heSBiZSBtb3JlIGF0dGFja2FibGUg dGhhbiBhIGNvbmZpZ3VyZWQNCj4gICBkZXZpY2UuIEFuIHVuY29uZmlndXJlZCBkZXZpY2UgdGhh dCBwZXJpb2RpY2FsbHkgYnJvYWRjYXN0cyAiaGV5LCBpIGFtIHVuY29uZmlndXJlZA0KPiAgIGFu ZCBsb29rIGZvciBhIHByb3h5IHNlcnZlciIgKGVzcGVjaWFsbHkgd2hlbiBwb3dlcmVkIG9uIGlu IGEgbm9uLUFOIGVudmlyb21lbnQpDQo+ICAgaXMgdGhlIGJlc3QgdmljdGltIGV2ZXIgdG8gZG8g YSBwb3J0LXNjYW4gZXRjLiBwcC4gIG9uIChvciBqdXN0IGZpbmQgdGhlIGNvbnNvbGUNCj4gICBp bnRlcmZhY2UpLiBBbmQganVzdCBiZWNhdXNlIGEgdmVuZG9yIGhhcyBhZGRlZCBhdXRvbm9taWMg bmV0d29ya2luZyBkb2Vzbid0IG1lYW4NCj4gICBoZSBoYXMgbm93IGFsc28gZml4ZWQgYWxsIHNl Y3VyaXR5IGZvciBhbGwgT1Mgc2VydmljZXMgbWFueSBvZiB3aGljaCBtYXkgbm90IGV2ZW4gYmUN Cj4gICBvZmYgYnkgZGVmYXVsdCBidXQgd291bGQgbGlrZWx5IGJlIGNvbmZpZ3VyZWQgb2ZmIGJ5 IHNlY3VyaXR5IHNlbnNpdGl2ZSBvcGVyYXRvcnMuIA0KPiANCj4gICBTdXJlLCBjb3VsZCBhbiBh dHRhY2tlciBmaW5kIGEgZ3JlZW5maWVsZCBkZXZpY2UgYnkgYWxzbyBicm9hZGNhc3RpbmcgdGhl DQo+ICAgbGluay1sb2NhbCAiaSBhbSBhbiBBTi1wcm94eSIgbWVzc2FnZXMgPyBCdXQgbm93IHlv dSBoYXZlIGFuIGFjdGl2ZSBhdHRhY2tlci4NCj4gICBBbmQgZm9yIGV4YW1wbGUsIHdlIGNvdWxk IGluY2x1ZGUgaW4gdGhlIHBlcmlvZGljIGFubm91bmNlbWVudHMgYSB0aW1lc3RhbXANCj4gICBz aWduZWQgd2l0aCB0aGUgcHJveGllcyBkb21haW4gY2VydGlmaWNhdGUuIFRoYXRzIHNvbWV0aGlu ZyB0aGUgYXR0YWNrZXINCj4gICBjYW4gbm90IGZha2UuIFRoZSBncmVlbmZpZWxkIGRldmljZSBt YXkgbm90IGJlIGFibGUgdG8gZmlndXJlIG91dA0KPiAgIHdob3NlIGxpbmstbG9jYWwgbXVsdGlj YXN0IHRvIHRydXN0LCBidXQgdGhlIHJlYWwgYW4tcHJveHkgY2FuIGxpc3RlbiB0byBzb21lb25l DQo+ICAgZWxzZSBtdWx0aWNhc3RpbmcgaXRzZWxmIGFzIGEgcHJveHkuIEFuZCBpZiB0aGF0cyBu b3QgZnJvbSBhbm90aGVyIHByb3h5IGluIHRoZQ0KPiAgIHNhbWUgQU4gZG9tYWluLCB0aGVuIHRo aXMgY291bGQgdHJpZ2dlciBhbiBhbGVydCB0byBvcHMgKHN5c2xvZyBvciB0cmFwKS4NCj4gICBB bmQgb2YgY291cnNlIHRoZSBncmVlbmZpZWxkIGRldmljZSBzaG91bGQgbm90IHRydXN0IGFuIEwy IHVuaWNhc3RlZCAiaSBhbSBwcm94eSINCj4gICBtZXNzYWdlLCBiZWNhdXNlIHRoYXQgbWlnaHQg YmUgYSB0cmljayBmcm9tIGFuIGF0dGFja2VyIHRvIG5vdCBiZSBzZWVuIGJ5IGEgcmVhbCBwcm94 eQ0KPiAgIG9uIHRoZSBzYW1lICh3aXJlZCkgTEFOLg0KDQpUaGlzIGlzIGEgc29saWQgYXJndW1l bnQgaW4gZmF2b3Igb2YgY2FzdGluZyB0aGUgQU4gbmV3IGRldmljZSBhcyB0aGUg4oCccmVzcG9u ZGVy4oCdIGZvciB0aGUgcHJvdG9jb2wgZXhjaGFuZ2UuIA0KDQo+IA0KPiAgIFNvLCBpIHRoaW5r IHdlIGNhbiB1c2UgR0FSUCBESVNDT1ZFUiBmb3IgdGhpcyBwZXJpb2RpYyBtdWx0aWNhc3QsDQoN Ck11bHRpY2FzdCBETlMgc3VwcG9ydHMgbXVsdGljYXN0IOKAnHVuc29saWNpdGVk4oCdIHJlc3Bv bnNlcyBhbmQgYWxzbyBzcGVjaWZpY2FsbHkgc3RhdGVzIHRoYXQgcGVlcnMgY2FjaGUgdGhlc2Uu IFNvIHRoZSBiYXNpYyBiZWhhdmlvciB5b3UgYXJlIHJlcXVlc3RpbmcgaXMgZnVuZGFtZW50YWxs eSBhdmFpbGFibGUgZnJvbSBtRE5TIGFzIHdlbGwuIFRoaXMgaXMgYSBkZXNpZ24gY2hvaWNlIGZv ciBBbmltYSBidXQgSSBkb2VzbuKAmXQgc2VlbSB0byBkcmFtYXRpY2FsbHkgaW1wYWN0IG91ciBj aG9pY2Ugb2YgZGlzY292ZXJ5IHByb3RvY29scy4NCg0KSSBkbyBub3RlIHRoYXQgbUROUyBzOC4z IGluZGljYXRlcyB0aGF0Og0KIiAgQSBNdWx0aWNhc3QgRE5TIHJlc3BvbmRlciBNVVNUIE5PVCBz ZW5kIGFubm91bmNlbWVudHMgaW4gdGhlIGFic2VuY2UNCiAgIG9mIGluZm9ybWF0aW9uIHRoYXQg aXRzIG5ldHdvcmsgY29ubmVjdGl2aXR5IG1heSBoYXZlIGNoYW5nZWQgaW4gc29tZQ0KICAgcmVs ZXZhbnQgd2F5LiAgSW4gcGFydGljdWxhciwgYSBNdWx0aWNhc3QgRE5TIHJlc3BvbmRlciBNVVNU IE5PVCBzZW5kDQogICByZWd1bGFyIHBlcmlvZGljIGFubm91bmNlbWVudHMgYXMgYSBtYXR0ZXIg b2YgY291cnNlLuKAnQ0KSXQgd291bGQgYmUgaW50ZXJlc3RpbmcgdG8gdW5kZXJzdGFuZCB3aHkg dGhleSBmZWx0IGEgbmVlZCB0byBwcm9oaWJpdCB0aGUgdHlwZSBvZiBiZWhhdmlvciB5b3XigJly ZSBsb29raW5nIGZvci4gUGVyaGFwcyB0aGVpciBjb25jZXJucyBoZXJlIGltcGFjdCB0aGUgY2hv aWNlIG9mIDMwcyBhcmJpdHJhcmlseSBtYWRlIGFib3ZlLiANCg0KPiBvbmx5IHRoYXQNCj4gICBH QVJQIERJU0NPVkVSIHJlYWxseSB3YW50cyB0byBzZWUgYSBHQVJQIHJlcGx5LCBidXQgaW4gb3Vy IGNhc2Ugd2UgcmVhbGx5DQo+ICAganVzdCB3YW50IHRoZSBncmVlbmZpZWxkIGRldmljZSB0byBp bW1lZGlhdGVseSBjb25uZWN0IHRvIG91ciBFU1QgVENQIHBvcnQsDQo+ICAgbm8gbmVlZCBmb3Ig YW55IGZ1cnRoZXIgY2hhdCBiZWZvcmUgZG9pbmcgdGhhdC4gU28gdGhhdHMgd2hlcmUgd2UnZCBu ZWVkIHRvIGhhdmUNCj4gICB0aGUgZGlzY3VzcyB3aXRoIEdBUlAgZm9sa3Mgd2hhdCB0aGV5IHRo aW5rLiANCj4gDQo+ICAgQWxzbyBjb21wYXJpc29uIHdpdGggbUROUyBhcyB3ZSBkaXNjdXNzZWQg aXQ6DQo+ICAgICAtIGNvZGUgc2l6ZTogV2UgbmVlZCBHUkFTUCBmb3IgbW9yZSBmdW5jdGlvbnMg aW4gQU4gYmVzaWRlIGRpc2NvdmVyeSwNCj4gICAgICAgd2UgZG8gbm90IG5lZWQgbUROUyBmb3Ig YW55dGhpbmcgaW4gQU4sIHNvIG9uIElvVCBkZXZpY2VzIHdlIHdvdWxkIHNhdmUNCj4gICAgICAg Y29kZSBzaXplLiBUQkQ6IFNpemUgb2YgYW4gbUROUyBzdGFjayAobm90ZTogV2UgTUFZIHdhbnQg Im5vcm1hbCIgRE5TLA0KPiAgICAgICBzbyB0aGUgY29kZSBzaXplIGZvciBtRE5TIG1heSBub3Qg YmUgdGhhdCBsYXJnZSBhcyBhIGRlbHRhIG9uIHRvcCBvZg0KPiAgICAgICAibm9ybWFsIiBETlMp Lg0KDQpUaGlzIGlzIHdoZXJlIHRoZSByZWFsIHZhbHVlL2RpZmZlcmVuY2UgZGlzY3Vzc2lvbiBj b21lcyBpbi4gSSBndWVzcyB3ZSBjb3VsZCBidWlsZCBhbiBhdmFoaSBsaWJyYXJ5IGFuZCBzZWUg aG93IG11Y2ggdGhlIGVudGlyZSB0aGluZyB0YWtlcyBvciBob3cgYmlnIHBpZWNlcyBvZiBpdCBh cmUuIA0KDQo+ICAgICAtIE51bWJlciBvZiBwYWNrZXQgZXhjaGFuZ2VzIChUQkQ6IG5vdCBjbGVh ciBob3cgbXVjaCB0aGlzIGlzIGEgcmVhbA0KPiAgICAgICBwcm9ibGVtLCBtRE5TIG1heSBvcHRp bWl6ZSBoZXJlKTogbUROUyBleGNoYW5nZSBpcyBsb2dpY2FsIHRocmVlIHN0ZXA6DQo+ICAgICAg IFBUUiBSUiBsb29rdXAgLT4gU1JWLCBUWFQgUlIgbG9va3VwLCBBQUFBIGxvb2t1cA0KPiAgICAg LSBtRE5TIGJlaW5nIGEgcXVlcnkvcmVwbHkgZXhjaGFuZ2Ugd291bGRuJ3QgaGF2ZSB0aGUgc2Vj dXJpdHkgcHJvcGVydGllcw0KPiAgICAgICBpIGRlc2NyaWJlZCBhYm92ZS4gVW5sZXNzIHlvdSBh YnVzZSBpdCBhbmQgZW5naW5lZXIgYW4gTUROUyB1bnNvbGljaXRlZA0KPiAgICAgICBhbm5vdW5j ZSBwZXJpb2RpY2FsbHkgd2l0aCBhbGwgdGhlIGZvdXIgUlJzIGluY2x1ZGVkLg0KDQpBcyBub3Rl ZCBhYm92ZSB0aGlzIGRvZXNu4oCZdCBsb29rIHByb2JsZW1hdGljLiBUaGUgcmVhbCBpc3N1ZSBp cyB0aGF0IHRoZXkgZm91bmQgaXQgaW1wb3J0YW50IHRvIHByb2hpYml0IHRoaXMgdHlwZSBvZiBi ZWhhdmlvciBhbmQgd2Ugc2hvdWxkIHVuZGVyc3RhbmQgd2h5IGJlZm9yZSBhZG9wdGluZyB5b3Vy IHByb3Bvc2VkIGluaXRpYXRvciBtb2RlbC4gDQoNCj4gQW5kIGkgZ3Vlc3MNCj4gICAgICAgb25l IGNvdWxkIGRlZmluZSBhIFRYVCBSUiB3aXRoIHRoZSBzaWduZWQgdGltZXN0YW1wLiBBa2E6IEkg Y291bGQgcHJvYmFibHkNCj4gICAgICAgZG8gdGhlIHNhbWUgdGhpbmcgaSB3YXMgZGVzY3JpYmlu ZyBhYm92ZSBhbHNvIHdpdGggbUROUy4gTm90IHN1cmUgaWYNCj4gICAgICAgbUROUyBwZW9wbGUg d291bGQgbGlrZSB0aGF04oCmDQoNCkZvciBhIEROUyBiYXNlZCBzb2x1dGlvbiBJIGd1ZXNzIERO U3NlYyBpbnRlZ3JhdGlvbiB3b3VsZCBiZSBsb2dpY2FsLiBJ4oCZbSBub3Qgc3VyZSBJIGxpa2Ug YW55IGFwcHJvYWNoIHdoZXJlIHdlIHRyeSB0byBjcmFtIHNlY3VyaXR5IGludG8gdGhlIGRpc2Nv dmVyeSBwcm90b2NvbCDigJQgdGhlIHRydXRoIGlzIHRoYXQgd2UgZG9u4oCZdCBoYXZlIHN1ZmZp Y2llbnQgaW5mb3JtYXRpb24gdG8gdHJ1c3QgY3J5cHRvIG1ldGhvZHMgaW4gdGhlIHJlc3BvbnNl L2Jyb2FkY2FzdCBpbmZvcm1hdGlvbiB1bnRpbCBhZnRlciB3ZSBjb21wbGV0ZSBib290c3RyYXBw aW5nIGF0IHdoaWNoIHBvaW50IGl0cyByZWxhdGl2ZWx5IG1vb3QuIEluc3RlYWQgd2UgY2FuIGN1 dCB0byB0aGUgaGVhcnQgb2YgeW91ciBzZWN1cml0eSB2YWx1ZSBieSB0cmFja2luZyAibG9jYXRv ci1vcHRpb27igJ0gaW5mb3JtYXRpb24gc2VlbiBhbmQgZnJlYWtpbmcgb3V0IGlmIGFuIHVuZXhw ZWN0ZWQgb25lIHdhcyBzZWVuIChhc3N1bWluZyBHUkFTUCkuIA0KDQpNb3JlIGJyb2FkbHk6IA0K DQpJbiByZXR1cm4gSSB3b3JyeSBhYm91dCBmb3JjaW5nIEdSQVNQIHRvIGJlIHVzZWQgZm9yIGFu eSBib290c3RyYXBwaW5nLiBZZXMsIEkgcmVjb2duaXplIHRoaXMgaXMgcmVhc29uYWJsZSBmb3Ig QW5pbWEgYnV0IGl0cyBzdGlsbCBhIHZhbGlkIGNvbmNlcm4gYXMgZG9pbmcgc28gcmVhbGx5IHRp ZXMgYm9vdHN0cmFwcGluZyB0byBhbmltYSB3aGVuIGl0IGRvZXNu4oCZdCBuZWVkIHRvIGJlLg0K DQpJ4oCZbSBhbHNvIHdvcnJpZWQgdGhhdCBHUkFTUCBpbXBsZW1lbnRhdGlvbnMgYXNzdW1lIGEg c2VjdXJlIHRyYW5zcG9ydCBsYXRlciB2aWEgQUNQIG9yIFRMUyBhbmQgZG9u4oCZdCBmaW5kIHRo ZSBjdXJyZW50IGxhbmd1YWdlIGluIHMzLjMuMSBhbmQgczMuMy4yIHRvIGJlIHZlcnkgY2xlYXIg YWJvdXQgd2hhdCBoYXBwZW5zIHdoZW4gdGhlc2UgYXJlIG5vdCB1c2VkLiBJIHByZWZlciBhbiBh cHByb2FjaCB3aGVyZSB3ZSBjYW4gY2xlYXJseSBwcm92aWRlIGEgYnJpZ2h0IGxpbmUgYW5kIHN0 YXRlIHRoYXQg4oCcdGhpcyBleGNoYW5nZSBpcyBub3Qgc2VjdXJl4oCdLiBSdW5uaW5nIEdyYXNw IGluIGJvdGggbW9kZXMgaXMgdW5jbGVhciBhbmQgY29uZnVzaW5nLg0KDQotIG1heA0KDQo+IA0K PiAyLiBJZiAxLiBmYWlsZWQ6ICBPUFRJT05BTCBEaXNjb3Zlcnkgb2YgYm9vdHN0cmFwIHByb3h5 IHZpYSBMMw0KPiANCj4gICBEb2VzIG5vdCBuZWVkIHRvIGJlIHN1cHBvcnRlZCBvbiBhbGwgQU4g ZGV2aWNlcywgYnV0IG9ubHkgdGhvc2UgdGhhdA0KPiAgIHdhbnQgdG8gYmUgYWJsZSB0byBhdXRv LWJvb3RzdHJhcCB3aGVuIGNvbm5lY3RlZCB0byBzb21lICJJUC1uZXR3b3JrL0ludGVybmV0Ig0K PiAgIGNvbm5lY3Rpb24uIFdvdWxkIGFsc28gbGlrZSBjb21tZW50cyBmcm9tIEtlbnQgYmVjYXVz ZSBoaXMgZHJhZnQvdXNlLWNhc2VzDQo+ICAgd2lsbCBsaWtlbHkgaGF2ZSBhIGxvdCBvZiBvdmVy bGFwL29waW5pb25zIGhlcmUuDQo+IA0KPiAgIGEpIFRyeSB0byBnZXQgKHJvdXRlZCkgSVB2Ni9J UHY0IGFkZHJlc3MuIElQdjQgYnkgREhDUCwgSVB2NiBTTEFBQyBhbmQvb3IgREhDUC4NCj4gDQo+ ICAgYikgSWYgYWRkcmVzcyB2aWEgREhDUCByZXF1ZXN0IERIQ1Agb3B0aW9uIGhvbGRpbmcgQU4g Ym9vdHN0cmFwIHBhcmFtZXRlcg0KPiAgICAgIFRCRDogT3B0aW9uIDEyNC8xMjUuIE1heWJlIFJh bHBoIERyb21zIGNhbiBxdWlja2x5IHBvaW50IHRvIGJlc3QgcHJhY3RpY2VzDQo+ICAgICAgZnJv bSBJRVRGIHN0YW5kYXJkcyBwZXJzcGVjdGl2ZSwgZWxzZSBpIG5lZWQgdG8gZGlnIG1vcmUgZm9y IHdoYXQgaSd2ZSBzZWVuDQo+ICAgICAgYXMgYmVzdCBwcmFjdGljZXMuDQo+IA0KPiAgIGMpIElm IERIQ1Agc3VjY2Vzc2Z1bGwsIERIQ1AgcmVwbHkgd2lsbCBwcm92aWRlIElQL0lQdjYgYWRkcmVz cyBvciBkb21haW4tbmFtZQ0KPiAgICAgIG9mIGJvb3RzdHJhcCBwcm94eS4gQ29ubmVjdCB0byBp dC4NCj4gDQo+ICAgICAgVGhpcyBjYXNlIHdpbGwgYWxsb3cgeW91IHRvIGNvbm5lY3QgdG8gYSBw cm94eSBpbiB0aGUgY3VzdG9tZXIgbmV0d29yaw0KPiAgICAgIChha2E6IG5ldHdvcmsgdGhhdCBn ZW5lcmF0ZXMgdGhlIERIQ1AgcmVwbHkpLiBUaGlzIG9wdGlvbiB3aWxsIG5vdCB3b3JrDQo+ICAg ICAgd2hlbiBjb25uZWN0aW5nIHRvIHRoZSBJbnRlcm5ldC4NCj4gDQo+ICAgZCkgSWYgdXNpbmcg U0xBQUMgKElQdjYpOiBUQkQuIE5lZWQgdG8gYXNrIElQdjYgZXhwZXJ0cyBpZiBJUHY2IFJBIGV0 Yy4gDQo+ICAgICAgY2FuIHVzZWZ1bGx5IHByb3ZpZGUgYWRkLW9uIGluZm8gbGlrZSBESENQIGNh biAoZG9uJ3QgdGhpbmsgc28pLg0KPiANCj4gICBlKSBJZiBESENQIGFuZC9vciBTTEFBQyBmYWls IHRvIGZpbmQgYm9vdHN0cmFwIHByb3h5LCB1c2UgRE5TOg0KPiANCj4gICBmKSBESENQL1NMQUFD IHNob3VsZCBoYXZlIHByb3ZpZGVkIGxvY2FsIDxkb21haW4+Lg0KPiAgICAgIExvb2sgdXAgYXV0 b25vbWljLWJvb3RzdHJhcC1wcm94eS48ZG9tYWluPiBBL0FBQUEgYWRkcmVzc2VzIChkZXBlbmRp bmcNCj4gICAgICBvbiB3aGV0aGVyIGRldmljZSBoYXMgSVB2NCBhbmQvb3IgSVB2NiBhZGRyZXNz IGZyb20gYSkuIENvbm5lY3QgdG8NCj4gICAgICB0aGF0IElQdjQvSVB2NiBhZGRyZXNzIG9mIGJv b3RzdHJhcCBzZXJ2ZXIuDQo+IA0KPiAgIGcpIE9QVElPTkFMOg0KPiAgICAgIElmIGYpIGhhcyBm YWlsZWQsIGNyZWF0ZSBkb21haW4tbmFtZSA8bmFtZT4uPHZlbmRvcj4uDQo+IA0KPiAgICAgIFRo aXMgY29ubmVjdHMgdG8gcHJveHkgaW4gdGhlIGludGVybmV0IG9wZXJhdGVkIGJ5IGRldmljZSB2 ZW5kb3IsDQo+ICAgICAgd2hpY2ggaXMgdGhlIG9ubHkgb3B0aW9uIHdoZW4gY29ubmVjdGluZyBk aXJlY3RseSB0byB0aGUgSW50ZXJuZXQsDQo+ICAgICAgd2hlcmUgbm8gREhDUCBvcHRpb24gaXMg cG9zc2libGUgKGZyb20gb3duZXIpIGFuZCB3aGVyZSB5b3UgZG8gbm90DQo+ICAgICAgZ2V0IGEg dXNlZnVsIEROUyBwcmVmaXggKGJ1dCBqdXN0IEROUyBwcmVmaXggZnJvbSBTUCkuDQo+IA0KPiAg ICAgIE9mIGNvdXJzZSB0aGlzIG9ubHkgbmVlZHMgdG8gYmUgaW1wbGVtZW50ZWQgaWYgdmVuZG9y IGlzIGhhcHB5IHRvIA0KPiAgICAgIG9wZXJhdGUgKG9yIG91dHNvdXJjZSkgc3VjaCBhIHByb3h5 IG9uIHRoZSBJbnRlcm5ldC4gU28gaXQncyBldmVuIG1vcmUgb3B0aW9uYWwNCj4gICAgICB0aGVu IHRoZSB3aG9sZSBMMyBib290c3RyYXAgb3B0aW9uIG92ZXJhbGwuDQo+IA0KPiBSZW1vdmVkOiBJ IGFtIHNvbWV3aGF0IGEgZmFuIG9mIGxpbmstbG9jYWwgSVB2NCAodGhleSdyZSBjdXRlKSwgYnV0 IGkgcmVhbGx5DQo+IGRvbid0IHNlZSBhIHJlYXNvbiBmb3IgdGhlbTogVGhlIHByb3h5IGFsc28g bmVlZHMgdG8gc3VwcG9ydCBBTiBmdW5jdGlvbnMgYW55aG93LA0KPiBzbyBpdCB3aWxsIGFsd2F5 cyBiZSBhYmxlIHRvIGRvIElQdjYuDQo+IA0KPiAgIGEpIA0KPiANCj4gDQo+IF9fX19fX19fX19f X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fDQo+IEFuaW1hLWJvb3RzdHJhcCBt YWlsaW5nIGxpc3QNCj4gQW5pbWEtYm9vdHN0cmFwQGlldGYub3JnDQo+IGh0dHBzOi8vd3d3Lmll dGYub3JnL21haWxtYW4vbGlzdGluZm8vYW5pbWEtYm9vdHN0cmFwDQoNCg== From nobody Fri Dec 4 16:26:05 2015 Return-Path: X-Original-To: anima-bootstrap@ietfa.amsl.com Delivered-To: anima-bootstrap@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 859841B3427 for ; Fri, 4 Dec 2015 16:26:04 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -13.911 X-Spam-Level: X-Spam-Status: No, score=-13.911 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, J_CHICKENPOX_64=0.6, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xoGMeb3e9jbi for ; Fri, 4 Dec 2015 16:26:02 -0800 (PST) Received: from alln-iport-8.cisco.com (alln-iport-8.cisco.com [173.37.142.95]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6E9CF1B3423 for ; Fri, 4 Dec 2015 16:26:02 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=6228; q=dns/txt; s=iport; t=1449275162; x=1450484762; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-id:content-transfer-encoding: mime-version; bh=WVLrPZQhp3ldvK1Rn0zQqOpylnE3ecpRivFaxd56E7c=; b=jLDMkBR9vi+bODgAISCgWWWj1+aUcggVOIoAF2gSFPizsCAXGghA6iUz +FrMWACMZtyeK+1mMoIKUGjtc+JqYsYUri6tR3ljZ1EN3R/La05ZbnILa CqEEfwj1izcRTa8ZEAph+Cu/Ai3tE3z7I8ncAQTQg7BDH7K0dLXtpQPyG w=; X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0AAAgD3LWJW/5pdJa1egzpTbga9PwENg?= =?us-ascii?q?W4XCoVtAhyBCzgUAQEBAQEBAYEKhDQBAQEDAQEBASAEDToLBQsCAQgYAgImAgI?= =?us-ascii?q?CHwYLFRACBA4FiBoDCggNr1mMBw2EWQEBAQEBAQEBAQEBAQEBAQEBAQEBARQEg?= =?us-ascii?q?QGHYoJuglOCBhiDBi+BFQWWYQGLRIF3lRSHWAEfAQFCghEdgVZyAYQkAgQaBxy?= =?us-ascii?q?BBwEBAQ?= X-IronPort-AV: E=Sophos;i="5.20,382,1444694400"; d="scan'208";a="215008194" Received: from rcdn-core-3.cisco.com ([173.37.93.154]) by alln-iport-8.cisco.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 05 Dec 2015 00:26:01 +0000 Received: from XCH-RCD-004.cisco.com (xch-rcd-004.cisco.com [173.37.102.14]) by rcdn-core-3.cisco.com (8.14.5/8.14.5) with ESMTP id tB50Q1XS026503 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Sat, 5 Dec 2015 00:26:01 GMT Received: from xch-aln-013.cisco.com (173.36.7.23) by XCH-RCD-004.cisco.com (173.37.102.14) with Microsoft SMTP Server (TLS) id 15.0.1104.5; Fri, 4 Dec 2015 18:26:00 -0600 Received: from xch-aln-013.cisco.com ([173.36.7.23]) by XCH-ALN-013.cisco.com ([173.36.7.23]) with mapi id 15.00.1104.000; Fri, 4 Dec 2015 18:25:54 -0600 From: "Max Pritikin (pritikin)" To: Brian E Carpenter Thread-Topic: [Anima-bootstrap] anima-bootstrap: Bootstrap proxy discovery options Thread-Index: AQHRLjUzUXhNiuqCZk29llWSg8eoaJ66oGCAgAFDVQCAAAYSAIAABWOA Date: Sat, 5 Dec 2015 00:25:54 +0000 Message-ID: References: <20151204014333.GZ29056@cisco.com> <56611639.9060508@gmail.com> <29E5EEC1-9995-4137-B8BE-7E2103810CD9@cisco.com> <56622A8C.2020106@gmail.com> In-Reply-To: <56622A8C.2020106@gmail.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ms-exchange-messagesentrepresentingtype: 1 x-ms-exchange-transport-fromentityheader: Hosted x-originating-ip: [10.99.106.4] Content-Type: text/plain; charset="utf-8" Content-ID: Content-Transfer-Encoding: base64 MIME-Version: 1.0 Archived-At: Cc: "Toerless Eckert \(eckert\)" , "anima-bootstrap@ietf.org" Subject: Re: [Anima-bootstrap] anima-bootstrap: Bootstrap proxy discovery options X-BeenThere: anima-bootstrap@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Mailing list for the bootstrap design team of the ANIMA WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 05 Dec 2015 00:26:04 -0000 DQo+IE9uIERlYyA0LCAyMDE1LCBhdCA1OjA2IFBNLCBCcmlhbiBFIENhcnBlbnRlciA8YnJpYW4u ZS5jYXJwZW50ZXJAZ21haWwuY29tPiB3cm90ZToNCj4gDQo+IE9uIDA1LzEyLzIwMTUgMTI6NDQs IE1heCBQcml0aWtpbiAocHJpdGlraW4pIHdyb3RlOg0KPj4gQnJpYW4sIA0KPj4gDQo+PiBBcmUg dGhlIHNlc3Npb24taWQgYW5kIHRoZSBub25jZSBlcXVpdmFsZW50Pw0KPiANCj4gV2VsbCwgSSBt YWRlIGFuIGltcGxlbWVudGF0aW9uIGNob2ljZSB0aGF0IHdoZW4gYW4gQVNBIHJlZ2lzdGVycyBp dHNlbGYNCj4gd2l0aCBHUkFTUCBpdCBnZXRzIGJhY2sgYSBub25jZSwgdXNlZCB0byB2YWxpZGF0 ZSBmdXR1cmUgY2FsbHMsIHNvDQo+IHRoYXQgbm8gb3RoZXIgcHJvY2VzcyBjYW4gbWFzcXVlcmFk ZSBhcyB0aGUgc2FtZSBBU0EuIEFuZCB5ZXMsIEkNCj4ganVzdCByZS11c2VkIHRoZSBleGlzdGlu ZyBTZXNzaW9uIElEIG1lY2hhbmlzbSB0byBhc3NpZ24gdGhhdCBub25jZS4NCj4gSG93ZXZlciwg ZWFjaCB0cmFuc2FjdGlvbiB0aGF0IGFuIEFTQSBpbml0aWF0ZXMgd2lsbCBnZXQgaXRzIG93bg0K PiBTZXNzaW9uIElELg0KPiANCj4+IFdoeSBpcyB0aGUgMzAwMDAgYSBwYXJhbWV0ZXIgcGFzc2Vk IGludG8gdGhlIGludG8gdGhlIGdyYXNwLmRpc2NvdmVyIGNhbGw/IFRoaXMgbG9va3MgbGlrZSBh IHRpbWVvdXQgZm9yIGhvdyBsb25nIHRvIHdhaXQgZm9yIGEgcmVzcG9uc2UgKEdSQVNQX0RFRl9U SU1FT1VULzIpPyBJZiBzbyB0aGlzIHdvdWxkIHByb3ZpZGUgdGhlIDMwcyBiZWhhdmlvciBidXQg aXMgbGV2ZXJhZ2luZyBhIHNpZGUtZWZmZWN0IGR1YmlvdXNseS4gU3VmZmljaWVudCBmb3IgUG9D OyBJ4oCZbSBqdXN0IGFza2luZyB0byB1bmRlcnN0YW5kLg0KPiANCj4gQ29ycmVjdC4gQWdhaW4s IGl0J3MganVzdCBhbiBpbXBsZW1lbnRhdGlvbiBjaG9pY2UgYW5kIEkgYWdyZWUgaXQncyBhIGJp dA0KPiBvZiBhIGtsdWRnZS4gSXQgY291bGQgYmUgZG9uZSBtb3JlIGVsZWdhbnRseS4gKEFsdGhv dWdoIEkgbXVzdCBzYXkgdGhhdCB0aGUNCj4gdGhyZWFkaW5nIHN1cHBvcnQgaW4gUHl0aG9uIGlz IGEgZHJlYW0gdG8gdXNlLikNCg0KYWxsIGdvb2RuZXNzLiB0aGFua3MuIA0KDQo+IA0KPj4gDQo+ PiBUb2VybGVzc+KAmXMgc3VnZ2VzdGlvbiBhcHBlYXJzIHRvIGJlIHRvIGluY2x1ZGUgdGhlIOKA nGxvY2F0b3Itb3B0aW9u4oCdIHdpdGhpbiB0aGUgZGlzY292ZXIgbWVzc2FnZS4gRGlkIHlvdSBp bmNsdWRlIHRoYXQ/IEN1cnJlbnRseSAibG9jYXRvci1vcHRpb27igJ0gaXMgbm90IHBhcnQgb2Yg dGhlIFtncmFzcF0gczMuNy4yIERpc2NvdmVyIE1lc3NhZ2UuIEFyZSB5b3UgY29tZm9ydGFibGUg YWRkaW5nIHRoYXQgYXMgVG9lcmxlc3MgYXJndWVzIGZvcj8NCj4gDQo+IEl0IHR1cm5zIG91dCB0 aGF0IHdlIGhhdmUgdG8gZG8gdGhhdCBhbnl3YXksIGZvciBvdGhlciByZWFzb25zIHRoYXQgSm9l bCBIYWxwZXJuDQo+IHBvaW50ZWQgb3V0IChzaW5jZSBTZXNzaW9uIElEcyBhcmUgdW5pcXVlIHBl ciBub2RlLCBub3QgbmV0d29yay13aWRlKS4gVGhhdCB3aWxsDQo+IGJlIGZpeGVkIGluIHRoZSBu ZXh0IEdSQVNQIGRyYWZ0LiBCdXQgaW4gYW55IGNhc2UsIHRoZSByZWNpcGllbnQgb2YgYSBMTCBt dWx0aWNhc3QNCj4gY2FuIGtub3cgdGhlIHNvdXJjZSBhZGRyZXNzIChhbmQgaW50ZXJmYWNlICMp IGV2ZW4gaWYgdGhleSBhcmUgbm90IGluIHRoZSBwYXlsb2FkLg0KPiBTbyB0aGlzIGlzbid0IGEg cHJvYmxlbS4NCj4gDQo+IEhvd2V2ZXIsIEkgZG8gdGhpbmsgdGhhdCB0aGUgImFubm91bmNlbWVu dCIgbmF0dXJlIG9mIHRoaXMgaXMgYmV0dGVyIHN1aXRlZA0KPiB0byB0aGUgdW5zb2xpY2l0ZWQg Zmxvb2RpbmcgbWVzc2FnZSB0aGFuIHRoZSBEaXNjb3ZlcnkgbWVzc2FnZSwgYmVjYXVzZSB0aGVu DQo+IGl0J3MgbmF0dXJhbCB0byBpbmNsdWRlIGRhdGEgaW4gdGhlIG1lc3NhZ2UuDQoNCnNvIHJh dGhlciB0aGFuIGFkZCDigJxsb2NhdG9yLW9wdGlvbuKAnSB0byB0aGUgZGlzY292ZXJ5IG1lc3Nh Z2UgdXNlIHVuc29saWNpdGVkIHJlc3BvbnNlIG1lc3NhZ2VzLiBUaGlzIG1ha2VzIHNlbnNlICh2 ZXJ5IHNpbWlsYXIgdG8gbUROUyBhcHByb2FjaCEpLiANCg0KRllJIC0gYXMgYW4gZWRpdG9yaWFs IG5vdGUgdGhlIHBhcmFncmFwaCBleHBsYWluaW5nIGZsb29kaW5nIGlzIGJ1cmllZCBpbiBzMy4z LjUgYW5kIGNvdWxkIHByb2JhYmx5IGJlIGNhbGxlZCBvdXQgbW9yZSBjbGVhcmx5IGluIHRoZSB0 ZXh0LiBQZXJoYXBzIGl0cyBvd24gc2VjdGlvbiBvciBpbiB0aGUgUmVzcG9uc2Ugc2VjdGlvbj8g U2ltaWxhcmx5IHMzLjkuMSBpbmNsdWRlcyB0aGUgdGV4dDogImFuZCBmb3IgdGVybWluYXRpbmcg Zmxvb2RpbmcgYXMgZGVzY3JpYmVkIGluIEZMT09ESU5H4oCdIHdoaWNoIGxvb2tzIGxpa2UgYW4g aW5jb21wbGV0ZSByZWZlcmVuY2UgYXMgaWYgeW91IGhhZCBhbHJlYWR5IHBsYW5uZWQgdG8gcHVs bCBmbG9vZGluZyBvdXQgaW50byBpdHMgb3duIHNlY3Rpb24uDQoNCi0gbWF4DQoNCj4gDQo+ICAg IEJyaWFuDQo+IA0KPj4gDQo+PiAtIG1heA0KPj4gDQo+Pj4gT24gRGVjIDMsIDIwMTUsIGF0IDk6 MjcgUE0sIEJyaWFuIEUgQ2FycGVudGVyIDxicmlhbi5lLmNhcnBlbnRlckBnbWFpbC5jb20+IHdy b3RlOg0KPj4+IA0KPj4+IE9uIDA0LzEyLzIwMTUgMTQ6NDMsIFRvZXJsZXNzIEVja2VydCB3cm90 ZToNCj4+PiANCj4+PiAuLi4NCj4+Pj4gIElNSE8sIGkgd291bGQgbGV0IHRoZSBwcm94eSBwZXJp b2RpY2FsbHkgKDMwIHNlY3MpIGp1c3QgYW5ub3VuY2UgdGhhdCBpdHMgcHJvdmlkaW5nDQo+Pj4+ ICBBTiBlbnJvbGxtZW50IHByb3h5IGZ1bmN0aW9uIHZpYSBsaW5rLWxvY2FsIElQdjYgbXVsdGlj YXN0LiANCj4+PiANCj4+PiBIZXJlJ3MgdGhlIFB5dGhvbiBjb2RlIHRvIGRvIHRoYXQgd2l0aCBt eSBwcm90b3R5cGU6DQo+Pj4gDQo+Pj4gaW1wb3J0IGdyYXNwDQo+Pj4gaW1wb3J0IHRpbWUNCj4+ PiANCj4+PiBPSywgbm9uY2UgPSBncmFzcC5yZWdpc3Rlcl9hc2EoIkJvb3QiKQ0KPj4+IGlmIG5v dCBPSzoNCj4+PiAgICN3ZSd2ZSBnb3QgYSBzZXJpb3VzIHByb2JsZW0uLi4NCj4+PiAgIHJhaXNl IFJ1bnRpbWVFcnJvcigiQ2FuJ3QgcmVnaXN0ZXIgYXMgQVNBIikNCj4+PiANCj4+PiBvYmogPSBv YmplY3RpdmUoMCwiOkJvb3QiKQ0KPj4+IHggPSBncmFzcC5yZWdpc3Rlcl9vYmoobm9uY2UsIG9i aikNCj4+PiBpZiBub3QgeCA9PSAiT0siOg0KPj4+ICAgI3dlJ3ZlIGdvdCBhIGRpZmZlcmVudCBw cm9ibGVtLi4uDQo+Pj4gICByYWlzZSBSdW50aW1lRXJyb3IoeCkNCj4+PiANCj4+PiB3aGlsZSBU cnVlOg0KPj4+ICAgZ3Jhc3AuZGlzY292ZXIobm9uY2UsIG9iaiwgMzAwMDApDQo+Pj4gDQo+Pj4g V2hhdCB0aGlzIGRvZXMgaXMgcmVnaXN0ZXIgdGhlIGNhbGxlciBhcyBhbiBBU0EgY2FsbGVkICJC b290IiB0aGF0IGhhbmRsZXMgdGhlDQo+Pj4gb2JqZWN0aXZlIGNhbGxlZCAiOkJvb3QiLCBhbmQg dGhlbiBMTCBtdWx0aWNhc3QgYSBkaXNjb3ZlcnkgbWVzc2FnZSBldmVyeQ0KPj4+IDMwcy4gVGhh dCB3aWxsIHRlbGwgdGhlIG90aGVycyB0aGF0IGl0J3MgdGhlcmUuIEl0J3MgcnVubmluZyBpbiBh bm90aGVyIHdpbmRvdw0KPj4+IGFzIEkgdHlwZS4gSSBkaWRuJ3Qgd3JpdGUgdGhlIGhhbmRsZXIg Y29kZSBmb3IgdGhlIHJlY2VpdmluZyBlbmQgeWV0IHRob3VnaCwNCj4+PiBzbyBJIGp1c3QgZ2V0 IG91dHB1dCBsaWtlIHRoaXMgdHdpY2UgYSBtaW51dGU6DQo+Pj4gDQo+Pj4gQ0JPUi0+UHl0aG9u IGdpdmVzOiAgWzEsIDEyNDg3MDAsIGInJFx4MDZceGUwXHgwN1NceDA3XHgwMFx4MDEoXHhjY1x4 ZGNMXHg5N1x4MDNnXHg4MScsICc6Qm9vdCcsIDAsIDYsIDBdDQo+Pj4gDQo+Pj4+IE1heWJlIHdp dGggcG9ydC1udW1iZXINCj4+Pj4gIGFuZCBwcm90b2NvbCAoRVNUIG92ZXIgSVB2NiBsaW5rLWxv Y2FsICkgYXMgcGFyYW1ldGVycyBzbyBpdCdzIGV4dGVuc2libGUuDQo+Pj4gDQo+Pj4gSWYgeW91 IHdhbnQgcGFyYW1ldGVycywgd2UnZCBuZWVkIHRvIHVzZSB0aGUgKHN5bmNoKSBmbG9vZGluZyBt ZXRob2QNCj4+PiBpbnN0ZWFkLiBNYXliZSBJJ2xsIHdyaXRlIHRoYXQgY29kZSBuZXh0IHdlZWs7 IGl0IHdpbGwgYmUgdmVyeSBzaW1pbGFyIHRvDQo+Pj4gdGhlIGRpc2NvdmVyeSBjYXNlLiBJIGRv bid0IHRoaW5rIHRoZXJlIGFyZSBhbnkgcmVhbCBwcm9ibGVtcyBoZXJlLg0KPj4+IA0KPj4+IFB5 dGhvbitDQk9SIGlzIGZ1bi4gVGhhbmtzLCBUb2VybGVzcywgZm9yIHB1c2hpbmcgdGhlIENCT1Ig aWRlYS4NCj4+PiANCj4+PiAgQnJpYW4NCj4+PiANCj4+PiBfX19fX19fX19fX19fX19fX19fX19f X19fX19fX19fX19fX19fX19fX19fX19fXw0KPj4+IEFuaW1hLWJvb3RzdHJhcCBtYWlsaW5nIGxp c3QNCj4+PiBBbmltYS1ib290c3RyYXBAaWV0Zi5vcmcNCj4+PiBodHRwczovL3d3dy5pZXRmLm9y Zy9tYWlsbWFuL2xpc3RpbmZvL2FuaW1hLWJvb3RzdHJhcA0KPj4gDQo+IA0KDQo= From nobody Fri Dec 4 16:42:16 2015 Return-Path: X-Original-To: anima-bootstrap@ietfa.amsl.com Delivered-To: anima-bootstrap@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DF58A1B3473 for ; Fri, 4 Dec 2015 16:42:15 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.4 X-Spam-Level: X-Spam-Status: No, score=-1.4 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, J_CHICKENPOX_64=0.6, SPF_PASS=-0.001] autolearn=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HgnxcjUFi7_k for ; Fri, 4 Dec 2015 16:42:14 -0800 (PST) Received: from mail-pf0-x22d.google.com (mail-pf0-x22d.google.com [IPv6:2607:f8b0:400e:c00::22d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3762F1B3472 for ; Fri, 4 Dec 2015 16:42:14 -0800 (PST) Received: by pfbg73 with SMTP id g73so34549481pfb.1 for ; Fri, 04 Dec 2015 16:42:13 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=subject:to:references:cc:from:organization:message-id:date :user-agent:mime-version:in-reply-to:content-type :content-transfer-encoding; bh=l9H1Kaq4RQgE7saPELdR91bQDbPQ8nCDKuaKErnELb0=; b=JchOa8FOxIoUCD7C3jXEFxoIS947Ua4pL2qI82u/C2qyGnrvELLb81I0K+g2TXdFV7 xfM1YfRg/1BPTo78LS7YZy1bOjWF945Qwkw0B0Ad0JeSYXz5azG1UC4dYJdk2CrjJwZa nX+xNy8ukcj9smq899pmf53jibWn+l0iY/xNmqjLOS/i1qJ5F4Fg5WwTivTIM2EGhy+1 xhMGMnv4LjhsNvqHYrj36GqYTh9pJItSun4BSMXr7iwWsBHajy2+c2TeI4O43pYKlo2X SXUmRcZ4ei8pvGY3e7kXesHEQ2tluNYwd4h+fMqEdUAwc3qhFUrRejOvl0QZcRd5eTOx L84A== X-Received: by 10.98.86.210 with SMTP id h79mr25824853pfj.87.1449276133830; Fri, 04 Dec 2015 16:42:13 -0800 (PST) Received: from ?IPv6:2406:e007:74e1:1:28cc:dc4c:9703:6781? ([2406:e007:74e1:1:28cc:dc4c:9703:6781]) by smtp.gmail.com with ESMTPSA id o2sm19477864pap.31.2015.12.04.16.42.10 (version=TLSv1/SSLv3 cipher=OTHER); Fri, 04 Dec 2015 16:42:12 -0800 (PST) To: "Max Pritikin (pritikin)" References: <20151204014333.GZ29056@cisco.com> <56611639.9060508@gmail.com> <29E5EEC1-9995-4137-B8BE-7E2103810CD9@cisco.com> <56622A8C.2020106@gmail.com> From: Brian E Carpenter Organization: University of Auckland Message-ID: <566232EE.4000609@gmail.com> Date: Sat, 5 Dec 2015 13:42:22 +1300 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:38.0) Gecko/20100101 Thunderbird/38.4.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Archived-At: Cc: "Toerless Eckert \(eckert\)" , "anima-bootstrap@ietf.org" Subject: Re: [Anima-bootstrap] anima-bootstrap: Bootstrap proxy discovery options X-BeenThere: anima-bootstrap@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Mailing list for the bootstrap design team of the ANIMA WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 05 Dec 2015 00:42:16 -0000 > FYI - as an editorial note the paragraph explaining flooding is buried = in s3.3.5 and could probably be called out more clearly in the text. Perh= aps its own section or in the Response section? Similarly s3.9.1 includes= the text: "and for terminating flooding as described in FLOODING=E2=80=9D= which looks like an incomplete reference as if you had already planned t= o pull flooding out into its own section. Good points. BTW I don't fundamentally care whether or not bootstrap uses the GRASP mechanisms - I just want to make sure that they *could* be used if that turns out to be optimal. Regards Brian On 05/12/2015 13:25, Max Pritikin (pritikin) wrote: >=20 >> On Dec 4, 2015, at 5:06 PM, Brian E Carpenter wrote: >> >> On 05/12/2015 12:44, Max Pritikin (pritikin) wrote: >>> Brian,=20 >>> >>> Are the session-id and the nonce equivalent? >> >> Well, I made an implementation choice that when an ASA registers itsel= f >> with GRASP it gets back a nonce, used to validate future calls, so >> that no other process can masquerade as the same ASA. And yes, I >> just re-used the existing Session ID mechanism to assign that nonce. >> However, each transaction that an ASA initiates will get its own >> Session ID. >> >>> Why is the 30000 a parameter passed into the into the grasp.discover = call? This looks like a timeout for how long to wait for a response (GRAS= P_DEF_TIMEOUT/2)? If so this would provide the 30s behavior but is levera= ging a side-effect dubiously. Sufficient for PoC; I=E2=80=99m just asking= to understand. >> >> Correct. Again, it's just an implementation choice and I agree it's a = bit >> of a kludge. It could be done more elegantly. (Although I must say tha= t the >> threading support in Python is a dream to use.) >=20 > all goodness. thanks.=20 >=20 >> >>> >>> Toerless=E2=80=99s suggestion appears to be to include the =E2=80=9Cl= ocator-option=E2=80=9D within the discover message. Did you include that?= Currently "locator-option=E2=80=9D is not part of the [grasp] s3.7.2 Dis= cover Message. Are you comfortable adding that as Toerless argues for? >> >> It turns out that we have to do that anyway, for other reasons that Jo= el Halpern >> pointed out (since Session IDs are unique per node, not network-wide).= That will >> be fixed in the next GRASP draft. But in any case, the recipient of a = LL multicast >> can know the source address (and interface #) even if they are not in = the payload. >> So this isn't a problem. >> >> However, I do think that the "announcement" nature of this is better s= uited >> to the unsolicited flooding message than the Discovery message, becaus= e then >> it's natural to include data in the message. >=20 > so rather than add =E2=80=9Clocator-option=E2=80=9D to the discovery me= ssage use unsolicited response messages. This makes sense (very similar t= o mDNS approach!).=20 >=20 > FYI - as an editorial note the paragraph explaining flooding is buried = in s3.3.5 and could probably be called out more clearly in the text. Perh= aps its own section or in the Response section? Similarly s3.9.1 includes= the text: "and for terminating flooding as described in FLOODING=E2=80=9D= which looks like an incomplete reference as if you had already planned t= o pull flooding out into its own section. >=20 > - max >=20 >> >> Brian >> >>> >>> - max >>> >>>> On Dec 3, 2015, at 9:27 PM, Brian E Carpenter wrote: >>>> >>>> On 04/12/2015 14:43, Toerless Eckert wrote: >>>> >>>> ... >>>>> IMHO, i would let the proxy periodically (30 secs) just announce t= hat its providing >>>>> AN enrollment proxy function via link-local IPv6 multicast.=20 >>>> >>>> Here's the Python code to do that with my prototype: >>>> >>>> import grasp >>>> import time >>>> >>>> OK, nonce =3D grasp.register_asa("Boot") >>>> if not OK: >>>> #we've got a serious problem... >>>> raise RuntimeError("Can't register as ASA") >>>> >>>> obj =3D objective(0,":Boot") >>>> x =3D grasp.register_obj(nonce, obj) >>>> if not x =3D=3D "OK": >>>> #we've got a different problem... >>>> raise RuntimeError(x) >>>> >>>> while True: >>>> grasp.discover(nonce, obj, 30000) >>>> >>>> What this does is register the caller as an ASA called "Boot" that h= andles the >>>> objective called ":Boot", and then LL multicast a discovery message = every >>>> 30s. That will tell the others that it's there. It's running in anot= her window >>>> as I type. I didn't write the handler code for the receiving end yet= though, >>>> so I just get output like this twice a minute: >>>> >>>> CBOR->Python gives: [1, 1248700, b'$\x06\xe0\x07S\x07\x00\x01(\xcc\= xdcL\x97\x03g\x81', ':Boot', 0, 6, 0] >>>> >>>>> Maybe with port-number >>>>> and protocol (EST over IPv6 link-local ) as parameters so it's ext= ensible. >>>> >>>> If you want parameters, we'd need to use the (synch) flooding method= >>>> instead. Maybe I'll write that code next week; it will be very simil= ar to >>>> the discovery case. I don't think there are any real problems here. >>>> >>>> Python+CBOR is fun. Thanks, Toerless, for pushing the CBOR idea. >>>> >>>> Brian >>>> >>>> _______________________________________________ >>>> Anima-bootstrap mailing list >>>> Anima-bootstrap@ietf.org >>>> https://www.ietf.org/mailman/listinfo/anima-bootstrap >>> >> >=20 From nobody Mon Dec 7 00:54:59 2015 Return-Path: X-Original-To: anima-bootstrap@ietfa.amsl.com Delivered-To: anima-bootstrap@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5EBB31B355C for ; Mon, 7 Dec 2015 00:54:58 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.601 X-Spam-Level: X-Spam-Status: No, score=-2.601 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Ea8s8qnMCE0d for ; Mon, 7 Dec 2015 00:54:55 -0800 (PST) Received: from lb1-smtp-cloud6.xs4all.net (lb1-smtp-cloud6.xs4all.net [194.109.24.24]) (using TLSv1 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8D5861B3559 for ; Mon, 7 Dec 2015 00:54:54 -0800 (PST) Received: from webmail.xs4all.nl ([194.109.20.199]) by smtp-cloud6.xs4all.net with ESMTP id qYus1r0094Hiz6i01Yus4Z; Mon, 07 Dec 2015 09:54:52 +0100 Received: from 2001:983:a264:1:3cbe:4ecd:8c20:6c6d by webmail.xs4all.nl with HTTP (HTTP/1.1 POST); Mon, 07 Dec 2015 09:54:52 +0100 MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII; format=flowed Content-Transfer-Encoding: 7bit Date: Mon, 07 Dec 2015 09:54:52 +0100 From: peter van der Stok To: Toerless Eckert Organization: vanderstok consultancy Mail-Reply-To: consultancy@vanderstok.org In-Reply-To: <20151204014333.GZ29056@cisco.com> References: <20151204014333.GZ29056@cisco.com> Message-ID: <6471865864850e6c34961f12d45853cd@xs4all.nl> X-Sender: stokcons@xs4all.nl (232ClssbWmMdZhw+2cS4CjUzU8f9SYRB) User-Agent: XS4ALL Webmail Archived-At: Cc: anima-bootstrap@ietf.org Subject: Re: [Anima-bootstrap] anima-bootstrap: Bootstrap proxy discovery options X-BeenThere: anima-bootstrap@ietf.org X-Mailman-Version: 2.1.15 Precedence: list Reply-To: consultancy@vanderstok.org List-Id: Mailing list for the bootstrap design team of the ANIMA WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 07 Dec 2015 08:54:58 -0000 Hi Toerless, A few remarks to your extensive e_mail > Also comparison with mDNS as we discussed it: > - code size: We need GRASP for more functions in AN beside > discovery, > we do not need mDNS for anything in AN, so on IoT devices we > would save > code size. TBD: Size of an mDNS stack (note: We MAY want > "normal" DNS, > so the code size for mDNS may not be that large as a delta on > top of > "normal" DNS). > - Number of packet exchanges (TBD: not clear how much this is a > real > problem, mDNS may optimize here): mDNS exchange is logical three > step: > PTR RR lookup -> SRV, TXT RR lookup, AAAA lookup > - mDNS being a query/reply exchange wouldn't have the security > properties > i described above. Unless you abuse it and engineer an MDNS > unsolicited > announce periodically with all the four RRs included. And i > guess > one could define a TXT RR with the signed timestamp. Aka: I > could probably > do the same thing i was describing above also with mDNS. Not > sure if > mDNS people would like that... I checked mDNS-SD (it is not too complex), It is sufficient to send a query for the SRV RR containing the required service. (Knowing that your service must exist removes the need for checking its existence, so no PTR query). mDNS should also return the AAAA RR defined by the contents of the SRV RR in the same message. The DNS encoding of the messages is pretty concise. (for example, name strings occur only once) > > 2. If 1. failed: OPTIONAL Discovery of bootstrap proxy via L3 > Many installations will have their own brand of service discovery (SD). Inter-operability of SD is the first objective; we can safely assume that if a given brand of SD is used, the whole installation uses this brand as specified by a SDO that is active in this particular market. I think it is sufficient to state that the proxy service needs to be discovered and how this can be done with DNS-SD (mDNS) or DHCP, the IETF standards. Greetings, Peter > > > _______________________________________________ > Anima-bootstrap mailing list > Anima-bootstrap@ietf.org > https://www.ietf.org/mailman/listinfo/anima-bootstrap From nobody Mon Dec 7 09:37:08 2015 Return-Path: X-Original-To: anima-bootstrap@ietfa.amsl.com Delivered-To: anima-bootstrap@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2DC141AD06B for ; Mon, 7 Dec 2015 09:37:06 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: 2.18 X-Spam-Level: ** X-Spam-Status: No, score=2.18 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HOST_MISMATCH_NET=0.311, J_CHICKENPOX_15=0.6, J_CHICKENPOX_25=0.6, J_CHICKENPOX_27=0.6, J_CHICKENPOX_29=0.6, J_CHICKENPOX_34=0.6, RCVD_IN_SORBS_WEB=0.77, SPF_PASS=-0.001] autolearn=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zh9Hi3Pb_Y4L for ; Mon, 7 Dec 2015 09:37:04 -0800 (PST) Received: from relay.sandelman.ca (relay.cooperix.net [IPv6:2a01:7e00::f03c:91ff:feae:de77]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 765E81AD071 for ; Mon, 7 Dec 2015 09:37:02 -0800 (PST) Received: from sandelman.ca (unknown [75.98.19.132]) by relay.sandelman.ca (Postfix) with ESMTPS id 99A8F22086 for ; Mon, 7 Dec 2015 12:37:00 -0500 (EST) Received: by sandelman.ca (Postfix, from userid 179) id 7380661F6E; Mon, 7 Dec 2015 12:36:56 -0500 (EST) From: Michael Richardson To: anima-bootstrap X-Attribution: mcr X-Mailer: MH-E 8.6; nmh 1.6+dev; GNU Emacs 24.4.1 MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha1; protocol="application/pgp-signature" Date: Mon, 07 Dec 2015 12:36:56 -0500 Message-ID: <8242.1449509816@dooku.sandelman.ca> Archived-At: Subject: [Anima-bootstrap] notes from 2015-12-03 design team meeting X-BeenThere: anima-bootstrap@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Mailing list for the bootstrap design team of the ANIMA WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 07 Dec 2015 17:37:06 -0000 --=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable This meeting occured at 2015-12-03 11:00 EST, 1600 UTC on a IETF webex, (but, we forgot to hit record, I think) and used the IETF etherpad for note taking and discussion. Present were: Michael Richardson, Peter van der Stok, Carsten Bormann, Michael Behringer, Max Pritikin, Toerless Eckert, Robert Cragie Topic for this week was contents of certificate that will be provisioned via EST. (Topics for next two weeks: 1. PROTOCOL STACK 2015-12-10. 2. DISCOVERY MECHANISM 2015-12-17. ) We discussed some of the question as to what the new node does to get online enough to get a connection to the Domain registry, and the text of anima-bootstrap section 3.1.1 was posted, and then amended as follows at REVISED311 below. The core of the discussion was then around the question of what shows up in the resulting Domain-specific certificate that the registry issues as the LDevID. Is it related to the IDevID contents, and do we have a strong enough specification in 802.1AR? {{802.11AR drafts are at: http://www.ieee802.org/1/pages/802.1ar.html and if you enter your email address at: http://standards.ieee.org/getieee802/download/802.1AR.-2009.pdf and section 7 details the contents, including: version, (certificate) serialNumber, signature, issuer, 7.2.8 subject The DevID subject field shall uniquely identify the device associated with the particular DevID credential within the issuer=E2=80=99s doma= in of significance. The formatting of this field shall contain a unique X.5= 00 Distinguished Name (DN). This may include the unique device serial number assigned by the manufacturer or any other suitable unique DN value that the issuer prefers. In the case of a third-party CA or a standards certification agency, this can contain the manufacturer=E2= =80=99s identity information. The subject field=E2=80=99s DN encoding should = include the =E2=80=9CserialNumber=E2=80=9D attribute with the device=E2=80=99= s unique serial number. 7.2.9 subjectAltName The non-critical DevID subjectAltName extension may supplement the subject field identity information as specified in RFC 5280 by containing a hardwareModuleName as specified in RFC 4108 [B22]. So essentially 802.1AR says to have a DN, says nothing other than it should include a serialNumber, but doesn't say anything about the format of that, and then punts to RFC5280 and RFC4108. An exaple was pasted in from a Cisco CPE device: Certificate Status: Available Certificate Serial Number (hex): 138BA1550000002D9F7A Certificate Usage: General Purpose Issuer: cn=3DCisco Manufacturing CA o=3DCisco Systems Subject: Name: C819HWD-A-K9 Serial Number: PID:C819HWD-A-K9 SN:FTX1XXXXZ (this is the x500 serialnu= mber attribute under the subject name) cn=3DC819HWD-A-K9 serialNumber=3DPID:C819HWD-A-K9 SN:FXXXXFZ CRL Distribution Points: http://www.cisco.com/security/pki/crl/cmca.crl Validity Date: start date: 20:38:14 MET Apr 12 2013 end date: 20:48:14 MET Apr 12 2023 Associated Trustpoints: CISCO_IDEVID_SUDI NOTE: because the unique inforamtion is the vendor information (who signed this cert) and the serial number (from the subjectname) these need to both = be moved, in some fasion, to create a unique identity within the domain. For example: SHALL copy the "issuer o=3DCisco Systems" into the subject of the LDevID. It was noted in the call that the serialNumber attribute in this example he= re was not just a number, as one might expect from 7.2.8, but also includes the model (which is redundant with the CN), and also text "SN:" and "PID:". We would expect the Domain registrar to take this SN, and attach to it as part of the DN, the vendor name, because the issuer will be the domain registry. So the resulting Domain (LDevID) Certificate subject name in this case will= become: o=3DCisco Systems, Serial Number: PID:C819HWD-A-K9 SN:FTXXXXXXX Thus the 'o' field of the LDevID is the original issuer thus providing uniqueness for all certs. subject name =3D "Cisco Systems; PID:C819HWD-A-K9 SN:FTX171585FZ" It will be difficult to make a normative reference for this. Perhaps use the 'authoritykeyIdentifier' instead? Less human readable though. 802.1AR s7.2.4: "Because uniqueness cannot be guaranteed, the issued DevIDcredentials contain the authorityKeyIdentifier extension". During discussion it was pointed out this could be mapped to a human readab= le value by the registrar (e.g. authoritykeyIdentifier-X =3D Cisco and -Y=3DJu= niper) QUESTION: is there some mapping to the ip address issued? PRIVACY OBSERVATION: with IKEv2, and TLS1.3 (but not TLS 1.2), the certific= ate contents are not visible to passive eavesdroppers during key agreem= ent. MCR wondered on the call if we should provide some guidance on how/where to point for CRL distribution point for 802.1AR IDevID; is concerned about vendors using their marketing web sites for critical infrastructure use. Toerless pastes current LDevID has been assigning at Cisco Autonomic "lab": Certificate Status: Available Certificate Serial Number (hex): 04 Certificate Usage: General Purpose Issuer: cn=3DANRA-CS Subject: Name: 0200.0000.6400-3 Serial Number: PID:Unix SN:101 ou=3Dneat.org+serialNumber=3DPID:Unix SN:101 <-- should include the o= riginal vendor information for multi-vendor deployments cn=3D0200.0000.6400-3 <-- mac address of the reg= istar plus the serial number of the device "-3" (in this example) Validity Date: start date: 10:45:21 CET Dec 2 2015 end date: 10:45:21 CET Dec 1 2016 Associated Trustpoints: AN-Domain Explanation: "0200.0000.6400" is mac address of *registrarD* -3 is the third certificate issued, so it's unique. "PID:Unix SN:101" is what the product provided. REVISED311: Current text of section 3.1.1 (with modifications here) 1. MUST: Obtains a link local address using either IPv4 or IPv6 methods as described in [[EDNOTE: we need a reference:]].https://tools.ietf.= org/html/rfc3927: Dynamic Configuration of IPv4 Link-Local Addresses only ipv6 link local (not ipv4) reorder to #1 2. MUST: Attempt to establish a D/TLS connection to the next hop neighbor at a well known AN port building on the [[EDNOTE: AN node discovery discussion, need a reference??]]. [Toerless to provide updated text] reorder to #?? 3. MUST: unsecured-GRASP as a link local discovery method? [Toerless to provide updated text] reorder to #4 4. MAY: Performs DNS-based Service Discovery [RFC6763] over Multicast DNS [RFC6762] searching for the service "_bootstrapks._tcp.local." reorder to #2. MCR suggests "anycast" here as an alternative to mDNS or GRASP. [ref: RFC47= 86? RFC7094?] https://tools.ietf.org/html/rfc2526 and https://tools.ietf.org/ht= ml/rfc4291 argument in favor of mDNS: the complexity addresses real problems= that must be addressed for consistent operations. toerless is worried about the multiple DNS operations (chasing PT= R records) 5. MAY: Performs DNS-based Service Discovery [RFC6763] over normal DNS operations. In this case the domain is known so the service searched for is "_bootstrapks._tcp.example.com". 6. MAY: If no local bootstrapks service is located using the DNS- based Sevice Discovery methods the New Entity contacts a well known vendor provided bootstrapping server by perfoming a DNS lookup using a well known URI such as "bootstrapks.vendor- example.com". =2D- Michael Richardson , Sandelman Software Works -=3D IPv6 IoT consulting =3D- --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAEBAgAGBQJWZcO2AAoJEKD0KQ7Gj3P2124IAMOEm5tIzcsPnyTY3ul9k8zB a69hnJ5k0mTsDFJoFCzZLnlmlP3R7C6IrxDzdwA+hnQGnxlSkPGdbvqiP2kMi0XI PgEBgU3Txn+OcRZVZeoasBOiPPWeNcNYjX1CNTA69houstpN69+LJpQbYpE7RSoO zYfG68+DbjNqUwmy+DkIE75h1gUBV3HCaVcoQudEVXHouLXe0KNtKyIEM2SdLPG/ qzfquMS7xrBRXDm01foc0n28ckTx47sGYaU27AyWqABeZTHJzxt/VISqoI3elSes 9GlI31Vlzh2WmXvBt1T1N8uCwC5AZwsccUMhWe1gmbiUaIc4opQvNeZVylAw4EI= =nl+7 -----END PGP SIGNATURE----- --=-=-=-- From nobody Mon Dec 7 11:05:04 2015 Return-Path: X-Original-To: anima-bootstrap@ietfa.amsl.com Delivered-To: anima-bootstrap@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CE4641B39CF for ; Mon, 7 Dec 2015 11:05:02 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2 X-Spam-Level: X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5lHsevCP--Hb for ; Mon, 7 Dec 2015 11:05:01 -0800 (PST) Received: from mail-pf0-x233.google.com (mail-pf0-x233.google.com [IPv6:2607:f8b0:400e:c00::233]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5E51A1B3894 for ; Mon, 7 Dec 2015 11:05:01 -0800 (PST) Received: by pfbg73 with SMTP id g73so71032713pfb.1 for ; Mon, 07 Dec 2015 11:05:01 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=subject:to:references:cc:from:organization:message-id:date :user-agent:mime-version:in-reply-to:content-type :content-transfer-encoding; bh=LuzgADYWLktPZ+TCGoxNHimNcl9r6Ne1yha3K55RRkg=; b=AotdxjtPWPNV8VfZCCsYizGn8znjCbkW9OAoAErMXexdXOzwMUcaKpAo6F4vI4U+uc FAKAb6to9xx2MIz8zGieILy8O2H+Dc4jTCSEwsoEXDnbopTryjLA08+7ndluL0mCNpVt 957cM3N9zUuylgFeU7VVbEsEwQRUEQ2NOgVMbiFjBkJhJxkzjfG/xOgSEsxp01K+Gv7E Xx+7HVoApO195jefh7521e338EqJitd3F+eg2HdgEXQojtAKeZSbEv7fG54H/XeOqh0H 4BqF4X4BIYFJo3ogA/UB1KSkaL5brvYfwo/mP7CEaxLwljiXyGdACdB19FbuqMLH7HZz fk6g== X-Received: by 10.98.0.138 with SMTP id 132mr45632798pfa.131.1449515100996; Mon, 07 Dec 2015 11:05:00 -0800 (PST) Received: from ?IPv6:2406:e007:5209:1:28cc:dc4c:9703:6781? ([2406:e007:5209:1:28cc:dc4c:9703:6781]) by smtp.gmail.com with ESMTPSA id 71sm36240975pfj.28.2015.12.07.11.04.58 (version=TLSv1/SSLv3 cipher=OTHER); Mon, 07 Dec 2015 11:05:00 -0800 (PST) To: consultancy@vanderstok.org, Toerless Eckert References: <20151204014333.GZ29056@cisco.com> <6471865864850e6c34961f12d45853cd@xs4all.nl> From: Brian E Carpenter Organization: University of Auckland Message-ID: <5665D85C.5010604@gmail.com> Date: Tue, 8 Dec 2015 08:05:00 +1300 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:38.0) Gecko/20100101 Thunderbird/38.4.0 MIME-Version: 1.0 In-Reply-To: <6471865864850e6c34961f12d45853cd@xs4all.nl> Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit Archived-At: Cc: anima-bootstrap@ietf.org Subject: Re: [Anima-bootstrap] anima-bootstrap: Bootstrap proxy discovery options X-BeenThere: anima-bootstrap@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Mailing list for the bootstrap design team of the ANIMA WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 07 Dec 2015 19:05:03 -0000 On 07/12/2015 21:54, peter van der Stok wrote: > Hi Toerless, > > A few remarks to your extensive e_mail > > >> Also comparison with mDNS as we discussed it: >> - code size: We need GRASP for more functions in AN beside discovery, >> we do not need mDNS for anything in AN, so on IoT devices we would save >> code size. TBD: Size of an mDNS stack (note: We MAY want "normal" DNS, >> so the code size for mDNS may not be that large as a delta on top of >> "normal" DNS). >> - Number of packet exchanges (TBD: not clear how much this is a real >> problem, mDNS may optimize here): mDNS exchange is logical three step: >> PTR RR lookup -> SRV, TXT RR lookup, AAAA lookup >> - mDNS being a query/reply exchange wouldn't have the security properties >> i described above. Unless you abuse it and engineer an MDNS unsolicited >> announce periodically with all the four RRs included. And i guess >> one could define a TXT RR with the signed timestamp. Aka: I >> could probably >> do the same thing i was describing above also with mDNS. Not sure if >> mDNS people would like that... > > I checked mDNS-SD (it is not too complex), > It is sufficient to send a query for the SRV RR containing the required service. > (Knowing that your service must exist removes the need for checking its existence, so no PTR query). > mDNS should also return the AAAA RR defined by the contents of the SRV RR in the same message. > The DNS encoding of the messages is pretty concise. (for example, name strings occur only once) > >> >> 2. If 1. failed: OPTIONAL Discovery of bootstrap proxy via L3 >> > Many installations will have their own brand of service discovery (SD). > Inter-operability of SD is the first objective; we can safely assume that if a given brand of SD is used, > the whole installation uses this brand as specified by a SDO that is active in this particular market. > > I think it is sufficient to state that the proxy service needs to be discovered > and how this can be done with DNS-SD (mDNS) or DHCP, the IETF standards. Just remember that in a truly autonomic network built with factory-reset devices, we cannot assume that anything at all has been configured or named. Brian From nobody Mon Dec 7 11:07:19 2015 Return-Path: X-Original-To: anima-bootstrap@ietfa.amsl.com Delivered-To: anima-bootstrap@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 48E141B39DD for ; Mon, 7 Dec 2015 11:07:18 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -0.19 X-Spam-Level: X-Spam-Status: No, score=-0.19 tagged_above=-999 required=5 tests=[BAYES_05=-0.5, HOST_MISMATCH_NET=0.311, SPF_PASS=-0.001] autolearn=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vrRFPUkib4IP for ; Mon, 7 Dec 2015 11:07:16 -0800 (PST) Received: from relay.sandelman.ca (relay.cooperix.net [IPv6:2a01:7e00::f03c:91ff:feae:de77]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DC20A1B39DF for ; Mon, 7 Dec 2015 11:07:15 -0800 (PST) Received: from sandelman.ca (unknown [192.252.136.159]) by relay.sandelman.ca (Postfix) with ESMTPS id 9C3D122086; Mon, 7 Dec 2015 14:07:14 -0500 (EST) Received: by sandelman.ca (Postfix, from userid 179) id B73F361F6E; Mon, 7 Dec 2015 14:07:13 -0500 (EST) From: Michael Richardson To: "Max Pritikin \(pritikin\)" In-reply-to: References: <20151204014333.GZ29056@cisco.com> Comments: In-reply-to "Max Pritikin (pritikin)" message dated "Sat, 05 Dec 2015 00:18:39 +0000." X-Mailer: MH-E 8.6; nmh 1.6+dev; GNU Emacs 24.4.1 MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha1; protocol="application/pgp-signature" Date: Mon, 07 Dec 2015 14:07:13 -0500 Message-ID: <13379.1449515233@dooku.sandelman.ca> Archived-At: Cc: "Toerless Eckert \(eckert\)" , "anima-bootstrap@ietf.org" Subject: Re: [Anima-bootstrap] anima-bootstrap: Bootstrap proxy discovery options X-BeenThere: anima-bootstrap@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Mailing list for the bootstrap design team of the ANIMA WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 07 Dec 2015 19:07:18 -0000 --=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Max Pritikin (pritikin) wrote: >> IMHO, i would let the proxy periodically (30 secs) > Is it acceptable that a new device sits for 30s before joining? Should > this be shorter? Longer? What criteria do we use to choose (see below > before answering). >> I don't want the enrolling device to be more attackable than >> necessarily. Arguably such a greenfield device may be more attackab= le >> than a configured device. An unconfigured device that periodically >> broadcasts "hey, i am unconfigured and look for a proxy server" >> (especially when powered on in a non-AN enviroment) is the best vict= im >> ever to do a port-scan etc. pp. on (or just find the console >> interface). And just because a vendor has added autonomic networking >> doesn't mean he has now also fixed all security for all OS services >> many of which may not even be off by default but would likely be >> configured off by security sensitive operators. This is one reason I'd like the new device to do things that configured devices do regularly. So sending out a multicast IKEv2 INIT might really make sense here. Every device should do it every 5 to 15 minutes. A new device will either send them, or receive them. Either way, it can respond and within the privacy of IKEv2, can do something. That doesn't you can't use a proxy to get things through: the resulting one-hop-ACP won't be part of the production ACP. >> So, i think we can use GARP DISCOVER for this periodic multicast, > Multicast DNS supports multicast =E2=80=9Cunsolicited=E2=80=9D respon= ses and also > specifically states that peers cache these. So the basic behavior you > are requesting is fundamentally available from mDNS as well. This is a > design choice for Anima but I doesn=E2=80=99t seem to dramatically im= pact our > choice of discovery protocols. mDNS is another good mechanism to use --- and it doesn't scream out, "newbi= e" either. >> Also comparison with mDNS as we discussed it: - code size: We need >> GRASP for more functions in AN beside discovery, we do not need mDNS >> for anything in AN, so on IoT devices we would save code size. TBD: >> Size of an mDNS stack (note: We MAY want "normal" DNS, so the code >> size for mDNS may not be that large as a delta on top of "normal" >> DNS). > This is where the real value/difference discussion comes in. I guess = we > could build an avahi library and see how much the entire thing takes = or > how big pieces of it are. I claim that much of what we are doing with the ACP and GRASP is outside the code space limit for a constrained IoT device, so I don't buy this argument. 1) mDNS *IS* useful in IoT space, so the code isn't wasted. 2) GRASP is *not* useful in constrained IoT space. >> And i guess one could define a TXT RR with the signed timestamp. Aka: >> I could probably do the same thing i was describing above also with >> mDNS. Not sure if mDNS people would like that=E2=80=A6 > For a DNS based solution I guess DNSsec integration would be > logical. I=E2=80=99m not sure I like any approach where we try to cra= m security > into the discovery protocol =E2=80=94 the truth is that we don=E2=80= =99t have > sufficient information to trust crypto methods in the > response/broadcast information until after we complete bootstrapping = at > which point its relatively moot. Instead we can cut to the heart of > your security value by tracking "locator-option=E2=80=9D information = seen and > freaking out if an unexpected one was seen (assuming GRASP). Exactly: You can't easily do DNSSEC easily here: no trust anchors available= for joining device. DNSSEC can give you an alternative to 802.1AR certificates though, but it replaces that part. =2D- Michael Richardson , Sandelman Software Works -=3D IPv6 IoT consulting =3D- --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAEBAgAGBQJWZdjdAAoJEKD0KQ7Gj3P2sU8H/3smwoKpEOzOxlNlOFpV+jKD jY7hFKkbSxNEXkn9FEfHAv53E66bGqhq4e9DAKEdD2Az2InpQB77TTTJwa9eUSps bRf+g/1NoaPxRu+v3y/RIbAnUkMqwsn3N1WiNYL1I5Ic6DNRyNcBH/RF1Bk2OYjd TJT67VeRBkoalTscTCuTFbnWf+v3fsb/To746jdIzN234QSJk4azYTtCMthUoRdb T8bOz+zjCyJxx/QBk0faNBPpi7W7jWfO2vyw0QLRCg/o42bvsVJVrPwQ2GTAVvLZ wcxJhbPf3bLIV7DmDG9wQ/cG5UdY/npXZivHJUXlIUsSBk8zvTsAUR7U72VdQ9w= =VGMm -----END PGP SIGNATURE----- --=-=-=-- From nobody Mon Dec 7 11:29:27 2015 Return-Path: X-Original-To: anima-bootstrap@ietfa.amsl.com Delivered-To: anima-bootstrap@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F223E1A017A for ; Mon, 7 Dec 2015 11:29:25 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -14.511 X-Spam-Level: X-Spam-Status: No, score=-14.511 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0IANh48PUCmF for ; Mon, 7 Dec 2015 11:29:24 -0800 (PST) Received: from alln-iport-3.cisco.com (alln-iport-3.cisco.com [173.37.142.90]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0A8741A014A for ; Mon, 7 Dec 2015 11:29:24 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=6154; q=dns/txt; s=iport; t=1449516564; x=1450726164; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-id:content-transfer-encoding: mime-version; bh=jeHy6cYr4Fq+AAtAiIQ9MHZfB4DNKJqvBV7qmY1CrkA=; b=J1kVCt1i0pFgCm9L7u7Hfn8QFztKiuCOhFh8GUigamdWLnkPiBipvIYq /7K1muqPiqUdW9TGVC2ufUmrK8OX/La2gnyQhccD+f9zBnLWXWT5kDU/p dJq/G/GiB0WJypsV2ZtsulHjx6TJ9gCNPDysFwEvJ0AuckvOHQ6oLdcCZ U=; X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0AAAgAh3WVW/5xdJa1egzpTbga9KwENg?= =?us-ascii?q?W4XCoI9gzACHIEqOBQBAQEBAQEBgQqENAEBAQMBAQEBIBE6CwULAgEIGAICJgI?= =?us-ascii?q?CAiULFRACBA4FG4gMCA2wFpBaAQEBAQEBAQEBAQEBAQEBAQEBAQEBFASBAYdig?= =?us-ascii?q?m6ENQ2DNS+BFQWHTIcQiAUBjTuBW5cgg3EBHwEBQoQEcoQmQoEHAQEB?= X-IronPort-AV: E=Sophos;i="5.20,396,1444694400"; d="scan'208";a="215124393" Received: from rcdn-core-5.cisco.com ([173.37.93.156]) by alln-iport-3.cisco.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 07 Dec 2015 19:29:23 +0000 Received: from XCH-ALN-005.cisco.com (xch-aln-005.cisco.com [173.36.7.15]) by rcdn-core-5.cisco.com (8.14.5/8.14.5) with ESMTP id tB7JTMSP016320 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Mon, 7 Dec 2015 19:29:23 GMT Received: from xch-aln-013.cisco.com (173.36.7.23) by XCH-ALN-005.cisco.com (173.36.7.15) with Microsoft SMTP Server (TLS) id 15.0.1104.5; Mon, 7 Dec 2015 13:29:22 -0600 Received: from xch-aln-013.cisco.com ([173.36.7.23]) by XCH-ALN-013.cisco.com ([173.36.7.23]) with mapi id 15.00.1104.009; Mon, 7 Dec 2015 13:29:22 -0600 From: "Max Pritikin (pritikin)" To: Michael Richardson Thread-Topic: [Anima-bootstrap] anima-bootstrap: Bootstrap proxy discovery options Thread-Index: AQHRLjUzUXhNiuqCZk29llWSg8eoaJ677SQAgARf/ICAAAYvgA== Date: Mon, 7 Dec 2015 19:29:22 +0000 Message-ID: <20D831CB-5075-4899-9C4F-D3D04334B1CF@cisco.com> References: <20151204014333.GZ29056@cisco.com> <13379.1449515233@dooku.sandelman.ca> In-Reply-To: <13379.1449515233@dooku.sandelman.ca> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ms-exchange-messagesentrepresentingtype: 1 x-ms-exchange-transport-fromentityheader: Hosted x-originating-ip: [10.99.106.4] Content-Type: text/plain; charset="utf-8" Content-ID: <83F2EBD90B3A5B4291F4F1B162505C2D@emea.cisco.com> Content-Transfer-Encoding: base64 MIME-Version: 1.0 Archived-At: Cc: "Toerless Eckert \(eckert\)" , "anima-bootstrap@ietf.org" Subject: Re: [Anima-bootstrap] anima-bootstrap: Bootstrap proxy discovery options X-BeenThere: anima-bootstrap@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Mailing list for the bootstrap design team of the ANIMA WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 07 Dec 2015 19:29:26 -0000 DQo+IE9uIERlYyA3LCAyMDE1LCBhdCAxMjowNyBQTSwgTWljaGFlbCBSaWNoYXJkc29uIDxtY3Ir aWV0ZkBzYW5kZWxtYW4uY2E+IHdyb3RlOg0KPiANCj4gDQo+IE1heCBQcml0aWtpbiAocHJpdGlr aW4pIDxwcml0aWtpbkBjaXNjby5jb20+IHdyb3RlOg0KPj4+IElNSE8sIGkgd291bGQgbGV0IHRo ZSBwcm94eSBwZXJpb2RpY2FsbHkgKDMwIHNlY3MpDQo+IA0KPj4gSXMgaXQgYWNjZXB0YWJsZSB0 aGF0IGEgbmV3IGRldmljZSBzaXRzIGZvciAzMHMgYmVmb3JlIGpvaW5pbmc/IFNob3VsZA0KPj4g dGhpcyBiZSBzaG9ydGVyPyBMb25nZXI/IFdoYXQgY3JpdGVyaWEgZG8gd2UgdXNlIHRvIGNob29z ZSAoc2VlIGJlbG93DQo+PiBiZWZvcmUgYW5zd2VyaW5nKS4NCj4gDQo+Pj4gSSBkb24ndCB3YW50 IHRoZSBlbnJvbGxpbmcgZGV2aWNlIHRvIGJlIG1vcmUgYXR0YWNrYWJsZSB0aGFuDQo+Pj4gbmVj ZXNzYXJpbHkuICBBcmd1YWJseSBzdWNoIGEgZ3JlZW5maWVsZCBkZXZpY2UgbWF5IGJlIG1vcmUg YXR0YWNrYWJsZQ0KPj4+IHRoYW4gYSBjb25maWd1cmVkIGRldmljZS4gQW4gdW5jb25maWd1cmVk IGRldmljZSB0aGF0IHBlcmlvZGljYWxseQ0KPj4+IGJyb2FkY2FzdHMgImhleSwgaSBhbSB1bmNv bmZpZ3VyZWQgYW5kIGxvb2sgZm9yIGEgcHJveHkgc2VydmVyIg0KPj4+IChlc3BlY2lhbGx5IHdo ZW4gcG93ZXJlZCBvbiBpbiBhIG5vbi1BTiBlbnZpcm9tZW50KSBpcyB0aGUgYmVzdCB2aWN0aW0N Cj4+PiBldmVyIHRvIGRvIGEgcG9ydC1zY2FuIGV0Yy4gcHAuICBvbiAob3IganVzdCBmaW5kIHRo ZSBjb25zb2xlDQo+Pj4gaW50ZXJmYWNlKS4gQW5kIGp1c3QgYmVjYXVzZSBhIHZlbmRvciBoYXMg YWRkZWQgYXV0b25vbWljIG5ldHdvcmtpbmcNCj4+PiBkb2Vzbid0IG1lYW4gaGUgaGFzIG5vdyBh bHNvIGZpeGVkIGFsbCBzZWN1cml0eSBmb3IgYWxsIE9TIHNlcnZpY2VzDQo+Pj4gbWFueSBvZiB3 aGljaCBtYXkgbm90IGV2ZW4gYmUgb2ZmIGJ5IGRlZmF1bHQgYnV0IHdvdWxkIGxpa2VseSBiZQ0K Pj4+IGNvbmZpZ3VyZWQgb2ZmIGJ5IHNlY3VyaXR5IHNlbnNpdGl2ZSBvcGVyYXRvcnMuDQo+IA0K PiBUaGlzIGlzIG9uZSByZWFzb24gSSdkIGxpa2UgdGhlIG5ldyBkZXZpY2UgdG8gZG8gdGhpbmdz IHRoYXQgY29uZmlndXJlZA0KPiBkZXZpY2VzIGRvIHJlZ3VsYXJseS4NCj4gU28gc2VuZGluZyBv dXQgYSBtdWx0aWNhc3QgSUtFdjIgSU5JVCBtaWdodCByZWFsbHkgbWFrZSBzZW5zZSBoZXJlLg0K PiBFdmVyeSBkZXZpY2Ugc2hvdWxkIGRvIGl0IGV2ZXJ5IDUgdG8gMTUgbWludXRlcy4NCj4gDQo+ IEEgbmV3IGRldmljZSB3aWxsIGVpdGhlciBzZW5kIHRoZW0sIG9yIHJlY2VpdmUgdGhlbS4gIEVp dGhlciB3YXksIGl0IGNhbg0KPiByZXNwb25kIGFuZCB3aXRoaW4gdGhlIHByaXZhY3kgb2YgSUtF djIsIGNhbiBkbyBzb21ldGhpbmcuDQo+IFRoYXQgZG9lc24ndCB5b3UgY2FuJ3QgdXNlIGEgcHJv eHkgdG8gZ2V0IHRoaW5ncyB0aHJvdWdoOiB0aGUgcmVzdWx0aW5nDQo+IG9uZS1ob3AtQUNQIHdv bid0IGJlIHBhcnQgb2YgdGhlIHByb2R1Y3Rpb24gQUNQLg0KDQpNaWNoYWVsLCBJIGZhaWxlZCB0 byBwYXJzZSB5b3VyIHJlc3BvbnNlLiANCg0KQXJlIHlvdSBhZ3JlZWluZyB3aXRoIFRvZXJsZXNz 4oCZIGFyZ3VtZW50IHRoYXQgdGhlIG5ldyBkZXZpY2Ugc2hvdWxkIGJlIGEgcmVzcG9uZGVyPyAN Cg0KT3IsIGFyZSB5b3UgYXJndWluZyB0aGF0IHRoZSBuZXcgZGV2aWNlIHNob3VsZCBpbml0aWF0 ZSB0aGUgYm9vdHN0cmFwcGluZzsgYnV0IGRvIHNvIGluIGEgd2F5IHRoYXQgZG9lcyBub3QgZXhw b3NlIGl0IGlzIGEgbmV3IGRldmljZT8gDQoNCi0gbWF4DQoNCj4+PiBTbywgaSB0aGluayB3ZSBj YW4gdXNlIEdBUlAgRElTQ09WRVIgZm9yIHRoaXMgcGVyaW9kaWMgbXVsdGljYXN0LA0KPiANCj4+ IE11bHRpY2FzdCBETlMgc3VwcG9ydHMgbXVsdGljYXN0IOKAnHVuc29saWNpdGVk4oCdIHJlc3Bv bnNlcyBhbmQgYWxzbw0KPj4gc3BlY2lmaWNhbGx5IHN0YXRlcyB0aGF0IHBlZXJzIGNhY2hlIHRo ZXNlLiBTbyB0aGUgYmFzaWMgYmVoYXZpb3IgeW91DQo+PiBhcmUgcmVxdWVzdGluZyBpcyBmdW5k YW1lbnRhbGx5IGF2YWlsYWJsZSBmcm9tIG1ETlMgYXMgd2VsbC4gVGhpcyBpcyBhDQo+PiBkZXNp Z24gY2hvaWNlIGZvciBBbmltYSBidXQgSSBkb2VzbuKAmXQgc2VlbSB0byBkcmFtYXRpY2FsbHkg aW1wYWN0IG91cg0KPj4gY2hvaWNlIG9mIGRpc2NvdmVyeSBwcm90b2NvbHMuDQo+IA0KPiBtRE5T IGlzIGFub3RoZXIgZ29vZCBtZWNoYW5pc20gdG8gdXNlIC0tLSBhbmQgaXQgZG9lc24ndCBzY3Jl YW0gb3V0LCAibmV3YmllIg0KPiBlaXRoZXIuDQo+IA0KPj4+IEFsc28gY29tcGFyaXNvbiB3aXRo IG1ETlMgYXMgd2UgZGlzY3Vzc2VkIGl0OiAtIGNvZGUgc2l6ZTogV2UgbmVlZA0KPj4+IEdSQVNQ IGZvciBtb3JlIGZ1bmN0aW9ucyBpbiBBTiBiZXNpZGUgZGlzY292ZXJ5LCB3ZSBkbyBub3QgbmVl ZCBtRE5TDQo+Pj4gZm9yIGFueXRoaW5nIGluIEFOLCBzbyBvbiBJb1QgZGV2aWNlcyB3ZSB3b3Vs ZCBzYXZlIGNvZGUgc2l6ZS4gVEJEOg0KPj4+IFNpemUgb2YgYW4gbUROUyBzdGFjayAobm90ZTog V2UgTUFZIHdhbnQgIm5vcm1hbCIgRE5TLCBzbyB0aGUgY29kZQ0KPj4+IHNpemUgZm9yIG1ETlMg bWF5IG5vdCBiZSB0aGF0IGxhcmdlIGFzIGEgZGVsdGEgb24gdG9wIG9mICJub3JtYWwiDQo+Pj4g RE5TKS4NCj4gDQo+PiBUaGlzIGlzIHdoZXJlIHRoZSByZWFsIHZhbHVlL2RpZmZlcmVuY2UgZGlz Y3Vzc2lvbiBjb21lcyBpbi4gSSBndWVzcyB3ZQ0KPj4gY291bGQgYnVpbGQgYW4gYXZhaGkgbGli cmFyeSBhbmQgc2VlIGhvdyBtdWNoIHRoZSBlbnRpcmUgdGhpbmcgdGFrZXMgb3INCj4+IGhvdyBi aWcgcGllY2VzIG9mIGl0IGFyZS4NCj4gDQo+IEkgY2xhaW0gdGhhdCBtdWNoIG9mIHdoYXQgd2Ug YXJlIGRvaW5nIHdpdGggdGhlIEFDUCBhbmQgR1JBU1AgaXMgb3V0c2lkZSB0aGUNCj4gY29kZSBz cGFjZSBsaW1pdCBmb3IgYSBjb25zdHJhaW5lZCBJb1QgZGV2aWNlLCBzbyBJIGRvbid0IGJ1eSB0 aGlzIGFyZ3VtZW50Lg0KPiANCj4gMSkgbUROUyAqSVMqIHVzZWZ1bCBpbiBJb1Qgc3BhY2UsIHNv IHRoZSBjb2RlIGlzbid0IHdhc3RlZC4NCj4gMikgR1JBU1AgaXMgKm5vdCogdXNlZnVsIGluIGNv bnN0cmFpbmVkIElvVCBzcGFjZS4NCj4gDQo+Pj4gQW5kIGkgZ3Vlc3Mgb25lIGNvdWxkIGRlZmlu ZSBhIFRYVCBSUiB3aXRoIHRoZSBzaWduZWQgdGltZXN0YW1wLiBBa2E6DQo+Pj4gSSBjb3VsZCBw cm9iYWJseSBkbyB0aGUgc2FtZSB0aGluZyBpIHdhcyBkZXNjcmliaW5nIGFib3ZlIGFsc28gd2l0 aA0KPj4+IG1ETlMuIE5vdCBzdXJlIGlmIG1ETlMgcGVvcGxlIHdvdWxkIGxpa2UgdGhhdOKApg0K PiANCj4+IEZvciBhIEROUyBiYXNlZCBzb2x1dGlvbiBJIGd1ZXNzIEROU3NlYyBpbnRlZ3JhdGlv biB3b3VsZCBiZQ0KPj4gbG9naWNhbC4gSeKAmW0gbm90IHN1cmUgSSBsaWtlIGFueSBhcHByb2Fj aCB3aGVyZSB3ZSB0cnkgdG8gY3JhbSBzZWN1cml0eQ0KPj4gaW50byB0aGUgZGlzY292ZXJ5IHBy b3RvY29sIOKAlCB0aGUgdHJ1dGggaXMgdGhhdCB3ZSBkb27igJl0IGhhdmUNCj4+IHN1ZmZpY2ll bnQgaW5mb3JtYXRpb24gdG8gdHJ1c3QgY3J5cHRvIG1ldGhvZHMgaW4gdGhlDQo+PiByZXNwb25z ZS9icm9hZGNhc3QgaW5mb3JtYXRpb24gdW50aWwgYWZ0ZXIgd2UgY29tcGxldGUgYm9vdHN0cmFw cGluZyBhdA0KPj4gd2hpY2ggcG9pbnQgaXRzIHJlbGF0aXZlbHkgbW9vdC4gSW5zdGVhZCB3ZSBj YW4gY3V0IHRvIHRoZSBoZWFydCBvZg0KPj4geW91ciBzZWN1cml0eSB2YWx1ZSBieSB0cmFja2lu ZyAibG9jYXRvci1vcHRpb27igJ0gaW5mb3JtYXRpb24gc2VlbiBhbmQNCj4+IGZyZWFraW5nIG91 dCBpZiBhbiB1bmV4cGVjdGVkIG9uZSB3YXMgc2VlbiAoYXNzdW1pbmcgR1JBU1ApLg0KPiANCj4g RXhhY3RseTogWW91IGNhbid0IGVhc2lseSBkbyBETlNTRUMgZWFzaWx5IGhlcmU6IG5vIHRydXN0 IGFuY2hvcnMgYXZhaWxhYmxlIGZvcg0KPiAgICAgICAgIGpvaW5pbmcgZGV2aWNlLiAgRE5TU0VD IGNhbiBnaXZlIHlvdSBhbiBhbHRlcm5hdGl2ZSB0byA4MDIuMUFSDQo+ICAgICAgICAgY2VydGlm aWNhdGVzIHRob3VnaCwgYnV0IGl0IHJlcGxhY2VzIHRoYXQgcGFydC4NCj4gDQo+IC0tDQo+IE1p Y2hhZWwgUmljaGFyZHNvbiA8bWNyK0lFVEZAc2FuZGVsbWFuLmNhPiwgU2FuZGVsbWFuIFNvZnR3 YXJlIFdvcmtzDQo+IC09IElQdjYgSW9UIGNvbnN1bHRpbmcgPS0NCj4gDQo+IA0KPiANCj4gX19f X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX18NCj4gQW5pbWEtYm9v dHN0cmFwIG1haWxpbmcgbGlzdA0KPiBBbmltYS1ib290c3RyYXBAaWV0Zi5vcmcNCj4gaHR0cHM6 Ly93d3cuaWV0Zi5vcmcvbWFpbG1hbi9saXN0aW5mby9hbmltYS1ib290c3RyYXANCg0K From nobody Mon Dec 7 13:27:48 2015 Return-Path: X-Original-To: anima-bootstrap@ietfa.amsl.com Delivered-To: anima-bootstrap@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4AC301A903B for ; Mon, 7 Dec 2015 13:27:47 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -14.51 X-Spam-Level: X-Spam-Status: No, score=-14.51 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hGWNj41h996R for ; Mon, 7 Dec 2015 13:27:45 -0800 (PST) Received: from rcdn-iport-8.cisco.com (rcdn-iport-8.cisco.com [173.37.86.79]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 098CC1A902D for ; Mon, 7 Dec 2015 13:27:44 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=10988; q=dns/txt; s=iport; t=1449523664; x=1450733264; h=from:to:cc:subject:date:message-id:references: in-reply-to:reply-to:mime-version; bh=c7w2DCSRfLMWeKRhQKDxiebiZ42Tswgd0/HSmWC7S+g=; b=U5+Ooeyw7MO5DPNqIxGk7RfUT+fM2xgKRDSAxu5ftFxwUu5FtJ8QblvD uJf9QLYGFGq45cu91s0Ul+57+NKeN5LpTjyG9/WhajGXyEwRYiHwiUtp2 lhWT8gYoNblbWGM5b+BNbD1Afx9mvN7WAWt7FZeqY0PWQDCRq4UDsc0Ip Y=; X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0D+AQDz+GVW/5RdJa1egm5MgUG9MQENg?= =?us-ascii?q?W6CXoMwAoFHOBQBAQEBAQEBgQqENAEBAQMBLUwFCwIBCBgJJQ8jDhcCBAENBRu?= =?us-ascii?q?IDAi2f4oKAQEBAQEBAQEBAQEBAQEBAQEBAQEBGItRhDUNhHkBBIYUCZBEAY07g?= =?us-ascii?q?VuXIIMkTQEfAQFChARyhCaBSQEBAQ?= X-IronPort-AV: E=Sophos; i="5.20,396,1444694400"; d="scan'208,217"; a="51513565" Received: from rcdn-core-12.cisco.com ([173.37.93.148]) by rcdn-iport-8.cisco.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 07 Dec 2015 21:27:44 +0000 Received: from XCH-RCD-013.cisco.com (xch-rcd-013.cisco.com [173.37.102.23]) by rcdn-core-12.cisco.com (8.14.5/8.14.5) with ESMTP id tB7LRiWO025130 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Mon, 7 Dec 2015 21:27:44 GMT Received: from xch-rcd-003.cisco.com (173.37.102.13) by XCH-RCD-013.cisco.com (173.37.102.23) with Microsoft SMTP Server (TLS) id 15.0.1104.5; Mon, 7 Dec 2015 15:27:43 -0600 Received: from xch-rcd-003.cisco.com ([173.37.102.13]) by XCH-RCD-003.cisco.com ([173.37.102.13]) with mapi id 15.00.1104.009; Mon, 7 Dec 2015 15:27:43 -0600 From: "Toerless Eckert (eckert)" To: Michael Richardson , "Max Pritikin (pritikin)" Thread-Topic: [Anima-bootstrap] anima-bootstrap: Bootstrap proxy discovery options Thread-Index: AQHRLjUzS4AAIqyRMUK2K4HYCGqAr5673GGAgARwv4D//8Kszw== Date: Mon, 7 Dec 2015 21:27:43 +0000 Message-ID: References: <20151204014333.GZ29056@cisco.com> , <13379.1449515233@dooku.sandelman.ca> In-Reply-To: <13379.1449515233@dooku.sandelman.ca> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ms-exchange-transport-fromentityheader: Hosted Content-Type: multipart/alternative; boundary="_000_ud2xiylovu3fp4sa5u7qnvf31449523587721emailandroidcom_" MIME-Version: 1.0 Archived-At: Cc: "anima-bootstrap@ietf.org" Subject: Re: [Anima-bootstrap] anima-bootstrap: Bootstrap proxy discovery options X-BeenThere: anima-bootstrap@ietf.org X-Mailman-Version: 2.1.15 Precedence: list Reply-To: "Toerless Eckert \(eckert\)" List-Id: Mailing list for the bootstrap design team of the ANIMA WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 07 Dec 2015 21:27:47 -0000 --_000_ud2xiylovu3fp4sa5u7qnvf31449523587721emailandroidcom_ Content-Type: text/plain; charset="Windows-1252" Content-Transfer-Encoding: quoted-printable Mind to explain why you think grasp is outside the scope for constrained de= vices ? With cbor encoding its comparable in compactness to coap, right ? Sent from my Samsung Captivate Glide on AT&T Michael Richardson wrote: Max Pritikin (pritikin) wrote: >> IMHO, i would let the proxy periodically (30 secs) > Is it acceptable that a new device sits for 30s before joining? Shoul= d > this be shorter? Longer? What criteria do we use to choose (see below > before answering). >> I don't want the enrolling device to be more attackable than >> necessarily. Arguably such a greenfield device may be more attackab= le >> than a configured device. An unconfigured device that periodically >> broadcasts "hey, i am unconfigured and look for a proxy server" >> (especially when powered on in a non-AN enviroment) is the best vict= im >> ever to do a port-scan etc. pp. on (or just find the console >> interface). And just because a vendor has added autonomic networking >> doesn't mean he has now also fixed all security for all OS services >> many of which may not even be off by default but would likely be >> configured off by security sensitive operators. This is one reason I'd like the new device to do things that configured devices do regularly. So sending out a multicast IKEv2 INIT might really make sense here. Every device should do it every 5 to 15 minutes. A new device will either send them, or receive them. Either way, it can respond and within the privacy of IKEv2, can do something. That doesn't you can't use a proxy to get things through: the resulting one-hop-ACP won't be part of the production ACP. >> So, i think we can use GARP DISCOVER for this periodic multicast, > Multicast DNS supports multicast =93unsolicited=94 responses and also > specifically states that peers cache these. So the basic behavior you > are requesting is fundamentally available from mDNS as well. This is = a > design choice for Anima but I doesn=92t seem to dramatically impact o= ur > choice of discovery protocols. mDNS is another good mechanism to use --- and it doesn't scream out, "newbi= e" either. >> Also comparison with mDNS as we discussed it: - code size: We need >> GRASP for more functions in AN beside discovery, we do not need mDNS >> for anything in AN, so on IoT devices we would save code size. TBD: >> Size of an mDNS stack (note: We MAY want "normal" DNS, so the code >> size for mDNS may not be that large as a delta on top of "normal" >> DNS). > This is where the real value/difference discussion comes in. I guess = we > could build an avahi library and see how much the entire thing takes = or > how big pieces of it are. I claim that much of what we are doing with the ACP and GRASP is outside th= e code space limit for a constrained IoT device, so I don't buy this argument= . 1) mDNS *IS* useful in IoT space, so the code isn't wasted. 2) GRASP is *not* useful in constrained IoT space. >> And i guess one could define a TXT RR with the signed timestamp. Aka= : >> I could probably do the same thing i was describing above also with >> mDNS. Not sure if mDNS people would like that=85 > For a DNS based solution I guess DNSsec integration would be > logical. I=92m not sure I like any approach where we try to cram secu= rity > into the discovery protocol =97 the truth is that we don=92t have > sufficient information to trust crypto methods in the > response/broadcast information until after we complete bootstrapping = at > which point its relatively moot. Instead we can cut to the heart of > your security value by tracking "locator-option=94 information seen a= nd > freaking out if an unexpected one was seen (assuming GRASP). Exactly: You can't easily do DNSSEC easily here: no trust anchors available= for joining device. DNSSEC can give you an alternative to 802.1AR certificates though, but it replaces that part. -- Michael Richardson , Sandelman Software Works -=3D IPv6 IoT consulting =3D- --_000_ud2xiylovu3fp4sa5u7qnvf31449523587721emailandroidcom_ Content-Type: text/html; charset="Windows-1252" Content-Transfer-Encoding: quoted-printable
Mind to explain why you think grasp is outside the scope for constrain= ed devices ? With cbor encoding its comparable in compactness to coap, righ= t ?




Sent from my Samsung Captivate = Glide on AT&T

Michael Richardson <mcr+ietf@sandelman.ca> wrote:

Max Pritikin (pritikin) <pritikin@cisco.com> wrote:
    >> IMHO, i would let the proxy periodically (30 se= cs)

    > Is it acceptable that a new device sits for 30s bef= ore joining? Should
    > this be shorter? Longer? What criteria do we use to= choose (see below
    > before answering).

    >> I don't want the enrolling device to be more at= tackable than
    >> necessarily.  Arguably such a greenfield d= evice may be more attackable
    >> than a configured device. An unconfigured devic= e that periodically
    >> broadcasts "hey, i am unconfigured and loo= k for a proxy server"
    >> (especially when powered on in a non-AN envirom= ent) is the best victim
    >> ever to do a port-scan etc. pp.  on (or ju= st find the console
    >> interface). And just because a vendor has added= autonomic networking
    >> doesn't mean he has now also fixed all security= for all OS services
    >> many of which may not even be off by default bu= t would likely be
    >> configured off by security sensitive operators.=

This is one reason I'd like the new device to do things that configured
devices do regularly.
So sending out a multicast IKEv2 INIT might really make sense here.
Every device should do it every 5 to 15 minutes.

A new device will either send them, or receive them.  Either way, it c= an
respond and within the privacy of IKEv2, can do something.
That doesn't you can't use a proxy to get things through: the resulting
one-hop-ACP won't be part of the production ACP.

    >> So, i think we can use GARP DISCOVER for this p= eriodic multicast,

    > Multicast DNS supports multicast =93unsolicited=94 = responses and also
    > specifically states that peers cache these. So the = basic behavior you
    > are requesting is fundamentally available from mDNS= as well. This is a
    > design choice for Anima but I doesn=92t seem to dra= matically impact our
    > choice of discovery protocols.

mDNS is another good mechanism to use --- and it doesn't scream out, "= newbie"
either.

    >> Also comparison with mDNS as we discussed it: -= code size: We need
    >> GRASP for more functions in AN beside discovery= , we do not need mDNS
    >> for anything in AN, so on IoT devices we would = save code size. TBD:
    >> Size of an mDNS stack (note: We MAY want "= normal" DNS, so the code
    >> size for mDNS may not be that large as a delta = on top of "normal"
    >> DNS).

    > This is where the real value/difference discussion = comes in. I guess we
    > could build an avahi library and see how much the e= ntire thing takes or
    > how big pieces of it are.

I claim that much of what we are doing with the ACP and GRASP is outside th= e
code space limit for a constrained IoT device, so I don't buy this argument= .

1) mDNS *IS* useful in IoT space, so the code isn't wasted.
2) GRASP is *not* useful in constrained IoT space.

    >> And i guess one could define a TXT RR with the = signed timestamp. Aka:
    >> I could probably do the same thing i was descri= bing above also with
    >> mDNS. Not sure if mDNS people would like that= =85

    > For a DNS based solution I guess DNSsec integration= would be
    > logical. I=92m not sure I like any approach where w= e try to cram security
    > into the discovery protocol =97 the truth is that w= e don=92t have
    > sufficient information to trust crypto methods in t= he
    > response/broadcast information until after we compl= ete bootstrapping at
    > which point its relatively moot. Instead we can cut= to the heart of
    > your security value by tracking "locator-optio= n=94 information seen and
    > freaking out if an unexpected one was seen (assumin= g GRASP).

Exactly: You can't easily do DNSSEC easily here: no trust anchors available= for
         joining device.  DNSS= EC can give you an alternative to 802.1AR
         certificates though, but i= t replaces that part.

--
Michael Richardson <mcr+IETF@sandelman.ca>, Sandelman Software Wo= rks
 -=3D IPv6 IoT consulting =3D-



 --_000_ud2xiylovu3fp4sa5u7qnvf31449523587721emailandroidcom_-- From nobody Mon Dec 7 14:47:32 2015 Return-Path: X-Original-To: anima-bootstrap@ietfa.amsl.com Delivered-To: anima-bootstrap@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 732101B2A5A for ; Mon, 7 Dec 2015 14:47:31 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -14.511 X-Spam-Level: X-Spam-Status: No, score=-14.511 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RxHK8dP2GIrJ for ; Mon, 7 Dec 2015 14:47:28 -0800 (PST) Received: from rcdn-iport-2.cisco.com (rcdn-iport-2.cisco.com [173.37.86.73]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7AC4A1B2A59 for ; Mon, 7 Dec 2015 14:47:28 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=2530; q=dns/txt; s=iport; t=1449528448; x=1450738048; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-id:content-transfer-encoding: mime-version; bh=kLoLPWF08zTtpE+DDUogbaOUp1Qx25QZPuaaQM7wJPw=; b=gZDCxAnwqF/r91TDZYn+z1K1OyWIsIdl98sqHEaLFoJLjhFAD2QhFVvV X9mTRi+iTtd+4GCUv7ootJ9ojjewMexD98GJOmbbElGTEIQoUiwtDbS0d gmrExoiKmm03xh4w7PZz79JwVfo1APtrZHsRSymGr4psH/15bAlU9C2Q4 Y=; X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0AAAgAZC2ZW/4cNJK1egzpTbga9KgENg?= =?us-ascii?q?W4XCoI9gzACHIErOBQBAQEBAQEBgQqENAEBAQMBAQEBIAQNOgQHBQsCAQgYAgI?= =?us-ascii?q?mAgICJQsVEAIEDgWIJwgNsBaQYgEBAQEBAQEBAQEBAQEBAQEBAQEBARQEgQGHY?= =?us-ascii?q?oJuhEIXgx4vgRUFlmEBjTucbAEfAQFChARyhGiBBwEBAQ?= X-IronPort-AV: E=Sophos;i="5.20,396,1444694400"; d="scan'208";a="56243651" Received: from alln-core-2.cisco.com ([173.36.13.135]) by rcdn-iport-2.cisco.com with ESMTP/TLS/DHE-RSA-AES256-SHA; 07 Dec 2015 22:47:27 +0000 Received: from XCH-ALN-013.cisco.com (xch-aln-013.cisco.com [173.36.7.23]) by alln-core-2.cisco.com (8.14.5/8.14.5) with ESMTP id tB7MlR3k013888 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Mon, 7 Dec 2015 22:47:27 GMT Received: from xch-aln-013.cisco.com (173.36.7.23) by XCH-ALN-013.cisco.com (173.36.7.23) with Microsoft SMTP Server (TLS) id 15.0.1104.5; Mon, 7 Dec 2015 16:47:26 -0600 Received: from xch-aln-013.cisco.com ([173.36.7.23]) by XCH-ALN-013.cisco.com ([173.36.7.23]) with mapi id 15.00.1104.009; Mon, 7 Dec 2015 16:47:26 -0600 From: "Max Pritikin (pritikin)" To: Michael Richardson Thread-Topic: [Anima-bootstrap] ACE and scope of bootstrap Thread-Index: AQHRJ5QSDgw5ZdE2lEK1bjJ1NaZT/p7Al+iA Date: Mon, 7 Dec 2015 22:47:26 +0000 Message-ID: References: <13717.1448463285@sandelman.ca> <18185.1448464497@sandelman.ca> In-Reply-To: <18185.1448464497@sandelman.ca> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ms-exchange-messagesentrepresentingtype: 1 x-ms-exchange-transport-fromentityheader: Hosted x-originating-ip: [10.99.106.4] Content-Type: text/plain; charset="utf-8" Content-ID: <99A94FCD04060D418D5CC44A129F289F@emea.cisco.com> Content-Transfer-Encoding: base64 MIME-Version: 1.0 Archived-At: Cc: anima-bootstrap Subject: Re: [Anima-bootstrap] ACE and scope of bootstrap X-BeenThere: anima-bootstrap@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Mailing list for the bootstrap design team of the ANIMA WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 07 Dec 2015 22:47:31 -0000 DQo+IE9uIE5vdiAyNSwgMjAxNSwgYXQgODoxNCBBTSwgTWljaGFlbCBSaWNoYXJkc29uIDxtY3Ir aWV0ZkBzYW5kZWxtYW4uY2E+IHdyb3RlOg0KPiANCj4gDQo+IEkgd3JvdGUgdGhpcyB0byBkZWFs IHdpdGggYW55IG92ZXJsYXAgd2l0aCBBQ0UuDQo+IEFDRSdzIGNoYXJ0ZXIgc3BlY2lmaWNhbGx5 IGhhcyB0aGUgYm9vdHN0cmFwIGJldHdlZW4gY29uc3RyYWluZWQgbm9kZSBhbmQNCj4gbm9uLWNv bnN0cmFpbmVkIGhlbHBlciAod2hldGhlciBjbGllbnQgb3IgYXV0aG9yaXphdGlvbiBzZXJ2ZXIp IG91dCBvZiBzY29wZS4NCj4gDQo+ICsgICAgICA8c2VjdGlvbiB0aXRsZT0iVHJ1c3QgYm9vdHN0 cmFwIj4NCj4gKyAgICAgICAgPHQ+DQo+ICsgICAgICAgICAgVGhlIGltcHJpbnQgcHJvdG9jb2wg cmVzdWx0cyBpbiBhIHNlY3VyZSByZWxhdGlvbnNoaXAgYmV0d2VlbiB0aGUNCj4gKyAgICAgICAg ICBkb21haW4gcmVnaXN0cmFyIGFuZCB0aGUgbmV3IGRldmljZS4gIElmIHRoZSBuZXcgZGV2aWNl IGlzDQo+ICsgICAgICAgICAgc3VmZmljaWVudGx5IGNvbnN0cmFpbmVkIHRoYXQgdGhlIEFDRSBw cm90b2NvbCBzaG91bGQgYmUgbGV2ZXJhZ2VkDQo+ICsgICAgICAgICAgZm9yIG9wZXJhdGlvbiwg KHNlZSA8eHJlZiB0YXJnZXQ9IkktRC5pZXRmLWFjZS1hY3RvcnMiIC8+KSwgYW5kDQo+IHRoZQ0K PiArICAgICAgICAgIGRvbWFpbiByZWdpc3RyYXIgaXMgYWxzbyB0aGUgQ2xpZW50IEF1dGhvcml6 YXRpb24gU2VydmVyIG9yIHRoZQ0KPiArICAgICAgICAgIEF1dGhvcml6YXRpb24gU2VydmVyLCB0 aGVuIGl0IG1heSBiZSBhcHByb3ByaWF0ZSB0byB1c2UNCg0K4oCcdG8gdXNlIEFDRSBzcGVjaWZp ZWQgbWVjaGFuaXNtc+KAnT8gDQoNClRoaXMgYXZvaWRzIHRyeWluZyB0byBoaW50IGF0IHdoYXQg dGhlIG1lY2hhbmlzbSBtaWdodCBiZS4gDQoNCi0gbWF4DQoNCg0KPiB0aGlzDQo+IHNlY3VyZQ0K PiArICAgICAgICAgIGNoYW5uZWwgdG8gZXhjaGFuZ2UgQUNFIHRva2Vucy4NCj4gKyAgICAgICAg PC90Pg0KPiArICAgICAgPC9zZWN0aW9uPg0KPiAgICAgPC9zZWN0aW9uPg0KPiANCj4gSSBhbSB1 bmNvbWZvcnRhYmxlIHdpdGggdGhlIHdvcmRzICJBQ0UgdG9rZW5zIiwgYnV0IEkgZG9uJ3Qga25v dyB3aGF0IGVsc2UgdG8NCj4gd3JpdGUuICBJIG1lYW4gdGhlIHRoaW5nIHRoYXQgd291bGQgcmVw cmVzZW50IHRoZSB0cnVzdCBiZXR3ZWVuIENsaWVudCA8LT4gQ0FTLg0KPiBJIHRoaW5rIHRoYXQg dGhpcyBtYXkgYWxzbyBiZSBvdXQtb2Ytc2NvcGUuICBJIGRvbid0IHByb3Bvc2UgdG8gbWFrZSBp dA0KPiBpbi1zY29wZSBmb3IgQU5JTUEsIGJ1dCB0byBtYWtlIGl0IGNsZWFyIHRoYXQgQU5JTUEg Ym9vdHN0cmFwIHdpbGwgaGF2ZQ0KPiBjcmVhdGVkIGEgKEQpVExTIGNvbm5lY3Rpb24gd2hpY2gg Y291bGQgYmUgcmV1c2VkIGZvciBzb21ldGhpbmcgZWxzZS4NCj4gT3IgYSBzdGF0ZWxlc3MgVExT IHNlc3Npb24tcmVzdW1wdGlvbiB0b2tlbiBjb3VsZCBiZSBleGNoYW5nZWQgZm9yIGxhdGVyIHVz ZQ0KPiBieSBBQ0UuDQo+IA0KPiAtLQ0KPiBNaWNoYWVsIFJpY2hhcmRzb24gPG1jcitJRVRGQHNh bmRlbG1hbi5jYT4sIFNhbmRlbG1hbiBTb2Z0d2FyZSBXb3Jrcw0KPiAtPSBJUHY2IElvVCBjb25z dWx0aW5nID0tDQo+IA0KPiANCj4gDQo+IF9fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19f X19fX19fX19fX19fX19fDQo+IEFuaW1hLWJvb3RzdHJhcCBtYWlsaW5nIGxpc3QNCj4gQW5pbWEt Ym9vdHN0cmFwQGlldGYub3JnDQo+IGh0dHBzOi8vd3d3LmlldGYub3JnL21haWxtYW4vbGlzdGlu Zm8vYW5pbWEtYm9vdHN0cmFwDQoNCg== From nobody Tue Dec 8 03:46:20 2015 Return-Path: X-Original-To: anima-bootstrap@ietfa.amsl.com Delivered-To: anima-bootstrap@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7ABC91B2BE3 for ; Tue, 8 Dec 2015 03:46:18 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.601 X-Spam-Level: X-Spam-Status: No, score=-2.601 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kka9Y3J1jd8N for ; Tue, 8 Dec 2015 03:46:16 -0800 (PST) Received: from lb1-smtp-cloud2.xs4all.net (lb1-smtp-cloud2.xs4all.net [194.109.24.21]) (using TLSv1 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0D1421B2BCD for ; Tue, 8 Dec 2015 03:46:15 -0800 (PST) Received: from webmail.xs4all.nl ([194.109.20.216]) by smtp-cloud2.xs4all.net with ESMTP id qzmC1r00S4fjQrE01zmCvR; Tue, 08 Dec 2015 12:46:13 +0100 Received: from 2001:983:a264:1:1091:3ae4:576e:d6a5 by webmail.xs4all.nl with HTTP (HTTP/1.1 POST); Tue, 08 Dec 2015 12:46:12 +0100 MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII; format=flowed Content-Transfer-Encoding: 7bit Date: Tue, 08 Dec 2015 12:46:12 +0100 From: peter van der Stok To: Brian E Carpenter Organization: vanderstok consultancy Mail-Reply-To: consultancy@vanderstok.org In-Reply-To: <5665D85C.5010604@gmail.com> References: <20151204014333.GZ29056@cisco.com> <6471865864850e6c34961f12d45853cd@xs4all.nl> <5665D85C.5010604@gmail.com> Message-ID: <92ddd96dc21275a00aab797656407971@xs4all.nl> X-Sender: stokcons@xs4all.nl (3E/8hdl8oWQqiHmtwxKwQ+4bxvoSVaPg) User-Agent: XS4ALL Webmail Archived-At: Cc: Toerless Eckert , anima-bootstrap@ietf.org, consultancy@vanderstok.org Subject: Re: [Anima-bootstrap] anima-bootstrap: Bootstrap proxy discovery options X-BeenThere: anima-bootstrap@ietf.org X-Mailman-Version: 2.1.15 Precedence: list Reply-To: consultancy@vanderstok.org List-Id: Mailing list for the bootstrap design team of the ANIMA WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 08 Dec 2015 11:46:18 -0000 >>> 2. If 1. failed: OPTIONAL Discovery of bootstrap proxy via L3 >>> >> Many installations will have their own brand of service discovery >> (SD). >> Inter-operability of SD is the first objective; we can safely assume >> that if a given brand of SD is used, >> the whole installation uses this brand as specified by a SDO that is >> active in this particular market. >> >> I think it is sufficient to state that the proxy service needs to be >> discovered >> and how this can be done with DNS-SD (mDNS) or DHCP, the IETF >> standards. > > Just remember that in a truly autonomic network built with > factory-reset > devices, we cannot assume that anything at all has been configured or > named. > > Brian Yes, but there is a minimum set of services on which you rely: e.g. UDP, DNS, .. The discovery alternatives cited by toerless impress me as a list of services of which at least one must be present. Therefore my consideration that for something as basic as Service discovery, some industries may regret that they need for example mDNS next to their favoured discovery service e.g. Resource Directory. Faced with this choice they may decide that mDNS is not wanted but replaced by RD; and the Anima code in their products is adapted for that choice; while maintaining interoperability with ANIMA routers in all other respects. Peter From nobody Tue Dec 8 14:09:29 2015 Return-Path: X-Original-To: anima-bootstrap@ietfa.amsl.com Delivered-To: anima-bootstrap@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8D10A1A9245 for ; Tue, 8 Dec 2015 14:09:27 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -14.51 X-Spam-Level: X-Spam-Status: No, score=-14.51 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, T_RP_MATCHES_RCVD=-0.01, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pAvIw3l7nTXb for ; Tue, 8 Dec 2015 14:09:25 -0800 (PST) Received: from rcdn-iport-9.cisco.com (rcdn-iport-9.cisco.com [173.37.86.80]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 29A3A1A916C for ; Tue, 8 Dec 2015 14:09:25 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=2784; q=dns/txt; s=iport; t=1449612565; x=1450822165; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-id:content-transfer-encoding: mime-version; bh=exDkQ6IauAQTLcNZNtzIop5On2spAawnUVyfXhea7n4=; b=PM87zJhkyfM1ZkzbrB4nByBnzjeBCHANPuPY6J+FJ43snhyvQT0Yrb3+ mnkqLVPVrCV3iMDzm1pYCnl1ZYDvntbb3OgMYflL8E+VBJdDSdi5f7/ld Pa6K/zpWDQOHK0S0By6fiI5HyhrqMohmz3R7vsegoK9H7cISlvAOlMzdQ 0=; X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0BOAwCYVGdW/4ENJK1egzpTbgaCY7pWA?= =?us-ascii?q?Q2BbhcKhW0CHIEjOBQBAQEBAQEBfwuENAEBAQMBAQEBCRcROgsFCwIBBgIYAgI?= =?us-ascii?q?mAgICJQsVEAIEDgWIJwgNkH2dNpBsAQEBAQEBAQEBAQEBAQEBAQEBAQEBFASBA?= =?us-ascii?q?Ydigm6Hdy+BFQWHTIcQiAUBjTucbAEfAQFChARyhGiBBwEBAQ?= X-IronPort-AV: E=Sophos;i="5.20,400,1444694400"; d="scan'208";a="51631781" Received: from alln-core-9.cisco.com ([173.36.13.129]) by rcdn-iport-9.cisco.com with ESMTP/TLS/DHE-RSA-AES256-SHA; 08 Dec 2015 22:09:24 +0000 Received: from XCH-RCD-002.cisco.com (xch-rcd-002.cisco.com [173.37.102.12]) by alln-core-9.cisco.com (8.14.5/8.14.5) with ESMTP id tB8M9OD0004477 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Tue, 8 Dec 2015 22:09:24 GMT Received: from xch-aln-013.cisco.com (173.36.7.23) by XCH-RCD-002.cisco.com (173.37.102.12) with Microsoft SMTP Server (TLS) id 15.0.1104.5; Tue, 8 Dec 2015 16:09:23 -0600 Received: from xch-aln-013.cisco.com ([173.36.7.23]) by XCH-ALN-013.cisco.com ([173.36.7.23]) with mapi id 15.00.1104.009; Tue, 8 Dec 2015 16:09:23 -0600 From: "Max Pritikin (pritikin)" To: "consultancy@vanderstok.org" Thread-Topic: [Anima-bootstrap] anima-bootstrap: Bootstrap proxy discovery options Thread-Index: AQHRLjUzUXhNiuqCZk29llWSg8eoaJ6/ogkAgACqeACAARe8AIAArhwA Date: Tue, 8 Dec 2015 22:09:23 +0000 Message-ID: References: <20151204014333.GZ29056@cisco.com> <6471865864850e6c34961f12d45853cd@xs4all.nl> <5665D85C.5010604@gmail.com> <92ddd96dc21275a00aab797656407971@xs4all.nl> In-Reply-To: <92ddd96dc21275a00aab797656407971@xs4all.nl> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ms-exchange-messagesentrepresentingtype: 1 x-ms-exchange-transport-fromentityheader: Hosted x-originating-ip: [10.99.106.4] Content-Type: text/plain; charset="utf-8" Content-ID: <07C5A510247ABB489409435851AFC193@emea.cisco.com> Content-Transfer-Encoding: base64 MIME-Version: 1.0 Archived-At: Cc: "Toerless Eckert \(eckert\)" , "anima-bootstrap@ietf.org" Subject: Re: [Anima-bootstrap] anima-bootstrap: Bootstrap proxy discovery options X-BeenThere: anima-bootstrap@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Mailing list for the bootstrap design team of the ANIMA WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 08 Dec 2015 22:09:27 -0000 DQo+IE9uIERlYyA4LCAyMDE1LCBhdCA0OjQ2IEFNLCBwZXRlciB2YW4gZGVyIFN0b2sgPHN0b2tj b25zQHhzNGFsbC5ubD4gd3JvdGU6DQo+IA0KPiANCj4+Pj4gMi4gSWYgMS4gZmFpbGVkOiAgT1BU SU9OQUwgRGlzY292ZXJ5IG9mIGJvb3RzdHJhcCBwcm94eSB2aWEgTDMNCj4+PiBNYW55IGluc3Rh bGxhdGlvbnMgd2lsbCBoYXZlIHRoZWlyIG93biBicmFuZCBvZiBzZXJ2aWNlIGRpc2NvdmVyeSAo U0QpLg0KPj4+IEludGVyLW9wZXJhYmlsaXR5IG9mIFNEIGlzIHRoZSBmaXJzdCBvYmplY3RpdmU7 IHdlIGNhbiBzYWZlbHkgYXNzdW1lIHRoYXQgaWYgYSBnaXZlbiBicmFuZCBvZiBTRCBpcyB1c2Vk LA0KPj4+IHRoZSB3aG9sZSBpbnN0YWxsYXRpb24gdXNlcyB0aGlzIGJyYW5kIGFzIHNwZWNpZmll ZCBieSBhIFNETyB0aGF0IGlzIGFjdGl2ZSBpbiB0aGlzIHBhcnRpY3VsYXIgbWFya2V0Lg0KPj4+ IEkgdGhpbmsgaXQgaXMgc3VmZmljaWVudCB0byBzdGF0ZSB0aGF0IHRoZSBwcm94eSBzZXJ2aWNl IG5lZWRzIHRvIGJlIGRpc2NvdmVyZWQNCj4+PiBhbmQgaG93IHRoaXMgY2FuIGJlIGRvbmUgd2l0 aCBETlMtU0QgKG1ETlMpIG9yIERIQ1AsIHRoZSBJRVRGIHN0YW5kYXJkcy4NCj4+IEp1c3QgcmVt ZW1iZXIgdGhhdCBpbiBhIHRydWx5IGF1dG9ub21pYyBuZXR3b3JrIGJ1aWx0IHdpdGggZmFjdG9y eS1yZXNldA0KPj4gZGV2aWNlcywgd2UgY2Fubm90IGFzc3VtZSB0aGF0IGFueXRoaW5nIGF0IGFs bCBoYXMgYmVlbiBjb25maWd1cmVkIG9yDQo+PiBuYW1lZC4NCj4+ICAgIEJyaWFuDQo+IFllcywg YnV0IHRoZXJlIGlzIGEgbWluaW11bSBzZXQgb2Ygc2VydmljZXMgb24gd2hpY2ggeW91IHJlbHk6 IGUuZy4gVURQLCBETlMsIC4uDQo+IFRoZSBkaXNjb3ZlcnkgYWx0ZXJuYXRpdmVzIGNpdGVkIGJ5 IHRvZXJsZXNzIGltcHJlc3MgbWUgYXMgYSBsaXN0IG9mIHNlcnZpY2VzIG9mIHdoaWNoIGF0IGxl YXN0IG9uZSBtdXN0IGJlIHByZXNlbnQuDQoNClBlcmhhcHMgYW4gaW50ZXJlc3RpbmcgcGF0aCBp cyBsaWtlIHNvOg0KDQpBbiBpbnN0YW50aWF0ZWQgYW5pbWEgbmV0d29yayBNVVNUIHN1cHBvcnQg 4oCceOKAnS4gVGhpcyBhbGxvd3MgYWxsIGRldmljZXMgdG8ga25vdyB0aGUgbWluaW1hbCB0aGlu ZyB0aGV5IG5lZWQgdG8gc3VwcG9ydC4gDQpBbiBpbnN0YW50aWF0ZWQgYW5pbWEgbmV0d29yayBN QVkgc3VwcG9ydCBhZGRpdGlvbmFsIG1ldGhvZHMgc3VjaCBhc+KApiDigJx3LCB5IGFuZCB64oCd LiANCg0KPiBUaGVyZWZvcmUgbXkgY29uc2lkZXJhdGlvbiB0aGF0IGZvciBzb21ldGhpbmcgYXMg YmFzaWMgYXMgU2VydmljZSBkaXNjb3ZlcnksIHNvbWUgaW5kdXN0cmllcyBtYXkgcmVncmV0IHRo YXQgdGhleSBuZWVkIGZvciBleGFtcGxlIG1ETlMgbmV4dCB0byB0aGVpciBmYXZvdXJlZCBkaXNj b3Zlcnkgc2VydmljZSBlLmcuIFJlc291cmNlIERpcmVjdG9yeS4NCj4gRmFjZWQgd2l0aCB0aGlz IGNob2ljZSB0aGV5IG1heSBkZWNpZGUgdGhhdCBtRE5TIGlzIG5vdCB3YW50ZWQgYnV0IHJlcGxh Y2VkIGJ5IFJEOyBhbmQgdGhlIEFuaW1hIGNvZGUgaW4gdGhlaXIgcHJvZHVjdHMgaXMgYWRhcHRl ZCBmb3IgdGhhdCBjaG9pY2U7IHdoaWxlIG1haW50YWluaW5nIGludGVyb3BlcmFiaWxpdHkgd2l0 aCBBTklNQSByb3V0ZXJzIGluIGFsbCBvdGhlciByZXNwZWN0cy4NCg0KU28gbG9uZyBhcyB0aGVy ZSBpcyBhIGZhbGxiYWNrIHRoYXQgbmV3IGRldmljZXMgY2FuIGFsd2F5cyB1c2UgdG8gam9pbiB0 aGUgYW5pbWEgbmV0d29yayDigJQgZXZlbiBpZiBpdCBpc27igJl0IHRoZSBtb3N0IGVmZmljaWVu dCBtZXRob2QuIA0KDQotIG1heA0KDQo+IA0KPiBQZXRlcg0KPiANCj4gX19fX19fX19fX19fX19f X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX18NCj4gQW5pbWEtYm9vdHN0cmFwIG1haWxp bmcgbGlzdA0KPiBBbmltYS1ib290c3RyYXBAaWV0Zi5vcmcNCj4gaHR0cHM6Ly93d3cuaWV0Zi5v cmcvbWFpbG1hbi9saXN0aW5mby9hbmltYS1ib290c3RyYXANCg0K From nobody Tue Dec 8 14:38:04 2015 Return-Path: X-Original-To: anima-bootstrap@ietfa.amsl.com Delivered-To: anima-bootstrap@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A8F5C1ACD0F for ; Tue, 8 Dec 2015 14:38:03 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -0.82 X-Spam-Level: X-Spam-Status: No, score=-0.82 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HOST_MISMATCH_NET=0.311, RCVD_IN_SORBS_WEB=0.77, SPF_PASS=-0.001] autolearn=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id R-q8w6NkHY_i for ; Tue, 8 Dec 2015 14:38:02 -0800 (PST) Received: from relay.sandelman.ca (relay.cooperix.net [176.58.120.209]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8A64F1ACD27 for ; Tue, 8 Dec 2015 14:37:58 -0800 (PST) Received: from sandelman.ca (unknown [75.98.19.132]) by relay.sandelman.ca (Postfix) with ESMTPS id 0D1D822086; Tue, 8 Dec 2015 17:37:56 -0500 (EST) Received: by sandelman.ca (Postfix, from userid 179) id 683A76CB32; Tue, 8 Dec 2015 17:37:47 -0500 (EST) From: Michael Richardson To: "Max Pritikin \(pritikin\)" In-reply-to: <20D831CB-5075-4899-9C4F-D3D04334B1CF@cisco.com> References: <20151204014333.GZ29056@cisco.com> <13379.1449515233@dooku.sandelman.ca> <20D831CB-5075-4899-9C4F-D3D04334B1CF@cisco.com> Comments: In-reply-to "Max Pritikin (pritikin)" message dated "Mon, 07 Dec 2015 19:29:22 +0000." X-Mailer: MH-E 8.6; nmh 1.6+dev; GNU Emacs 24.4.1 MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha1; protocol="application/pgp-signature" Date: Tue, 08 Dec 2015 17:37:47 -0500 Message-ID: <2495.1449614267@dooku.sandelman.ca> Archived-At: Cc: "Toerless Eckert \(eckert\)" , "anima-bootstrap@ietf.org" Subject: Re: [Anima-bootstrap] anima-bootstrap: Bootstrap proxy discovery options X-BeenThere: anima-bootstrap@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Mailing list for the bootstrap design team of the ANIMA WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 08 Dec 2015 22:38:03 -0000 --=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Max Pritikin (pritikin) wrote: >> This is one reason I'd like the new device to do things that >> configured devices do regularly. So sending out a multicast IKEv2 >> INIT might really make sense here. Every device should do it every 5 >> to 15 minutes. >> >> A new device will either send them, or receive them. Either way, it >> can respond and within the privacy of IKEv2, can do something. That >> doesn't you can't use a proxy to get things through: the resulting >> one-hop-ACP won't be part of the production ACP. > Michael, I failed to parse your response. > Are you agreeing with Toerless=E2=80=99 argument that the new device = should be > a responder? No. I'm saying that a new device should do as little as possible to call attention to itself, and should prefer to do things that all other devices are already doing. > Or, are you arguing that the new device should initiate the > bootstrapping; but do so in a way that does not expose it is a new > device? For non-challenged (IoT) devices on non-challenged networks, the new device= should initiate and drive the bootstrapping. It would be best if this communication was indistinguishable from other ACP communication to an outsider. =2D- Michael Richardson , Sandelman Software Works -=3D IPv6 IoT consulting =3D- --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAEBAgAGBQJWZ1u5AAoJEKD0KQ7Gj3P2LWwH/i1XM2nrV+WwOlOuAqWFY+fy QuezeAuZL380u68ArYoDPb77jLimu/Jfx0c+z0wHJR+oDTpnPX24QIF7h6lJ0Osv s5UPI97EhbO/WMxXKF8l2mkTg6reF59rgJgMeHV/A4hri3qmDjoO6fjkJ5Q+nJKN lvuuo0Hff6pz91z5YvPW88P8iPMrQjaZ9uaXF3x/bN8Bqvzw1/XwsWtOKeo81NPh LD5aYX6zyvcINAi6BLNcD4EbHkjwAkGwbxSkDWzLQZsHk/BlTv0bQ9BlcnPXWVAL DaV4wGqdOf4KJRwDAH8x4gjJB3Bxd1gPfrhwFITdIhvpcFm1BYWLPqBEu50Mk7s= =kwtL -----END PGP SIGNATURE----- --=-=-=-- From nobody Tue Dec 8 15:48:46 2015 Return-Path: X-Original-To: anima-bootstrap@ietfa.amsl.com Delivered-To: anima-bootstrap@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 978CB1ACE91 for ; Tue, 8 Dec 2015 15:48:45 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -14.51 X-Spam-Level: X-Spam-Status: No, score=-14.51 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, T_RP_MATCHES_RCVD=-0.01, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BbZsr1uDMZOF for ; Tue, 8 Dec 2015 15:48:44 -0800 (PST) Received: from rcdn-iport-9.cisco.com (rcdn-iport-9.cisco.com [173.37.86.80]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 271881ACE88 for ; Tue, 8 Dec 2015 15:48:44 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=3178; q=dns/txt; s=iport; t=1449618523; x=1450828123; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-id:content-transfer-encoding: mime-version; bh=bX41Fv9sQsSJNBUZ/DaGTakzh6kUCl209sWqhGj3ZBQ=; b=C9Q5xHcI2NuCJfq/a4trTj4bnYuoaQI5dzsnhUwCZJSGN4+PJCtbWwHy 5AbTat3GRFp/Q4xyjVBd0yf3w8dVKIW+qnC9I2GCYydtJJDfOlQbUdTOi X2IW6GYs8s97s5/Y4CLKPTKvABMuhDkTT4RitoUnuxhE5Z3vblJgwrXnK 4=; X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0AlBQDCa2dW/4kNJK1UCoM6gUEGvUeBb?= =?us-ascii?q?oJegzACHIEaOhIBAQEBAQEBgQqENAEBAQMBIxFFBQsCAQgYAgImAgICMBUQAgQ?= =?us-ascii?q?OBYgnCK4ikG4BAQEBAQEBAQEBAQEBAQEBAQEBGoEBh2KCboQwKYMeL4EVBYVVg?= =?us-ascii?q?XeHEIgFAYsBgjqBW5cgg3EBKAE6hARyhGiBBwEBAQ?= X-IronPort-AV: E=Sophos;i="5.20,401,1444694400"; d="scan'208";a="51659187" Received: from alln-core-4.cisco.com ([173.36.13.137]) by rcdn-iport-9.cisco.com with ESMTP/TLS/DHE-RSA-AES256-SHA; 08 Dec 2015 23:48:43 +0000 Received: from XCH-RCD-005.cisco.com (xch-rcd-005.cisco.com [173.37.102.15]) by alln-core-4.cisco.com (8.14.5/8.14.5) with ESMTP id tB8NmhWg027268 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Tue, 8 Dec 2015 23:48:43 GMT Received: from xch-aln-013.cisco.com (173.36.7.23) by XCH-RCD-005.cisco.com (173.37.102.15) with Microsoft SMTP Server (TLS) id 15.0.1104.5; Tue, 8 Dec 2015 17:48:42 -0600 Received: from xch-aln-013.cisco.com ([173.36.7.23]) by XCH-ALN-013.cisco.com ([173.36.7.23]) with mapi id 15.00.1104.009; Tue, 8 Dec 2015 17:48:42 -0600 From: "Max Pritikin (pritikin)" To: Michael Richardson Thread-Topic: [Anima-bootstrap] anima-bootstrap: Bootstrap proxy discovery options Thread-Index: AQHRLjUzUXhNiuqCZk29llWSg8eoaJ677SQAgARf/ICAAAYvgIABxvuAgAAT0AA= Date: Tue, 8 Dec 2015 23:48:42 +0000 Message-ID: <43C69994-D02E-44A0-A739-4A6E45A3CE8C@cisco.com> References: <20151204014333.GZ29056@cisco.com> <13379.1449515233@dooku.sandelman.ca> <20D831CB-5075-4899-9C4F-D3D04334B1CF@cisco.com> <2495.1449614267@dooku.sandelman.ca> In-Reply-To: <2495.1449614267@dooku.sandelman.ca> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ms-exchange-messagesentrepresentingtype: 1 x-ms-exchange-transport-fromentityheader: Hosted x-originating-ip: [10.99.106.4] Content-Type: text/plain; charset="utf-8" Content-ID: Content-Transfer-Encoding: base64 MIME-Version: 1.0 Archived-At: Cc: "Toerless Eckert \(eckert\)" , "anima-bootstrap@ietf.org" Subject: Re: [Anima-bootstrap] anima-bootstrap: Bootstrap proxy discovery options X-BeenThere: anima-bootstrap@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Mailing list for the bootstrap design team of the ANIMA WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 08 Dec 2015 23:48:45 -0000 DQo+IE9uIERlYyA4LCAyMDE1LCBhdCAzOjM3IFBNLCBNaWNoYWVsIFJpY2hhcmRzb24gPG1jcitp ZXRmQHNhbmRlbG1hbi5jYT4gd3JvdGU6DQo+IA0KPiANCj4gTWF4IFByaXRpa2luIChwcml0aWtp bikgPHByaXRpa2luQGNpc2NvLmNvbT4gd3JvdGU6DQo+Pj4gVGhpcyBpcyBvbmUgcmVhc29uIEkn ZCBsaWtlIHRoZSBuZXcgZGV2aWNlIHRvIGRvIHRoaW5ncyB0aGF0DQo+Pj4gY29uZmlndXJlZCBk ZXZpY2VzIGRvIHJlZ3VsYXJseS4gIFNvIHNlbmRpbmcgb3V0IGEgbXVsdGljYXN0IElLRXYyDQo+ Pj4gSU5JVCBtaWdodCByZWFsbHkgbWFrZSBzZW5zZSBoZXJlLiAgRXZlcnkgZGV2aWNlIHNob3Vs ZCBkbyBpdCBldmVyeSA1DQo+Pj4gdG8gMTUgbWludXRlcy4NCj4+PiANCj4+PiBBIG5ldyBkZXZp Y2Ugd2lsbCBlaXRoZXIgc2VuZCB0aGVtLCBvciByZWNlaXZlIHRoZW0uICBFaXRoZXIgd2F5LCBp dA0KPj4+IGNhbiByZXNwb25kIGFuZCB3aXRoaW4gdGhlIHByaXZhY3kgb2YgSUtFdjIsIGNhbiBk byBzb21ldGhpbmcuICBUaGF0DQo+Pj4gZG9lc24ndCB5b3UgY2FuJ3QgdXNlIGEgcHJveHkgdG8g Z2V0IHRoaW5ncyB0aHJvdWdoOiB0aGUgcmVzdWx0aW5nDQo+Pj4gb25lLWhvcC1BQ1Agd29uJ3Qg YmUgcGFydCBvZiB0aGUgcHJvZHVjdGlvbiBBQ1AuDQo+IA0KPj4gTWljaGFlbCwgSSBmYWlsZWQg dG8gcGFyc2UgeW91ciByZXNwb25zZS4NCj4gDQo+PiBBcmUgeW91IGFncmVlaW5nIHdpdGggVG9l cmxlc3PigJkgYXJndW1lbnQgdGhhdCB0aGUgbmV3IGRldmljZSBzaG91bGQgYmUNCj4+IGEgcmVz cG9uZGVyPw0KPiANCj4gTm8uIEknbSBzYXlpbmcgdGhhdCBhIG5ldyBkZXZpY2Ugc2hvdWxkIGRv IGFzIGxpdHRsZSBhcyBwb3NzaWJsZSB0byBjYWxsDQo+IGF0dGVudGlvbiB0byBpdHNlbGYsDQoN Ck9rLCBzb3VuZHMgbGlrZSB5b3XigJlyZSBhZ3JlZWluZyB3aXRoIHRoZSB0aHJlYXQgYnV0IG5v dCBuZWNlc3NhcmlseSB0aGUgc3VnZ2VzdGVkIG1pdGlnYXRpb24uDQoNCj4gYW5kIHNob3VsZCBw cmVmZXIgdG8gZG8gdGhpbmdzIHRoYXQgYWxsIG90aGVyIGRldmljZXMNCj4gYXJlIGFscmVhZHkg ZG9pbmcuDQoNCknigJltIHBhcnRpYWxseSBjb252aW5jZWQgdGhhdCBpdHMgd29ydGggbWluaW1p emluZyBob3cgbXVjaCBhIGRldmljZSDigJxzdGlja3MgaXRzIG5lY2sgb3V04oCdIGJ1dCBvbmNl IGJvb3RzdHJhcCBpcyBpbml0aWF0ZWQgSSBkb27igJl0IHRoaW5rIGhpZGluZyB0aGUgZXhjaGFu Z2UgaXMgdmVyeSBlYXN5IG5vciB3b3J0aCB0aGUgZWZmb3J0Lg0KDQo+IA0KPj4gT3IsIGFyZSB5 b3UgYXJndWluZyB0aGF0IHRoZSBuZXcgZGV2aWNlIHNob3VsZCBpbml0aWF0ZSB0aGUNCj4+IGJv b3RzdHJhcHBpbmc7IGJ1dCBkbyBzbyBpbiBhIHdheSB0aGF0IGRvZXMgbm90IGV4cG9zZSBpdCBp cyBhIG5ldw0KPj4gZGV2aWNlPw0KPiANCj4gRm9yIG5vbi1jaGFsbGVuZ2VkIChJb1QpIGRldmlj ZXMgb24gbm9uLWNoYWxsZW5nZWQgbmV0d29ya3MsIHRoZSBuZXcgZGV2aWNlIHNob3VsZA0KPiBp bml0aWF0ZSBhbmQgZHJpdmUgdGhlIGJvb3RzdHJhcHBpbmcuDQo+IA0KPiBJdCB3b3VsZCBiZSBi ZXN0IGlmIHRoaXMgY29tbXVuaWNhdGlvbiB3YXMgaW5kaXN0aW5ndWlzaGFibGUgZnJvbSBvdGhl ciBBQ1ANCj4gY29tbXVuaWNhdGlvbiB0byBhbiBvdXRzaWRlci4NCg0KVGhpcyBjYW4gb25seSBv Y2N1ciBpZiBib290c3RyYXBwaW5nIGlzIG92ZXIgYSDigJxwcm92aXNpb25hbOKAnSBBQ1AuIEni gJltIHVuY29tZm9ydGFibGUgd2l0aCBoYXZpbmcgR1JBU1AgYW5kIEFDUCBpbmNsdWRlIHNwZWNp YWwgY2FzZXMgZm9yIGJvb3RzdHJhcHBpbmcuIE15IGd1dCBmZWVsIGlzIHRoYXQgdGhlIHNpbXBs aWNpdHkgb2YgYSBzcGVjaWZpYyBib290c3RyYXBwaW5nIHNlcXVlbmNlIOKAlCBldmVuIGlmIGlk ZW50aWZpYWJsZSDigJQgaXMgcHJlZmVyYWJsZS4gDQoNCkEgKm5vbi1wcml2YWN5KiBwcmVzZXJ2 aW5nIGJvb3RzdHJhcHBpbmcgaXMgcHJlZmVyYWJsZSBmcm9tIGEgY2VydGFpbiBwb2ludCBvZiB2 aWV3LiBJIHdhbnQgbXkgYXV0b25vbWljIG5ldHdvcmsgdG8gdHJhY2sgYW5kIGlkZW50aWZ5IGFu eSBvdmVybGFwcGluZyBhdXRvbm9taWMgYm9vdHN0cmFwcGluZyB0byBkb21haW5zIEkgZG9u4oCZ dCByZWNvZ25pemUuIA0KDQotIG1heA0KDQo+IA0KPiANCj4gLS0NCj4gTWljaGFlbCBSaWNoYXJk c29uIDxtY3IrSUVURkBzYW5kZWxtYW4uY2E+LCBTYW5kZWxtYW4gU29mdHdhcmUgV29ya3MNCj4g LT0gSVB2NiBJb1QgY29uc3VsdGluZyA9LQ0KPiANCj4gDQo+IA0KDQo= From nobody Tue Dec 8 16:32:41 2015 Return-Path: X-Original-To: anima-bootstrap@ietfa.amsl.com Delivered-To: anima-bootstrap@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B1AA51B2A4B for ; Tue, 8 Dec 2015 16:32:39 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2 X-Spam-Level: X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fqISrL9tDWfe for ; Tue, 8 Dec 2015 16:32:34 -0800 (PST) Received: from mail-pa0-x22a.google.com (mail-pa0-x22a.google.com [IPv6:2607:f8b0:400e:c03::22a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 902621B2A45 for ; Tue, 8 Dec 2015 16:32:34 -0800 (PST) Received: by pacwq6 with SMTP id wq6so20004323pac.1 for ; Tue, 08 Dec 2015 16:32:34 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=subject:to:references:cc:from:organization:message-id:date :user-agent:mime-version:in-reply-to:content-type :content-transfer-encoding; bh=gHvsZzaVmAr4aTlelcKesjo3i9eJ/mp8Yja8vNtrNrA=; b=DK+m4HWa8DWd0R9bl3qJ67ClcvMf4wUd3GW4HniTzTycCr1EppfpmIDh3GeM4Nuflk Djtp69/u6LGgO72gkajk+uZ0Wi52Y5oo9d2kh0hBTMpeIkAWCtnc61BkKy1upAWVrOE7 ctADs0EwqKC1yi/2KrdDeF8Fp5zX7Hbz8nOEKD+zznTPDrlxJj50RXWNBN8esI8oUnRq qE2TucnLMDZaLf101swh3uonaNyXtE2pEoYVxC66jikBa3qdADJELW0qxRbVLVHYVdwV ct7SYjbNsMPIOHoZLnHRPIz5fIGM0sCa9tCmawbfbwfxIUTisw2tfXWZ6+dwyARxnuFK 1YGA== X-Received: by 10.66.160.194 with SMTP id xm2mr4032886pab.68.1449621154229; Tue, 08 Dec 2015 16:32:34 -0800 (PST) Received: from ?IPv6:2406:e007:7085:1:28cc:dc4c:9703:6781? ([2406:e007:7085:1:28cc:dc4c:9703:6781]) by smtp.gmail.com with ESMTPSA id g73sm7139489pfd.81.2015.12.08.16.32.31 (version=TLSv1/SSLv3 cipher=OTHER); Tue, 08 Dec 2015 16:32:33 -0800 (PST) To: "Max Pritikin (pritikin)" , Michael Richardson References: <20151204014333.GZ29056@cisco.com> <13379.1449515233@dooku.sandelman.ca> <20D831CB-5075-4899-9C4F-D3D04334B1CF@cisco.com> <2495.1449614267@dooku.sandelman.ca> <43C69994-D02E-44A0-A739-4A6E45A3CE8C@cisco.com> From: Brian E Carpenter Organization: University of Auckland Message-ID: <566776A4.4080804@gmail.com> Date: Wed, 9 Dec 2015 13:32:36 +1300 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:38.0) Gecko/20100101 Thunderbird/38.4.0 MIME-Version: 1.0 In-Reply-To: <43C69994-D02E-44A0-A739-4A6E45A3CE8C@cisco.com> Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Archived-At: Cc: "Toerless Eckert \(eckert\)" , "anima-bootstrap@ietf.org" Subject: Re: [Anima-bootstrap] anima-bootstrap: Bootstrap proxy discovery options X-BeenThere: anima-bootstrap@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Mailing list for the bootstrap design team of the ANIMA WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 09 Dec 2015 00:32:39 -0000 On 09/12/2015 12:48, Max Pritikin (pritikin) wrote: >=20 >> On Dec 8, 2015, at 3:37 PM, Michael Richardson = wrote: >> >> >> Max Pritikin (pritikin) wrote: >>>> This is one reason I'd like the new device to do things that >>>> configured devices do regularly. So sending out a multicast IKEv2 >>>> INIT might really make sense here. Every device should do it every = 5 >>>> to 15 minutes. >>>> >>>> A new device will either send them, or receive them. Either way, it= >>>> can respond and within the privacy of IKEv2, can do something. That= >>>> doesn't you can't use a proxy to get things through: the resulting >>>> one-hop-ACP won't be part of the production ACP. >> >>> Michael, I failed to parse your response. >> >>> Are you agreeing with Toerless=E2=80=99 argument that the new device = should be >>> a responder? >> >> No. I'm saying that a new device should do as little as possible to ca= ll >> attention to itself, >=20 > Ok, sounds like you=E2=80=99re agreeing with the threat but not necessa= rily the suggested mitigation. >=20 >> and should prefer to do things that all other devices >> are already doing. >=20 > I=E2=80=99m partially convinced that its worth minimizing how much a de= vice =E2=80=9Csticks its neck out=E2=80=9D but once bootstrap is initiate= d I don=E2=80=99t think hiding the exchange is very easy nor worth the ef= fort. >=20 >> >>> Or, are you arguing that the new device should initiate the >>> bootstrapping; but do so in a way that does not expose it is a new >>> device? >> >> For non-challenged (IoT) devices on non-challenged networks, the new d= evice should >> initiate and drive the bootstrapping. >> >> It would be best if this communication was indistinguishable from othe= r ACP >> communication to an outsider. >=20 > This can only occur if bootstrapping is over a =E2=80=9Cprovisional=E2=80= =9D ACP. I=E2=80=99m uncomfortable with having GRASP and ACP include spec= ial cases for bootstrapping. My gut feel is that the simplicity of a spec= ific bootstrapping sequence =E2=80=94 even if identifiable =E2=80=94 is p= referable.=20 >=20 > A *non-privacy* preserving bootstrapping is preferable from a certain p= oint of view. I want my autonomic network to track and identify any overl= apping autonomic bootstrapping to domains I don=E2=80=99t recognize.=20 I *really* don't see how the first step can be anything other than a recognizable unencrypted multicast probe, whether it is sent by the joine= r or by some node that is already trusted. You could require that the unencryp= ted probe includes a public key so that a unicast response can be encrypted; = but neither end is authenticated at that stage. Brian Brian From nobody Wed Dec 9 01:58:27 2015 Return-Path: X-Original-To: anima-bootstrap@ietfa.amsl.com Delivered-To: anima-bootstrap@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 393651A007C for ; Wed, 9 Dec 2015 01:58:25 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -12.611 X-Spam-Level: X-Spam-Status: No, score=-12.611 tagged_above=-999 required=5 tests=[BAYES_20=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, T_RP_MATCHES_RCVD=-0.01, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vJLXR8-7g12N for ; Wed, 9 Dec 2015 01:58:23 -0800 (PST) Received: from rcdn-iport-2.cisco.com (rcdn-iport-2.cisco.com [173.37.86.73]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 818631A0065 for ; Wed, 9 Dec 2015 01:58:23 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=201; q=dns/txt; s=iport; t=1449655103; x=1450864703; h=date:from:to:subject:message-id:mime-version; bh=liO8bR+vKmNToYNagv8DaKi7E5IJV1Wi4Xh6e9sr+LU=; b=DIg2FlIV/3Gzvnu3vdjhsUFA1aJx8zIVWM8tY6nf69Ered/XAVtHs7m7 +MS78+3aqTcXdPsu651ybwES0XhTwIaIbp+ePBHzl3jYX36ssT557bVvf oEwGpOTuiO8UCjoJxZskpGRUp5Q0k4qmGDCKdnId3xzkOXXmC/aDwQt0h s=; X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0D7AQBF+mdW/5FdJa1egzq/BQENgWKHN?= =?us-ascii?q?zgUAQEBAQEBAYEKhHV7NAVJiEKeOaFhAQEBAQYBAQEBAQEBHJUSBY4jiEaBB4w?= =?us-ascii?q?yCp0EHwEBQoQlHYYtAQEB?= X-IronPort-AV: E=Sophos;i="5.20,403,1444694400"; d="scan'208";a="56733328" Received: from rcdn-core-9.cisco.com ([173.37.93.145]) by rcdn-iport-2.cisco.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 09 Dec 2015 09:58:22 +0000 Received: from mcast-linux1.cisco.com (mcast-linux1.cisco.com [172.27.244.121]) by rcdn-core-9.cisco.com (8.14.5/8.14.5) with ESMTP id tB99wM90031930 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Wed, 9 Dec 2015 09:58:22 GMT Received: from mcast-linux1.cisco.com (localhost.cisco.com [127.0.0.1]) by mcast-linux1.cisco.com (8.13.8/8.13.8) with ESMTP id tB99wMYC025235 for ; Wed, 9 Dec 2015 01:58:22 -0800 Received: (from eckert@localhost) by mcast-linux1.cisco.com (8.13.8/8.13.8/Submit) id tB99wLFL025234 for anima-bootstrap@ietf.org; Wed, 9 Dec 2015 01:58:21 -0800 Date: Wed, 9 Dec 2015 01:58:21 -0800 From: Toerless Eckert To: anima-bootstrap Message-ID: <20151209095821.GJ29056@cisco.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.4.2.2i Archived-At: Subject: [Anima-bootstrap] Meeting time this week ? X-BeenThere: anima-bootstrap@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Mailing list for the bootstrap design team of the ANIMA WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 09 Dec 2015 09:58:25 -0000 So, what's the meeting time this week if any... today (wednesday) or tomorrow, sorry confused because i think nobody generated an outlook invite i can see in my calendar ;-) Thanks Toerless From nobody Wed Dec 9 04:59:08 2015 Return-Path: X-Original-To: anima-bootstrap@ietfa.amsl.com Delivered-To: anima-bootstrap@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 692DA1A90B1 for ; Wed, 9 Dec 2015 04:59:01 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -14.51 X-Spam-Level: X-Spam-Status: No, score=-14.51 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, T_RP_MATCHES_RCVD=-0.01, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Q43cIHr1_Cy9 for ; Wed, 9 Dec 2015 04:59:00 -0800 (PST) Received: from rcdn-iport-6.cisco.com (rcdn-iport-6.cisco.com [173.37.86.77]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DE1621A90A4 for ; Wed, 9 Dec 2015 04:58:59 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=2658; q=dns/txt; s=iport; t=1449665939; x=1450875539; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=do9kNge8UOnc11AQtmIdS0NnQhDR0dVmJXO16e5/yvM=; b=JKb+cXs/rvOdyjNNu1AhVQnDtwLUeG5tfQe/tnD/ffqprKl74H3X0xqg 9JLAH0OyTveKwKuhEiL5pCX1ZmNzC2FO1zFkYuay6fwFiaSRWwsmd9SW1 FYALgOf75zdqArsrnlE1b+uaEcuiF6VIjinUaC9Oa8WsetDiI2Tn3pPdS k=; X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0AjBQDKJGhW/49dJa1UCoM6gUe/L4YPA?= =?us-ascii?q?hyBCTsRAQEBAQEBAYEKhDUBAQQjEUAFEAIBCBoCJgICAjAVEAIEAQ0NiCeuN5F?= =?us-ascii?q?zAQEBAQEBAQEBAQEBAQEBAQEBAQEBGIEBhVSEfYQwg0eBSQWWaQGNOoFjlzaDc?= =?us-ascii?q?gE3LIQEhWSBBwEBAQ?= X-IronPort-AV: E=Sophos;i="5.20,403,1444694400"; d="scan'208";a="54003157" Received: from rcdn-core-7.cisco.com ([173.37.93.143]) by rcdn-iport-6.cisco.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 09 Dec 2015 12:58:58 +0000 Received: from XCH-ALN-001.cisco.com (xch-aln-001.cisco.com [173.36.7.11]) by rcdn-core-7.cisco.com (8.14.5/8.14.5) with ESMTP id tB9Cwwqe023931 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Wed, 9 Dec 2015 12:58:58 GMT Received: from xch-rcd-006.cisco.com (173.37.102.16) by XCH-ALN-001.cisco.com (173.36.7.11) with Microsoft SMTP Server (TLS) id 15.0.1104.5; Wed, 9 Dec 2015 06:58:57 -0600 Received: from xch-rcd-006.cisco.com ([173.37.102.16]) by XCH-RCD-006.cisco.com ([173.37.102.16]) with mapi id 15.00.1104.009; Wed, 9 Dec 2015 06:58:57 -0600 From: "Michael Behringer (mbehring)" To: Brian E Carpenter , "Max Pritikin (pritikin)" , Michael Richardson Thread-Topic: [Anima-bootstrap] anima-bootstrap: Bootstrap proxy discovery options Thread-Index: AQHRLjUzV0yYB4U3OkOkSfr7faNAW5673GGAgARwv4CAAAYwAIABxvqAgAAT0ACAAAxEAIAAZfsw Date: Wed, 9 Dec 2015 12:58:57 +0000 Message-ID: References: <20151204014333.GZ29056@cisco.com> <13379.1449515233@dooku.sandelman.ca> <20D831CB-5075-4899-9C4F-D3D04334B1CF@cisco.com> <2495.1449614267@dooku.sandelman.ca> <43C69994-D02E-44A0-A739-4A6E45A3CE8C@cisco.com> <566776A4.4080804@gmail.com> In-Reply-To: <566776A4.4080804@gmail.com> Accept-Language: en-GB, en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ms-exchange-transport-fromentityheader: Hosted x-originating-ip: [10.49.80.35] Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 MIME-Version: 1.0 Archived-At: Cc: "Toerless Eckert \(eckert\)" , "anima-bootstrap@ietf.org" Subject: Re: [Anima-bootstrap] anima-bootstrap: Bootstrap proxy discovery options X-BeenThere: anima-bootstrap@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Mailing list for the bootstrap design team of the ANIMA WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 09 Dec 2015 12:59:01 -0000 PiA+Pj4gT3IsIGFyZSB5b3UgYXJndWluZyB0aGF0IHRoZSBuZXcgZGV2aWNlIHNob3VsZCBpbml0 aWF0ZSB0aGUNCj4gPj4+IGJvb3RzdHJhcHBpbmc7IGJ1dCBkbyBzbyBpbiBhIHdheSB0aGF0IGRv ZXMgbm90IGV4cG9zZSBpdCBpcyBhIG5ldw0KPiA+Pj4gZGV2aWNlPw0KPiA+Pg0KPiA+PiBGb3Ig bm9uLWNoYWxsZW5nZWQgKElvVCkgZGV2aWNlcyBvbiBub24tY2hhbGxlbmdlZCBuZXR3b3Jrcywg dGhlIG5ldw0KPiA+PiBkZXZpY2Ugc2hvdWxkIGluaXRpYXRlIGFuZCBkcml2ZSB0aGUgYm9vdHN0 cmFwcGluZy4NCj4gPj4NCj4gPj4gSXQgd291bGQgYmUgYmVzdCBpZiB0aGlzIGNvbW11bmljYXRp b24gd2FzIGluZGlzdGluZ3Vpc2hhYmxlIGZyb20NCj4gPj4gb3RoZXIgQUNQIGNvbW11bmljYXRp b24gdG8gYW4gb3V0c2lkZXIuDQo+ID4NCj4gPiBUaGlzIGNhbiBvbmx5IG9jY3VyIGlmIGJvb3Rz dHJhcHBpbmcgaXMgb3ZlciBhIOKAnHByb3Zpc2lvbmFs4oCdIEFDUC4gSeKAmW0NCj4gdW5jb21m b3J0YWJsZSB3aXRoIGhhdmluZyBHUkFTUCBhbmQgQUNQIGluY2x1ZGUgc3BlY2lhbCBjYXNlcyBm b3INCj4gYm9vdHN0cmFwcGluZy4gTXkgZ3V0IGZlZWwgaXMgdGhhdCB0aGUgc2ltcGxpY2l0eSBv ZiBhIHNwZWNpZmljIGJvb3RzdHJhcHBpbmcNCj4gc2VxdWVuY2Ug4oCUIGV2ZW4gaWYgaWRlbnRp ZmlhYmxlIOKAlCBpcyBwcmVmZXJhYmxlLg0KPiA+DQo+ID4gQSAqbm9uLXByaXZhY3kqIHByZXNl cnZpbmcgYm9vdHN0cmFwcGluZyBpcyBwcmVmZXJhYmxlIGZyb20gYSBjZXJ0YWluDQo+IHBvaW50 IG9mIHZpZXcuIEkgd2FudCBteSBhdXRvbm9taWMgbmV0d29yayB0byB0cmFjayBhbmQgaWRlbnRp ZnkgYW55DQo+IG92ZXJsYXBwaW5nIGF1dG9ub21pYyBib290c3RyYXBwaW5nIHRvIGRvbWFpbnMg SSBkb27igJl0IHJlY29nbml6ZS4NCj4gDQo+IEkgKnJlYWxseSogZG9uJ3Qgc2VlIGhvdyB0aGUg Zmlyc3Qgc3RlcCBjYW4gYmUgYW55dGhpbmcgb3RoZXIgdGhhbiBhDQo+IHJlY29nbml6YWJsZSB1 bmVuY3J5cHRlZCBtdWx0aWNhc3QgcHJvYmUsIHdoZXRoZXIgaXQgaXMgc2VudCBieSB0aGUgam9p bmVyIG9yDQo+IGJ5IHNvbWUgbm9kZSB0aGF0IGlzIGFscmVhZHkgdHJ1c3RlZC4gWW91IGNvdWxk IHJlcXVpcmUgdGhhdCB0aGUNCj4gdW5lbmNyeXB0ZWQgcHJvYmUgaW5jbHVkZXMgYSBwdWJsaWMg a2V5IHNvIHRoYXQgYSB1bmljYXN0IHJlc3BvbnNlIGNhbiBiZQ0KPiBlbmNyeXB0ZWQ7IGJ1dCBu ZWl0aGVyIGVuZCBpcyBhdXRoZW50aWNhdGVkIGF0IHRoYXQgc3RhZ2UuDQoNCkkgYWdyZWUgd2l0 aCBCcmlhbi4gTmV3IG5vZGUgYW5kIHByb3h5IG5lZWQgZmluZCBlYWNoIG90aGVyLCB0aGlzIGlu dmFyaWFibHkgd2lsbCBpbnZvbHZlIHNvbWUgbWNhc3QgcHJvYmUuIEFuZCwgbWNyLCBJIHRoaW5r IGFsc28geW91ciBJS0UgcHJvcG9zYWwgaW5jbHVkZWQgSUtFIG1jYXN0IHBhY2tldHMgaW5pdGlh bGx5LCByaWdodD8gU28gYWxzbyB0aGF0IGlzIG5vdCAibm9ybWFsIiBhbmQgd2lsbCBiZSBkZXRl Y3RlZC4gSSB0aGluayB0cnlpbmcgdG8gaGlkZSB0aGUgcHJvY2VzcyBpcyBpbXBvc3NpYmxlLCB0 aHVzIHdlIHNob3VsZG4ndCBldmVuIHRyeSB0byBvcHRpbWlzZSB0b3dhcmQgaXQsIGJ1dCBmb2N1 cyBvbiBtaW5pbWlzaW5nIGRpc2Nsb3N1cmUuIA0KDQpJIHRoaW5rIHRoZSBvcHRpbXVtIGlzOiAN Ci0gaWYgdGhlIHByb3h5IHNlbmRzIG91dCBtaW5pbWFsIGluZm9ybWF0aW9uLiBQcm9iYWJseSBq dXN0IHNvbWV0aGluZyBpZGVudGlmeWluZyBhIGRvbWFpbi4gSSBkb24ndCBzZWUgYW5vdGhlciB3 YXkgcmlnaHQgbm93IHRoYW4gZG9pbmcgdGhpcyBwZXJpb2RpY2FsbHkuIA0KLSBpZiB0aGUgbmV3 IG5vZGUgc2VuZHMgbm90aGluZyBhdCBhbGwgKGllIGp1c3QgcmVzcG9uZHMpDQoNCk1pY2hhZWwN Cg== From nobody Wed Dec 9 05:08:43 2015 Return-Path: X-Original-To: anima-bootstrap@ietfa.amsl.com Delivered-To: anima-bootstrap@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 245FA1A90CE for ; Wed, 9 Dec 2015 05:08:42 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -14.51 X-Spam-Level: X-Spam-Status: No, score=-14.51 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, T_RP_MATCHES_RCVD=-0.01, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cLtwICF3TH_M for ; Wed, 9 Dec 2015 05:08:40 -0800 (PST) Received: from alln-iport-5.cisco.com (alln-iport-5.cisco.com [173.37.142.92]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9CF721A90CC for ; Wed, 9 Dec 2015 05:08:40 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=1312; q=dns/txt; s=iport; t=1449666520; x=1450876120; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=k5UHj3q7wDW9MPf4+5MBHClTkB606+t0dk+vYD+O7A0=; b=KQkNedmBJsVOjYdBpacG8MGyyLYOKMoD0ZPxE2Qxq9i9A1PnpGe31DBp KPyg1RsPNcZX8b1lh3BLm1ViyzeZ33I13me4c9i4iiHO1vXNx4aVX+tZD 07YH4ZRZUQ/9ZOrtypbatZA1brXSVE6r4ZwDNePsIoqXYe8fq6/6ASqfU 4=; X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0D/AQCdJmhW/51dJa1egzpTbga9PwENg?= =?us-ascii?q?WIXCoVuAoElOBQBAQEBAQEBgQqENAEBAQMBAQEBNzQLBQsCAQg2ECcLJQIEAQ0?= =?us-ascii?q?FCIgfCA3AHgEBAQEBAQEBAQEBAQEBAQEBAQEBARQEhlWEfYQphRcFlmkBjTqdC?= =?us-ascii?q?wEfAQFChARyhHKBBwEBAQ?= X-IronPort-AV: E=Sophos;i="5.20,403,1444694400"; d="scan'208";a="216174818" Received: from rcdn-core-6.cisco.com ([173.37.93.157]) by alln-iport-5.cisco.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 09 Dec 2015 13:08:39 +0000 Received: from XCH-ALN-001.cisco.com (xch-aln-001.cisco.com [173.36.7.11]) by rcdn-core-6.cisco.com (8.14.5/8.14.5) with ESMTP id tB9D8dNR003952 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Wed, 9 Dec 2015 13:08:39 GMT Received: from xch-rcd-006.cisco.com (173.37.102.16) by XCH-ALN-001.cisco.com (173.36.7.11) with Microsoft SMTP Server (TLS) id 15.0.1104.5; Wed, 9 Dec 2015 07:08:39 -0600 Received: from xch-rcd-006.cisco.com ([173.37.102.16]) by XCH-RCD-006.cisco.com ([173.37.102.16]) with mapi id 15.00.1104.009; Wed, 9 Dec 2015 07:08:39 -0600 From: "Michael Behringer (mbehring)" To: "consultancy@vanderstok.org" , "Brian E Carpenter" Thread-Topic: [Anima-bootstrap] anima-bootstrap: Bootstrap proxy discovery options Thread-Index: AQHRLjUzV0yYB4U3OkOkSfr7faNAW56/ogkAgACqeACAARe8AIABQjvQ Date: Wed, 9 Dec 2015 13:08:39 +0000 Message-ID: References: <20151204014333.GZ29056@cisco.com> <6471865864850e6c34961f12d45853cd@xs4all.nl> <5665D85C.5010604@gmail.com> <92ddd96dc21275a00aab797656407971@xs4all.nl> In-Reply-To: <92ddd96dc21275a00aab797656407971@xs4all.nl> Accept-Language: en-GB, en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ms-exchange-transport-fromentityheader: Hosted x-originating-ip: [10.49.80.35] Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Archived-At: Cc: "Toerless Eckert \(eckert\)" , "anima-bootstrap@ietf.org" Subject: Re: [Anima-bootstrap] anima-bootstrap: Bootstrap proxy discovery options X-BeenThere: anima-bootstrap@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Mailing list for the bootstrap design team of the ANIMA WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 09 Dec 2015 13:08:42 -0000 > The discovery alternatives cited by toerless impress me as a list of serv= ices of > which at least one must be present. >=20 > Therefore my consideration that for something as basic as Service discove= ry, > some industries may regret that they need for example mDNS next to their > favoured discovery service e.g. Resource Directory. > Faced with this choice they may decide that mDNS is not wanted but > replaced by RD; and the Anima code in their products is adapted for that > choice; while maintaining interoperability with ANIMA routers in all othe= r > respects. At the end of the day I personally don't care *how* a domain certificate ge= ts onto a new device.=20 Probably we should be more clear on this, draw a big line, and state that t= he domain enrolment process may be replaced by many other methods, and that= 's ok. So for us here that means, AN must also work if the domain certificates are= (for whatever reason) already on the devices. I.e., what happens later in = the AN process must not depend on anything in the bootstrap process, except= the PKI info.=20 Michael =20 > Peter >=20 > _______________________________________________ > Anima-bootstrap mailing list > Anima-bootstrap@ietf.org > https://www.ietf.org/mailman/listinfo/anima-bootstrap From nobody Wed Dec 9 05:12:44 2015 Return-Path: X-Original-To: anima-bootstrap@ietfa.amsl.com Delivered-To: anima-bootstrap@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BA3B11A90D9 for ; Wed, 9 Dec 2015 05:12:42 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -14.51 X-Spam-Level: X-Spam-Status: No, score=-14.51 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, T_RP_MATCHES_RCVD=-0.01, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nKlqMmCl9_c9 for ; Wed, 9 Dec 2015 05:12:36 -0800 (PST) Received: from rcdn-iport-4.cisco.com (rcdn-iport-4.cisco.com [173.37.86.75]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C38331A90D8 for ; Wed, 9 Dec 2015 05:12:36 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=1459; q=dns/txt; s=iport; t=1449666756; x=1450876356; h=date:from:to:cc:subject:message-id:references: mime-version:in-reply-to; bh=5v6T5QYlle2lWty8ZSTo3y7AJDMx1UUKSKlCIDl0NEI=; b=Zd+1RwJzMkD5M3kGjbUwno56MhLDfCtmGWCdIEgrgfIH+Z6V6q06tYx8 og1TkimPXxnyioqyEQlQRaFVyfnN49LO+uz6DY2W0UheQ+/j5yJn/f/B8 M5eFKnef7IMXqozTLZEPKURTHOgYkcbSNeSbPCmdbvybIOKYBmHSMznPV Y=; X-IronPort-AV: E=Sophos;i="5.20,403,1444694400"; d="scan'208";a="53859660" Received: from alln-core-4.cisco.com ([173.36.13.137]) by rcdn-iport-4.cisco.com with ESMTP/TLS/DHE-RSA-AES256-SHA; 09 Dec 2015 13:12:36 +0000 Received: from mcast-linux1.cisco.com (mcast-linux1.cisco.com [172.27.244.121]) by alln-core-4.cisco.com (8.14.5/8.14.5) with ESMTP id tB9DCZdn008013 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Wed, 9 Dec 2015 13:12:36 GMT Received: from mcast-linux1.cisco.com (localhost.cisco.com [127.0.0.1]) by mcast-linux1.cisco.com (8.13.8/8.13.8) with ESMTP id tB9DCZLa001269; Wed, 9 Dec 2015 05:12:35 -0800 Received: (from eckert@localhost) by mcast-linux1.cisco.com (8.13.8/8.13.8/Submit) id tB9DCYIs001268; Wed, 9 Dec 2015 05:12:34 -0800 Date: Wed, 9 Dec 2015 05:12:34 -0800 From: "Toerless Eckert (eckert)" To: Brian E Carpenter Message-ID: <20151209131234.GN29056@cisco.com> References: <20151204014333.GZ29056@cisco.com> <13379.1449515233@dooku.sandelman.ca> <20D831CB-5075-4899-9C4F-D3D04334B1CF@cisco.com> <2495.1449614267@dooku.sandelman.ca> <43C69994-D02E-44A0-A739-4A6E45A3CE8C@cisco.com> <566776A4.4080804@gmail.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <566776A4.4080804@gmail.com> User-Agent: Mutt/1.4.2.2i Archived-At: Cc: Michael Richardson , "Max Pritikin \(pritikin\)" , "anima-bootstrap@ietf.org" Subject: Re: [Anima-bootstrap] anima-bootstrap: Bootstrap proxy discovery options X-BeenThere: anima-bootstrap@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Mailing list for the bootstrap design team of the ANIMA WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 09 Dec 2015 13:12:42 -0000 On Wed, Dec 09, 2015 at 01:32:36PM +1300, Brian E Carpenter wrote: > I *really* don't see how the first step can be anything other than a > recognizable unencrypted multicast probe, whether it is sent by the joiner or > by some node that is already trusted. You could require that the unencrypted > probe includes a public key so that a unicast response can be encrypted; but > neither end is authenticated at that stage. Brian: Max'es original argument was to minimize the invention of new secure association setup. So when you need a secure association for bootstrap, we rely on TLS for EST. When we need a secure association for ACP/GRASP, we rely on (d)TLS (still have to decide in detail how to do this). If this argument makes sense to the team, then i think we do not need crypto info in the multicast discovery, because the response will directly be the first packets of (d)TLS for EST or ACP/GRAP - eg: nothing new needed. The only idea i could think of was to include crypto information in the multicast announcement not for the benefit of the security association itself, but for the benefit of a third party observer that tries to ensure no attacker sends discoveries to prey on defenseless unconfigured greenfield devices. I am happy about any new valuable crypto we can put into the discovery, i just want to make sure we can be precise about the attack vector it helps to protect against. Cheers Toerless From nobody Wed Dec 9 05:22:29 2015 Return-Path: X-Original-To: anima-bootstrap@ietfa.amsl.com Delivered-To: anima-bootstrap@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 883E01A912C for ; Wed, 9 Dec 2015 05:22:28 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -14.51 X-Spam-Level: X-Spam-Status: No, score=-14.51 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, T_RP_MATCHES_RCVD=-0.01, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3KVkx0iSPX7d for ; Wed, 9 Dec 2015 05:22:26 -0800 (PST) Received: from rcdn-iport-5.cisco.com (rcdn-iport-5.cisco.com [173.37.86.76]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 914F91A9134 for ; Wed, 9 Dec 2015 05:22:26 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=2712; q=dns/txt; s=iport; t=1449667346; x=1450876946; h=date:from:to:cc:subject:message-id:references: mime-version:in-reply-to; bh=/ADtDuf60w+5Vxt3T9YAF9ZVRBmI570tDWEHzMyNkU8=; b=VO/EBO+64VF7bQbRHyUJRsHgrbIrn3ceNlEDAhwBoWVTCn1BYBoHlADT YtoGdKdld8YE6HxHVO2Yq5MHXnlL+o84VYrZQLC7aRc7nDo3oYqYroyfs CxQOeynfN036K3QCL3RrmMsvv8wLJd02TFURFcZrwGNCtfvnwyeLiX6mN 0=; X-IronPort-AV: E=Sophos;i="5.20,403,1444694400"; d="scan'208";a="53959630" Received: from alln-core-6.cisco.com ([173.36.13.139]) by rcdn-iport-5.cisco.com with ESMTP/TLS/DHE-RSA-AES256-SHA; 09 Dec 2015 13:22:26 +0000 Received: from mcast-linux1.cisco.com (mcast-linux1.cisco.com [172.27.244.121]) by alln-core-6.cisco.com (8.14.5/8.14.5) with ESMTP id tB9DMPe3032563 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Wed, 9 Dec 2015 13:22:25 GMT Received: from mcast-linux1.cisco.com (localhost.cisco.com [127.0.0.1]) by mcast-linux1.cisco.com (8.13.8/8.13.8) with ESMTP id tB9DMPFA001739; Wed, 9 Dec 2015 05:22:25 -0800 Received: (from eckert@localhost) by mcast-linux1.cisco.com (8.13.8/8.13.8/Submit) id tB9DMOa9001738; Wed, 9 Dec 2015 05:22:24 -0800 Date: Wed, 9 Dec 2015 05:22:24 -0800 From: "Toerless Eckert (eckert)" To: "Michael Behringer (mbehring)" Message-ID: <20151209132224.GO29056@cisco.com> References: <20151204014333.GZ29056@cisco.com> <6471865864850e6c34961f12d45853cd@xs4all.nl> <5665D85C.5010604@gmail.com> <92ddd96dc21275a00aab797656407971@xs4all.nl> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.4.2.2i Archived-At: Cc: "anima-bootstrap@ietf.org" , "consultancy@vanderstok.org" Subject: Re: [Anima-bootstrap] anima-bootstrap: Bootstrap proxy discovery options X-BeenThere: anima-bootstrap@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Mailing list for the bootstrap design team of the ANIMA WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 09 Dec 2015 13:22:28 -0000 Michael: Lets assume we replace EST bootstraap with "a guy with a USB stick feeding manually domain certs to greenfield devices". a) I agree that we would want to make sure our protocols are set up so that even such a device could perfectly bring up ACP afterwards and continue with the rest of autonomic functions (GRASP inside ACP, agents,...). b) I don't think we would want to call such a device "autonomic". It's partial autonomic at best. But yes, it may be perfectly valid and relevant to some industries. If you agree, then the problem is IMHO primarily in the reference model calling out that devices that for one reason or the other can not / want-not implement the whole ANIMA suite can perfectly well implement just parts of it, because ANIMA is defined such that the different building blocks are modular. Just that such a device is only "partial-autonomic" (or whatever you think is a good naming to distinguish it from a truely autonomic device). Btw: This also goes the other way, eg: it would IHO make sense that the bootstrap spec can be deplpoyed on devices that do not want any further AN functions after the certificates are enrolled. I think that option is also something we want to explain in the bootstrap draft. Cheers Toerless On Wed, Dec 09, 2015 at 01:08:39PM +0000, Michael Behringer (mbehring) wrote: > > The discovery alternatives cited by toerless impress me as a list of services of > > which at least one must be present. > > > > Therefore my consideration that for something as basic as Service discovery, > > some industries may regret that they need for example mDNS next to their > > favoured discovery service e.g. Resource Directory. > > Faced with this choice they may decide that mDNS is not wanted but > > replaced by RD; and the Anima code in their products is adapted for that > > choice; while maintaining interoperability with ANIMA routers in all other > > respects. > > At the end of the day I personally don't care *how* a domain certificate gets onto a new device. > > Probably we should be more clear on this, draw a big line, and state that the domain enrolment process may be replaced by many other methods, and that's ok. > > So for us here that means, AN must also work if the domain certificates are (for whatever reason) already on the devices. I.e., what happens later in the AN process must not depend on anything in the bootstrap process, except the PKI info. > > Michael > > > Peter > > > > _______________________________________________ > > Anima-bootstrap mailing list > > Anima-bootstrap@ietf.org > > https://www.ietf.org/mailman/listinfo/anima-bootstrap From nobody Wed Dec 9 08:39:06 2015 Return-Path: X-Original-To: anima-bootstrap@ietfa.amsl.com Delivered-To: anima-bootstrap@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9B59E1ACCE2 for ; Wed, 9 Dec 2015 08:39:04 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.611 X-Spam-Level: X-Spam-Status: No, score=-2.611 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ntsIQ6ovLVMe for ; Wed, 9 Dec 2015 08:39:02 -0800 (PST) Received: from tuna.sandelman.ca (tuna.sandelman.ca [209.87.249.19]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 12D401ACC85 for ; Wed, 9 Dec 2015 08:39:02 -0800 (PST) Received: from sandelman.ca (obiwan.sandelman.ca [IPv6:2607:f0b0:f:2::247]) by tuna.sandelman.ca (Postfix) with ESMTP id 943332002A; Wed, 9 Dec 2015 11:44:37 -0500 (EST) Received: by sandelman.ca (Postfix, from userid 179) id BFA0E63757; Wed, 9 Dec 2015 11:39:00 -0500 (EST) Received: from sandelman.ca (localhost [127.0.0.1]) by sandelman.ca (Postfix) with ESMTP id A7F1963745; Wed, 9 Dec 2015 11:39:00 -0500 (EST) From: Michael Richardson To: Toerless Eckert In-Reply-To: <20151209095821.GJ29056@cisco.com> References: <20151209095821.GJ29056@cisco.com> X-Mailer: MH-E 8.6; nmh 1.3-dev; GNU Emacs 24.4.2 X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m Sender: mcr@sandelman.ca Archived-At: Cc: anima-bootstrap Subject: Re: [Anima-bootstrap] Meeting time this week ? X-BeenThere: anima-bootstrap@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Mailing list for the bootstrap design team of the ANIMA WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 09 Dec 2015 16:39:04 -0000 --=-=-= Content-Type: text/plain Every Thursday at 11am EST. Try this link: https://calendar.google.com/calendar/event?action=TEMPLATE&tmeid=MHR0ajRtbDM2MnU1NmU2YW9ocWtrNGY2ZG9fMjAxNTEyMTBUMTYwMDAwWiBtY2hhcmxlc3JAbQ&tmsrc=mcharlesr%40gmail.com -- Michael Richardson , Sandelman Software Works -= IPv6 IoT consulting =- --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEVAwUBVmhZH4CLcPvd0N1lAQKPXgf+IpRE+y2VPwZEQrPB8rCqhlceqaFagDxP c4gPfwfrH8rT/PaXAREOoZg0H96aAojiMTGftsLnwOEyU+fGCTjbxtLtGlRz+SiQ GStuMGXk7w2oVTMLM633zzbveRlEIhEs58irVnIOaFGTEVzNo2zkym+EU+AQpXbl 9tXmsPDuqA4shsxZRHhi3VsElvMxWkvWVAPcq7QVw1fpp+9HfCuWvcouNOa2rqdv zz0x1cDypmI0t9tijGmKa2aT+eFF/Nf2vyFBGKCke+jOxJJCHGYKyDBTrv0i1NOb 22vWFkj3lhlQC1Lo2RUaV9PNi9PuKdVVJca4vJW8WWpZwHjC2QoBgw== =+srM -----END PGP SIGNATURE----- --=-=-=-- From nobody Wed Dec 9 10:59:32 2015 Return-Path: X-Original-To: anima-bootstrap@ietfa.amsl.com Delivered-To: anima-bootstrap@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B40501AC3E7 for ; Wed, 9 Dec 2015 10:59:31 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2 X-Spam-Level: X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EKDyl7Wxb4F9 for ; Wed, 9 Dec 2015 10:59:30 -0800 (PST) Received: from mail-pa0-x229.google.com (mail-pa0-x229.google.com [IPv6:2607:f8b0:400e:c03::229]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9C69B1A1A7B for ; Wed, 9 Dec 2015 10:59:30 -0800 (PST) Received: by pabur14 with SMTP id ur14so34014387pab.0 for ; Wed, 09 Dec 2015 10:59:30 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=subject:to:references:cc:from:organization:message-id:date :user-agent:mime-version:in-reply-to:content-type :content-transfer-encoding; bh=mSfzsnD36xFxC+yP4ydKhaipPrxWlYvCqzGLfoQJToo=; b=M0OKfNARTZI6jgSXr1zK78yHhZuDQNGKMcjRXc1nCKxQPGhhqColsBjwC9z6MKvAiY JPfWy7gFXqVOOMoPLSYe0uSKOrUQYnSsPzTpgNkww4WMqehuzRABnAGhVgwrsSe4DeBY 7NJQV/qEFiaUAy8Ec51zK3fcbeL1o4IeEEiuvjo1yZFDtfq+w5J5sEYCGtUVdWg/xbXm vI7mEnMMQ1a6a2Uz0W15B3VEDAQkOJInEP8gYZTY5OEuZJ22Nl5KoHOlPvYSm5hD6iIt 4+JroGQKn/3QfcQ1yzj9F9cQYMy2m+F1qZrTRcbqs+AsbiJpx3qUcKcQyk9dVnKoAEeH ZUZA== X-Received: by 10.66.102.4 with SMTP id fk4mr10341357pab.85.1449687570015; Wed, 09 Dec 2015 10:59:30 -0800 (PST) Received: from ?IPv6:2406:e007:6917:1:28cc:dc4c:9703:6781? ([2406:e007:6917:1:28cc:dc4c:9703:6781]) by smtp.gmail.com with ESMTPSA id w1sm13271835pfa.57.2015.12.09.10.59.26 (version=TLSv1/SSLv3 cipher=OTHER); Wed, 09 Dec 2015 10:59:28 -0800 (PST) To: "Toerless Eckert (eckert)" References: <20151204014333.GZ29056@cisco.com> <13379.1449515233@dooku.sandelman.ca> <20D831CB-5075-4899-9C4F-D3D04334B1CF@cisco.com> <2495.1449614267@dooku.sandelman.ca> <43C69994-D02E-44A0-A739-4A6E45A3CE8C@cisco.com> <566776A4.4080804@gmail.com> <20151209131234.GN29056@cisco.com> From: Brian E Carpenter Organization: University of Auckland Message-ID: <56687A15.7070305@gmail.com> Date: Thu, 10 Dec 2015 07:59:33 +1300 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:38.0) Gecko/20100101 Thunderbird/38.4.0 MIME-Version: 1.0 In-Reply-To: <20151209131234.GN29056@cisco.com> Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit Archived-At: Cc: Michael Richardson , "Max Pritikin \(pritikin\)" , "anima-bootstrap@ietf.org" Subject: Re: [Anima-bootstrap] anima-bootstrap: Bootstrap proxy discovery options X-BeenThere: anima-bootstrap@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Mailing list for the bootstrap design team of the ANIMA WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 09 Dec 2015 18:59:31 -0000 On 10/12/2015 02:12, Toerless Eckert (eckert) wrote: ... > I am happy about any new valuable crypto we can put into the discovery, i just > want to make sure we can be precise about the attack vector it helps to protect > against. I very much agree with that. I wasn't actually saying we must add a public key for the first exchange, just that we *could*. Actually the attack that really puzzles me is this one: Alice: Hello everybody, I want to join. Bob: Hi Alice, I'll be your proxy today. Eve: Hi Alice, I'll be your proxy today. How does Alice know to listen to Bob and ignore Eve? At that point she has no keys or certificates for Bob. Brian From nobody Wed Dec 9 11:23:18 2015 Return-Path: X-Original-To: anima-bootstrap@ietfa.amsl.com Delivered-To: anima-bootstrap@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A27951A03AA for ; Wed, 9 Dec 2015 11:23:16 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -13.31 X-Spam-Level: X-Spam-Status: No, score=-13.31 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, J_CHICKENPOX_32=0.6, J_CHICKENPOX_44=0.6, RCVD_IN_DNSWL_HI=-5, T_RP_MATCHES_RCVD=-0.01, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6lHhYbfK3OR3 for ; Wed, 9 Dec 2015 11:23:14 -0800 (PST) Received: from rcdn-iport-5.cisco.com (rcdn-iport-5.cisco.com [173.37.86.76]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 774411A03A6 for ; Wed, 9 Dec 2015 11:23:14 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=3399; q=dns/txt; s=iport; t=1449688994; x=1450898594; h=date:from:to:cc:subject:message-id:references: mime-version:in-reply-to; bh=t+2VQK5wcvkTpnEH2Pm8Bth1ujHnobbAa/VFXIEEp0o=; b=AhXhTXYjGdI28rz+607Wwhs91bOeH4Y7uuzvvZy2S7omCCvb9ok/TTCB NBj6q+wa8ZpISppLRcGTwaWx8vYjc/knDmFXyZihl5rzgf7tyXwRnneNj dkn7KX8sDhhJdKntbZxFLkCiLUJrzLJBIYwy+0mIpRDcSjXwnJyKVEaKz U=; X-IronPort-AV: E=Sophos;i="5.20,405,1444694400"; d="scan'208";a="54064696" Received: from rcdn-core-8.cisco.com ([173.37.93.144]) by rcdn-iport-5.cisco.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 09 Dec 2015 19:23:13 +0000 Received: from mcast-linux1.cisco.com (mcast-linux1.cisco.com [172.27.244.121]) by rcdn-core-8.cisco.com (8.14.5/8.14.5) with ESMTP id tB9JND3l010996 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Wed, 9 Dec 2015 19:23:13 GMT Received: from mcast-linux1.cisco.com (localhost.cisco.com [127.0.0.1]) by mcast-linux1.cisco.com (8.13.8/8.13.8) with ESMTP id tB9JNDmu017199; Wed, 9 Dec 2015 11:23:13 -0800 Received: (from eckert@localhost) by mcast-linux1.cisco.com (8.13.8/8.13.8/Submit) id tB9JNDf4017198; Wed, 9 Dec 2015 11:23:13 -0800 Date: Wed, 9 Dec 2015 11:23:13 -0800 From: "Toerless Eckert (eckert)" To: Brian E Carpenter Message-ID: <20151209192313.GR29056@cisco.com> References: <20151204014333.GZ29056@cisco.com> <13379.1449515233@dooku.sandelman.ca> <20D831CB-5075-4899-9C4F-D3D04334B1CF@cisco.com> <2495.1449614267@dooku.sandelman.ca> <43C69994-D02E-44A0-A739-4A6E45A3CE8C@cisco.com> <566776A4.4080804@gmail.com> <20151209131234.GN29056@cisco.com> <56687A15.7070305@gmail.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <56687A15.7070305@gmail.com> User-Agent: Mutt/1.4.2.2i Archived-At: Cc: Michael Richardson , "Max Pritikin \(pritikin\)" , "anima-bootstrap@ietf.org" Subject: Re: [Anima-bootstrap] anima-bootstrap: Bootstrap proxy discovery options X-BeenThere: anima-bootstrap@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Mailing list for the bootstrap design team of the ANIMA WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 09 Dec 2015 19:23:16 -0000 Alice never knows until later. a) Lets assume we're talking bout announcements by Bob/Eve to connect to their ACP. Minimally, Alice has no idea whom it wants to connect to. So it simply starts let's say dTLS to Bob and Eve. Alice will then figure out whether Bob and.or Eve have domain certs for the same domain Alice is in. If not, Alice (or Bob/Eve) will drop the dTLS connection. We could try to optimize by announcing Bob/Eve's domain certs into the discovery messages. This would save some unnecessary connection attempts by Alice. No strong opinions. b) Lets assume we're talking about announcements by Bob/Eve to be enrollment proxies. So now Alice is not in a domain and will set up ESP "randomnly" to Bob and/or Eve. If we do not have a MASA, then Alice is really at the mercy of The guy who plugs Alice's cable into some network connection. "Do not plug into an untusty socket". Aka: Alice tries EST to Bob. Bob proxies to Bobs domain registrar which checks Alices serial number and decides that Alice does not belong to Bobs domain. Alices continues on to build EST to Eve. and may get accepted into domain there. Aka: Both Bob and Eve belong to friendly domains only accepting devices they know they own. If we do have a MASA, Alice can feel more secure. So it connects to Eve, and Eve 's domain registrar wants to have Alice - even thoug alice doesn't below to Eves domain, but Eve is evil in this case. Alice will only accept enrollment when Eve is producing to Alice a ticket from the MASA stating that Alice belongs to Alices domain. And Alice trusts this ticket because it ultimately came from a MASA that must belong to Alices manufacturer. And ensures that the manufacturer is at least logging that Eve's domain/registrar is claiming to own Alice. I can't see how Bob/Eve announcing their certs here would help Alice at all before establishing the EST connection. Cheers Toerless Mr. Carpenter wanted to have the insecure enrollment option without MASA (and eg: ciscos autonomic solution also does this, so inse)like alsoeg: cisco customers in our c(and Cisco customers) wanted to have the These announcemments could contain Bob/Eves domain certificates. Alice can now quickly validate that it wants to connect Bob If this is not for bootstrap but announcements to connect ACP, then So, if this was an announceme Irr So, if this is Alice would not know. Alice would (randomnly) build On Thu, Dec 10, 2015 at 07:59:33AM +1300, Brian E Carpenter wrote: > On 10/12/2015 02:12, Toerless Eckert (eckert) wrote: > ... > > I am happy about any new valuable crypto we can put into the discovery, i just > > want to make sure we can be precise about the attack vector it helps to protect > > against. > > I very much agree with that. I wasn't actually saying we must add a public > key for the first exchange, just that we *could*. Actually the attack that really > puzzles me is this one: > > Alice: Hello everybody, I want to join. > > Bob: Hi Alice, I'll be your proxy today. > Eve: Hi Alice, I'll be your proxy today. > > How does Alice know to listen to Bob and ignore Eve? > At that point she has no keys or certificates for Bob. > > Brian -- --- Toerless Eckert, eckert@cisco.com From nobody Wed Dec 9 12:17:30 2015 Return-Path: X-Original-To: anima-bootstrap@ietfa.amsl.com Delivered-To: anima-bootstrap@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D14C21A1B17 for ; Wed, 9 Dec 2015 12:17:29 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.911 X-Spam-Level: X-Spam-Status: No, score=-1.911 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HV1F84bdypEM for ; Wed, 9 Dec 2015 12:17:28 -0800 (PST) Received: from tuna.sandelman.ca (tuna.sandelman.ca [IPv6:2607:f0b0:f:3:216:3eff:fe7c:d1f3]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 02B4F1A1B11 for ; Wed, 9 Dec 2015 12:17:27 -0800 (PST) Received: from sandelman.ca (obiwan.sandelman.ca [209.87.249.21]) by tuna.sandelman.ca (Postfix) with ESMTP id 90F782002A; Wed, 9 Dec 2015 15:23:03 -0500 (EST) Received: by sandelman.ca (Postfix, from userid 179) id 3508363757; Wed, 9 Dec 2015 15:17:26 -0500 (EST) Received: from sandelman.ca (localhost [127.0.0.1]) by sandelman.ca (Postfix) with ESMTP id 1C92263745; Wed, 9 Dec 2015 15:17:26 -0500 (EST) From: Michael Richardson To: "Max Pritikin \(pritikin\)" In-Reply-To: <43C69994-D02E-44A0-A739-4A6E45A3CE8C@cisco.com> References: <20151204014333.GZ29056@cisco.com> <13379.1449515233@dooku.sandelman.ca> <20D831CB-5075-4899-9C4F-D3D04334B1CF@cisco.com> <2495.1449614267@dooku.sandelman.ca> <43C69994-D02E-44A0-A739-4A6E45A3CE8C@cisco.com> X-Mailer: MH-E 8.6; nmh 1.3-dev; GNU Emacs 24.4.2 X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m Sender: mcr@sandelman.ca Archived-At: Cc: "Toerless Eckert \(eckert\)" , "anima-bootstrap@ietf.org" Subject: Re: [Anima-bootstrap] anima-bootstrap: Bootstrap proxy discovery options X-BeenThere: anima-bootstrap@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Mailing list for the bootstrap design team of the ANIMA WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 09 Dec 2015 20:17:30 -0000 --=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Max Pritikin (pritikin) wrote: >> For non-challenged (IoT) devices on non-challenged networks, the new= device should >> initiate and drive the bootstrapping. >> >> It would be best if this communication was indistinguishable from ot= her ACP >> communication to an outsider. > This can only occur if bootstrapping is over a =E2=80=9Cprovisional= =E2=80=9D ACP. I=E2=80=99m > uncomfortable with having GRASP and ACP include special cases for > bootstrapping. My gut feel is that the simplicity of a specific > bootstrapping sequence =E2=80=94 even if identifiable =E2=80=94 is pr= eferable. If we believe that a device could belong to multiple ACPs (see my other post in reply to Brian for some reasons for an intra-ISP ACPs), then having an extra tunnel up, on a "disconnected" VRF, for a joining device is not a big deal, I think. > A *non-privacy* preserving bootstrapping is preferable from a certain > point of view. I want my autonomic network to track and identify any > overlapping autonomic bootstrapping to domains I don=E2=80=99t recogn= ize. Assuming that we use some non-private way to discover the enrollment proxy, and we use (D)TLS 1.3, then observers would only see that there was a bootstrap occuring. They would observe the address of the enrollment, which they might realize was not their own. A multicasted IKE_INIT plus ACP would result in a tunnel with a device which is not a recognized device, so would reveal the same amount of information = to an IDS. =2D- Michael Richardson , Sandelman Software Works -=3D IPv6 IoT consulting =3D- --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEVAwUBVmiMVYCLcPvd0N1lAQIK0QgAijoFD6Th5lIyWWXxziavw58cjAk0wPC1 rD0bwMHBiZvkTTXGP1T0l3oCiMeYX/TMBhAKTJE4ybz9loljRb1HvmUm2tG/VaQy w613bjb+EcotAXMx5Dy2VDanz33z0MiZXOip/RTqJ/8ttFDm8JpuFaXSJz94ll/p 1BxK5ZSZDKNYqZcmS2nJ0kOWBhE0BnkEA52a8IQCv4nw7GxXqABBWQodlse/PiBy T1TwlbLfAcw2vIg51QP8N1KecccO5A2pnzOYNycbrxhr0OmvjvrXKz/dRj5oLXsk jjc5fXreyPn/RrmvJSN466RqiS9gQVkMVO+qwrB8bULWheMOh2eXmA== =kQ5F -----END PGP SIGNATURE----- --=-=-=-- From nobody Wed Dec 9 12:19:44 2015 Return-Path: X-Original-To: anima-bootstrap@ietfa.amsl.com Delivered-To: anima-bootstrap@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E070C1A1B29 for ; Wed, 9 Dec 2015 12:19:42 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.911 X-Spam-Level: X-Spam-Status: No, score=-1.911 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4-VcV1nC7gei for ; Wed, 9 Dec 2015 12:19:41 -0800 (PST) Received: from tuna.sandelman.ca (tuna.sandelman.ca [IPv6:2607:f0b0:f:3:216:3eff:fe7c:d1f3]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9C45B1A1B05 for ; Wed, 9 Dec 2015 12:19:41 -0800 (PST) Received: from sandelman.ca (obiwan.sandelman.ca [IPv6:2607:f0b0:f:2::247]) by tuna.sandelman.ca (Postfix) with ESMTP id 3AC012002A; Wed, 9 Dec 2015 15:25:18 -0500 (EST) Received: by sandelman.ca (Postfix, from userid 179) id D8C1063757; Wed, 9 Dec 2015 15:19:40 -0500 (EST) Received: from sandelman.ca (localhost [127.0.0.1]) by sandelman.ca (Postfix) with ESMTP id BF03063745; Wed, 9 Dec 2015 15:19:40 -0500 (EST) From: Michael Richardson To: Brian E Carpenter In-Reply-To: <566776A4.4080804@gmail.com> References: <20151204014333.GZ29056@cisco.com> <13379.1449515233@dooku.sandelman.ca> <20D831CB-5075-4899-9C4F-D3D04334B1CF@cisco.com> <2495.1449614267@dooku.sandelman.ca> <43C69994-D02E-44A0-A739-4A6E45A3CE8C@cisco.com> <566776A4.4080804@gmail.com> X-Mailer: MH-E 8.6; nmh 1.3-dev; GNU Emacs 24.4.2 X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m Sender: mcr@sandelman.ca Archived-At: Cc: "Max Pritikin \(pritikin\)" , "anima-bootstrap@ietf.org" , "Toerless Eckert \(eckert\)" Subject: Re: [Anima-bootstrap] anima-bootstrap: Bootstrap proxy discovery options X-BeenThere: anima-bootstrap@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Mailing list for the bootstrap design team of the ANIMA WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 09 Dec 2015 20:19:43 -0000 --=-=-= Content-Type: text/plain Brian E Carpenter wrote: > I *really* don't see how the first step can be anything other than a > recognizable unencrypted multicast probe, whether it is sent by the joiner or > by some node that is already trusted. You could require that the unencrypted > probe includes a public key so that a unicast response can be encrypted; but > neither end is authenticated at that stage. Yes, that's true. The point isn't that it's other than unencrypted multicast probe. The point is that if this unencrypted multicast probe is a normal part of ACP operation, then it is not obvious to (passive!) malicious observers which device is actually bootstraping vs helping. -- Michael Richardson , Sandelman Software Works -= IPv6 IoT consulting =- --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEVAwUBVmiM3ICLcPvd0N1lAQL8gwf/QO1DR7V+cxquyi0Mv2CbY5bR96TeVTco yBdpESiEOpITuZ8c6MCbJ0G/AdS5HC2uL4tZi7BXDYM9sgmNPCgPu0R1ruAfwxHh ozl3f4CKQy5OdxMcTZOsN48knVoGuBmO+XDcp1Wiju9D6a28j2rHV2eWRgJLduyT FKtPBeJnU5AxJgSXUH8oPRXi4D18wQ1GbHynfRagXLf3maKTJWdrgEEoLFXdNwYb CywoCPD5yGO0bHgw6nsyyvdOsNH2fRruEmuj/YU/CoGGFUYjLvNrs50N/bka8aiC b4PvgZeDJpa4dKT0M74AQZ3fJsabcI7HSOqzSWbWDg4OC4hsewObRA== =7/Wi -----END PGP SIGNATURE----- --=-=-=-- From nobody Wed Dec 9 12:48:49 2015 Return-Path: X-Original-To: anima-bootstrap@ietfa.amsl.com Delivered-To: anima-bootstrap@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 752041A9153 for ; Wed, 9 Dec 2015 12:48:48 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.911 X-Spam-Level: X-Spam-Status: No, score=-1.911 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RgXx_QRqr0hB for ; Wed, 9 Dec 2015 12:48:46 -0800 (PST) Received: from tuna.sandelman.ca (tuna.sandelman.ca [IPv6:2607:f0b0:f:3:216:3eff:fe7c:d1f3]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 809C61A90CE for ; Wed, 9 Dec 2015 12:48:46 -0800 (PST) Received: from sandelman.ca (obiwan.sandelman.ca [IPv6:2607:f0b0:f:2::247]) by tuna.sandelman.ca (Postfix) with ESMTP id EC287203CA for ; Wed, 9 Dec 2015 15:54:22 -0500 (EST) Received: by sandelman.ca (Postfix, from userid 179) id 8250563757; Wed, 9 Dec 2015 15:48:45 -0500 (EST) Received: from sandelman.ca (localhost [127.0.0.1]) by sandelman.ca (Postfix) with ESMTP id 6619C63745 for ; Wed, 9 Dec 2015 15:48:45 -0500 (EST) From: Michael Richardson To: "anima-bootstrap\@ietf.org" In-Reply-To: References: <20151204014333.GZ29056@cisco.com> <13379.1449515233@dooku.sandelman.ca> <20D831CB-5075-4899-9C4F-D3D04334B1CF@cisco.com> <2495.1449614267@dooku.sandelman.ca> <43C69994-D02E-44A0-A739-4A6E45A3CE8C@cisco.com> <566776A4.4080804@gmail.com> X-Mailer: MH-E 8.6; nmh 1.3-dev; GNU Emacs 24.4.2 X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m Sender: mcr@sandelman.ca Archived-At: Subject: Re: [Anima-bootstrap] anima-bootstrap: Bootstrap proxy discovery options X-BeenThere: anima-bootstrap@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Mailing list for the bootstrap design team of the ANIMA WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 09 Dec 2015 20:48:48 -0000 --=-=-= Content-Type: text/plain Michael Behringer (mbehring) wrote: > I agree with Brian. New node and proxy need find each other, this > invariably will involve some mcast probe. And, mcr, I think also your > IKE proposal included IKE mcast packets initially, right? So also that > is not "normal" and will be detected. I think trying to hide the > process is impossible, thus we shouldn't even try to optimise toward > it, but focus on minimising disclosure. Autonomic nodes will be regularly looking for other autonomic nodes on all links in order to form redundant links for the ACP to use. This is how the adjacency table will be filled out. We have a wide variety of possible multicasts available for populating the advancy table. (And we should pick one, not many) 1) NDs 2) RPL DIS/DIO messages 3) insecure-GRASPs 4) mDNS The advantage of doing this with IKEv2 (or TLS1.3) is that the identities (and therefore bootstrap state) of each end point is only revealed within the privacy of the initial DH. [This is still subject to active eavesdropping!] > I think the optimum is: > - if the proxy sends out minimal information. Probably just something > identifying a domain. I don't see another way right now than doing this > periodically. > - if the new node sends nothing at all (ie just responds) Well, my process would like: 1) a multicast packet saying, "I'm an autonomic node" is sent out. It would have no domain or other identifying information. IKEv2 SA_INIT look something like: IPv6 (tos 0x0, ttl 64, id 0, offset 0, flags [none], proto UDP (17), length 864) fe80::3a60:77ff:fe38:e647.500 > ff02::1a.500: isakmp 2.0 msgid 00000000: parent_sa ikev2_init[I]: (sa: len=504 (p: #1 protoid=isakmp transform=4 len=44 (t: #1 type=encr id=aes (type=keylen value=0080)) (t: #2 type=integ id=hmac-sha ) (t: #3 type=prf id=hmac-sha ) (t: #4 type=dh id=modp2048 )) ... see https://goo.gl/IHm6BJ for more details) (v2ke: len=256 group=modp2048) (nonce: len=16 data=(20989d37a814a64d8ff0...d320e9e3000000104f45706c75746f756e697430)) (v2vid: len=12 vid=OEababababab) 2) a node seeing this, and wanting to establish a tunnel with that node, (whether to run an ACP over it, to offer to bootstrap it, or because it needs to be bootstraped), would reply, asking for the initiator to provide an IKEv2 cookie. (This acts as a sender address validation much like TCP SYN/ACK. see section 2.6 of rfc7296) IPv6 (tos 0x0, ttl 64, id 0, offset 0, flags [none], proto UDP (17), length 864) fe80::3a60:c0ff:ffee:babe.500 > fe80::3a60:77ff:fe38:e647.500: isakmp 2.0 msgid 00000000: parent_sa ikev2_init[R] (cookie: COOKIE) 3) original initiator, seeing a new peer, replies with a new initiation, including the cookie as provided. IPv6 (tos 0x0, ttl 64, id 0, offset 0, flags [none], proto UDP (17), length 864) fe80::3a60:77ff:fe38:e647.500 > fe80::3a60:c0ff:ffee:babe.500: isakmp 2.0 msgid 00000000: parent_sa ikev2_init[I]: (cookie: COOKIE) (sa: len=504 (p: #1 protoid=isakmp transform=4 len=44 (t: #1 type=encr id=aes (type=keylen value=0080)) (t: #2 type=integ id=hmac-sha ) (t: #3 type=prf id=hmac-sha ) (t: #4 type=dh id=modp2048 )) ... see https://goo.gl/IHm6BJ for more details) (v2ke: len=256 group=modp2048) (nonce: len=16 data=(20989d37a814a64d8ff0...d320e9e3000000104f45706c75746f756e697430)) (v2vid: len=12 vid=OEababababab) ... 4) then responder replies, and the IKEv2 PARENT SA is alive, and one could do all sorts of things, including: a) turn on a one-hop prospective ACP to get to the enrollment proxy. b) use EAP-TLS as the proxy mechanism. c) use something else/new as the proxy mechanism within IKEv2. d) recognize the other party, and bring up a real ACP. The brilliant part is that no observer can tell which of a,b,c,d is really going on from outside, they just see port-500 and ESP packets, which all they'd ever see of the ACP anyway. -- Michael Richardson , Sandelman Software Works -= IPv6 IoT consulting =- --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEVAwUBVmiTrYCLcPvd0N1lAQIUIwf/ZrjsBEEdlnbRcPWo5imRnyfcv+GLt3f5 MOckbvTI82uYWL8+VSLtS3g9p3Mql4RqpuX46cTXpSdweMHAii/x+O9AOr/bhCpA JXU7wBSDbkAzrKKX3KbxuIQTf8eoKibVcfWogRQfa47YvroX/dxb30RMuaFwOqYk mAp/pxbKQW6yslc3JWuz5n4RYOLqYS8c5M06a6reVKOoZ0IMi4TnNsbDY4Xq8JAS HQmAeDiLXPlJ/6uG/iexGtA+Geq9WgN4XQ47MxhmT+mLTd9KBdvfdkFYCvoPq+Sm jsTPuzoD3tKrsGVBTzmuE2Eq7E+hiZKIFRr5GkXp2baG9yYepLHsDg== =cwGY -----END PGP SIGNATURE----- --=-=-=-- From nobody Wed Dec 9 13:01:47 2015 Return-Path: X-Original-To: anima-bootstrap@ietfa.amsl.com Delivered-To: anima-bootstrap@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EB7421B2D6F for ; Wed, 9 Dec 2015 13:01:44 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.61 X-Spam-Level: X-Spam-Status: No, score=-2.61 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, WEIRD_PORT=0.001] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8Agxv6p7tfjp for ; Wed, 9 Dec 2015 13:01:43 -0800 (PST) Received: from tuna.sandelman.ca (tuna.sandelman.ca [209.87.249.19]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 472D01B2CE9 for ; Wed, 9 Dec 2015 13:01:43 -0800 (PST) Received: from sandelman.ca (obiwan.sandelman.ca [IPv6:2607:f0b0:f:2::247]) by tuna.sandelman.ca (Postfix) with ESMTP id 0351B203CA for ; Wed, 9 Dec 2015 16:07:20 -0500 (EST) Received: by sandelman.ca (Postfix, from userid 179) id 87DD963757; Wed, 9 Dec 2015 16:01:42 -0500 (EST) Received: from sandelman.ca (localhost [127.0.0.1]) by sandelman.ca (Postfix) with ESMTP id 6C72563745 for ; Wed, 9 Dec 2015 16:01:42 -0500 (EST) From: Michael Richardson to: anima-bootstrap In-Reply-To: <8242.1449509816@dooku.sandelman.ca> References: <8242.1449509816@dooku.sandelman.ca> X-Mailer: MH-E 8.6; nmh 1.3-dev; GNU Emacs 24.4.2 X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m Sender: mcr@sandelman.ca Archived-At: Subject: [Anima-bootstrap] anima bootstrap meeting: 2015-12-10 details X-BeenThere: anima-bootstrap@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Mailing list for the bootstrap design team of the ANIMA WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 09 Dec 2015 21:01:45 -0000 --=-=-= Content-Type: text/plain Michael Richardson wrote: > Topic for this week was contents of certificate that will be provisioned > via EST. > (Topics for next two weeks: > 1. PROTOCOL STACK 2015-12-10. > 2. DISCOVERY MECHANISM 2015-12-17. > ) I hope that Toerless or Michael B, can articulate more clearly what is meant by PROTOCOL STACK, as I have many possible interpretations. Details to connect: https://ietf.webex.com/ietf/j.php?MTID=m09ce76fb7e9ae7af015d3033b42c54c2 meeting number: 649 770 742 Meeting password: bootstrap 1-877-668-4493 Call-in toll free number (US/Canada) 1-650-479-3208 Call-in toll number (US/Canada) We will use the etherpad at: http://etherpad.tools.ietf.org:9000/p/anima-boostrapping?useMonospaceFont=true (note typo in boostrapping) I sent an ical invite to the list which is probably lost in list moderation. This link might help: https://calendar.google.com/calendar/event?action=TEMPLATE&tmeid=MHR0ajRtbDM2MnU1NmU2YW9ocWtrNGY2ZG9fMjAxNTEyMTBUMTYwMDAwWiBtY2hhcmxlc3JAbQ&tmsrc=mcharlesr%40gmail.com It's at 1600UTC. -- Michael Richardson , Sandelman Software Works -= IPv6 IoT consulting =- --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEVAwUBVmiWtoCLcPvd0N1lAQL+mwgAkJVQ9FjYlG+4tuVPV8bVcShGFZre4Qey g/6v9kN+cfT4yeX2pQEYTWTiSN9XUwZL5rwEiThZ5fvW3YNiRVeJUZLbqvtKuuSA npIT+sne+538t5IdN9Q1sT5MieCl60jDqes+SEVIC9g7l621hF9F9Ot7QBoCAY1h QajomT2ZotO2qher0fM0C2O5mRu45kTYlxzoGrFImUxcLZMzkOOwVGA0hpS2ZSRE j7wM2VddWymSMe2XbI7bDXhontEGwllaN9MQztJbM58GGqqojIbK4zIc+oKYS09F 22ZkCk8eTFH3BJ3+34bdvYO1iehxs+2VLxdx7fBeU5lelqVr5f4b6w== =Ur+s -----END PGP SIGNATURE----- --=-=-=-- From nobody Wed Dec 9 13:07:47 2015 Return-Path: X-Original-To: anima-bootstrap@ietfa.amsl.com Delivered-To: anima-bootstrap@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 673911B2DA0 for ; Wed, 9 Dec 2015 13:07:46 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.911 X-Spam-Level: X-Spam-Status: No, score=-1.911 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VQYKgsGzd82l for ; Wed, 9 Dec 2015 13:07:45 -0800 (PST) Received: from tuna.sandelman.ca (tuna.sandelman.ca [IPv6:2607:f0b0:f:3:216:3eff:fe7c:d1f3]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 29BCF1B2D99 for ; Wed, 9 Dec 2015 13:07:45 -0800 (PST) Received: from sandelman.ca (obiwan.sandelman.ca [209.87.249.21]) by tuna.sandelman.ca (Postfix) with ESMTP id E204E203CA for ; Wed, 9 Dec 2015 16:13:21 -0500 (EST) Received: by sandelman.ca (Postfix, from userid 179) id 6DC9C63757; Wed, 9 Dec 2015 16:07:44 -0500 (EST) Received: from sandelman.ca (localhost [127.0.0.1]) by sandelman.ca (Postfix) with ESMTP id 5198663745 for ; Wed, 9 Dec 2015 16:07:44 -0500 (EST) From: Michael Richardson To: "anima-bootstrap\@ietf.org" In-Reply-To: <20151209132224.GO29056@cisco.com> References: <20151204014333.GZ29056@cisco.com> <6471865864850e6c34961f12d45853cd@xs4all.nl> <5665D85C.5010604@gmail.com> <92ddd96dc21275a00aab797656407971@xs4all.nl> <20151209132224.GO29056@cisco.com> X-Mailer: MH-E 8.6; nmh 1.3-dev; GNU Emacs 24.4.2 X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m Sender: mcr@sandelman.ca Archived-At: Subject: Re: [Anima-bootstrap] anima-bootstrap: Bootstrap proxy discovery options X-BeenThere: anima-bootstrap@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Mailing list for the bootstrap design team of the ANIMA WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 09 Dec 2015 21:07:46 -0000 --=-=-= Content-Type: text/plain Toerless Eckert (eckert) wrote: > Lets assume we replace EST bootstraap with "a guy with a USB stick feeding > manually domain certs to greenfield devices". Yes, I've no problem with that. > a) I agree that we would want to make sure our protocols are set up so that even such > a device could perfectly bring up ACP afterwards and continue with the rest > of autonomic functions (GRASP inside ACP, agents,...). I don't see a problem here. > b) I don't think we would want to call such a device "autonomic". It's partial > autonomic at best. But yes, it may be perfectly valid and relevant to some > industries. It's part of the ACP, and it could participate in lots of self-healing efforts. So, it's autonomic. What it isn't is *zero-touch*. > If you agree, then the problem is IMHO primarily in the reference model calling > out that devices that for one reason or the other can not / want-not implement > the whole ANIMA suite can perfectly well implement just parts of it, because > ANIMA is defined such that the different building blocks are modular. Just that > such a device is only "partial-autonomic" (or whatever you think is a good > naming to distinguish it from a truely autonomic device). > Btw: This also goes the other way, eg: it would IHO make sense that the bootstrap > spec can be deplpoyed on devices that do not want any further AN functions after > the certificates are enrolled. I think that option is also something we want to > explain in the bootstrap draft. Yes. That's how I view IoT devices (such as in the 6tisch space) --- they will do much of the bootstrap mechanism, but they won't build an ACP, and won't run GRASP. Perhaps, ditto HomeNet devices. -- Michael Richardson , Sandelman Software Works -= IPv6 IoT consulting =- --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEVAwUBVmiYIICLcPvd0N1lAQJ/Vwf8D3Zug1BlGajTFj96f9ysuHZpkZkDvNsY CNCLyd0TK/sZRBcGHfycnrjmfXflJl/ezo1zCnV2A/oBQmqmx0XUOrq62QLAXt41 rgLZEIOwJ398YaQlYey0K2fz3yBtApjc4rkNRLLgGkjco/x4PUM3WLIpTHaaPfbi 7WqIQbgkaaMwXbVKmb+u9QeFcmAMfJUvX43xm1AVNioSe5AJbBt//JgS3dZjTlia p0yLNKJaJhRJlTqtjx6XuxIDmxEA4Y4PwIdJJbl2ICTI/BnZkExJqdpgczcV7+Lr vK84M/5TOz9tVoRQf2D67NcnboEK94IF2JUbdJRYeHy82eQ+daJzGQ== =35tB -----END PGP SIGNATURE----- --=-=-=-- From nobody Wed Dec 9 15:49:49 2015 Return-Path: X-Original-To: anima-bootstrap@ietfa.amsl.com Delivered-To: anima-bootstrap@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9269F1B3015 for ; Wed, 9 Dec 2015 15:49:47 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.011 X-Spam-Level: X-Spam-Status: No, score=-2.011 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, J_CHICKENPOX_32=0.6, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id csCMvirEPDoY for ; Wed, 9 Dec 2015 15:49:46 -0800 (PST) Received: from tuna.sandelman.ca (tuna.sandelman.ca [209.87.249.19]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 00F331B301B for ; Wed, 9 Dec 2015 15:49:39 -0800 (PST) Received: from sandelman.ca (obiwan.sandelman.ca [209.87.249.21]) by tuna.sandelman.ca (Postfix) with ESMTP id C56A2203CA for ; Wed, 9 Dec 2015 18:55:15 -0500 (EST) Received: by sandelman.ca (Postfix, from userid 179) id ED6D763757; Wed, 9 Dec 2015 18:49:37 -0500 (EST) Received: from sandelman.ca (localhost [127.0.0.1]) by sandelman.ca (Postfix) with ESMTP id DA38863745 for ; Wed, 9 Dec 2015 18:49:37 -0500 (EST) From: Michael Richardson To: "anima-bootstrap\@ietf.org" In-Reply-To: <20151209192313.GR29056@cisco.com> References: <20151204014333.GZ29056@cisco.com> <13379.1449515233@dooku.sandelman.ca> <20D831CB-5075-4899-9C4F-D3D04334B1CF@cisco.com> <2495.1449614267@dooku.sandelman.ca> <43C69994-D02E-44A0-A739-4A6E45A3CE8C@cisco.com> <566776A4.4080804@gmail.com> <20151209131234.GN29056@cisco.com> <56687A15.7070305@gmail.com> <20151209192313.GR29056@cisco.com> X-Mailer: MH-E 8.6; nmh 1.3-dev; GNU Emacs 24.4.2 X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m Sender: mcr@sandelman.ca Archived-At: Subject: Re: [Anima-bootstrap] anima-bootstrap: Bootstrap proxy discovery options X-BeenThere: anima-bootstrap@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Mailing list for the bootstrap design team of the ANIMA WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 09 Dec 2015 23:49:47 -0000 --=-=-= Content-Type: text/plain Toerless Eckert (eckert) wrote: > a) Lets assume we're talking bout announcements by Bob/Eve to connect to their ACP. > Minimally, Alice has no idea whom it wants to connect to. So it simply starts > let's say dTLS to Bob and Eve. Alice will then figure out whether Bob and.or > Eve have domain certs for the same domain Alice is in. If not, Alice (or Bob/Eve) > will drop the dTLS connection. I don't know why you write *TLS here. There is no specification for running IPv6 over TLS. > b) Lets assume we're talking about announcements by Bob/Eve to be enrollment proxies. > So now Alice is not in a domain and will set up ESP "randomnly" to Bob and/or Eve. I think you mean, EST? > If we do not have a MASA, then Alice is really at the mercy of > The guy who plugs Alice's cable into some network connection. > "Do not plug into an untusty socket". We can do things without a MASA, but the certificate validation chain is more complex. > Aka: Both Bob and Eve belong to friendly domains only accepting devices > they know they own. > If we do have a MASA, Alice can feel more secure. So it connects to Eve, > and Eve 's domain registrar wants to have Alice - even thoug alice doesn't below > to Eves domain, but Eve is evil in this case. Alice will only accept enrollment > when Eve is producing to Alice a ticket from the MASA stating that Alice belongs > to Alices domain. And Alice trusts this ticket because it ultimately came from Here, where you write "Alices domain", you mean "Eve's domain" > I can't see how Bob/Eve announcing their certs here would help Alice at all > before establishing the EST connection. It could help if both Bob and Eve are part of the same domain, and so after a failure with Bob, Alice would know to go on to Frank, skipping Eve. But, I agree that it doesn't in general help, because neither Bob nor Eve's certificate has any verifiable meaning to Alice. -- Michael Richardson , Sandelman Software Works -= IPv6 IoT consulting =- --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEVAwUBVmi+EYCLcPvd0N1lAQLZxAf+K6du9s9IOyhShDx4gTntcSFuUR6UgUDZ KE2kRXbYSWrNzrD2FAGscbGZ8sbfBAGjyw/BpRUJcnetmOZbC/nA1kTmtHpSyDEs ygrB87l0x3RCDw3AptLdlmQVcq62UjHQhnINwawipD5kFjpwk8ig0e89fAYdHEEV qMWhMGIovRa/VacHxde3oSS8t/P2oRtMBO+quMnTosTKLyQFEI9yyGlBVsp5gF0k RO00zNidvxZfOsPYT5t0Y2qu6YrNPXYd97zgVHT4IYc8TB5vZ6HH+C3M9ukK+Cgq +879UnWTJiIjBcOcN0VTwdYeAQjqJakS6lg2D20ZPsVkI1j5gozmmQ== =ygvA -----END PGP SIGNATURE----- --=-=-=-- From nobody Wed Dec 9 18:29:05 2015 Return-Path: X-Original-To: anima-bootstrap@ietfa.amsl.com Delivered-To: anima-bootstrap@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 72A891ACCE8 for ; Wed, 9 Dec 2015 18:29:04 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -13.91 X-Spam-Level: X-Spam-Status: No, score=-13.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, J_CHICKENPOX_32=0.6, RCVD_IN_DNSWL_HI=-5, T_RP_MATCHES_RCVD=-0.01, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ogH9yD0q9BWB for ; Wed, 9 Dec 2015 18:28:56 -0800 (PST) Received: from rcdn-iport-1.cisco.com (rcdn-iport-1.cisco.com [173.37.86.72]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DA80B1ACCF0 for ; Wed, 9 Dec 2015 18:28:55 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=6350; q=dns/txt; s=iport; t=1449714535; x=1450924135; h=date:from:to:cc:subject:message-id:references: mime-version:in-reply-to; bh=h2I32O6JxRyMfWkyGdAAWrDGjJYIfk49AOLhTkuNxZk=; b=imkqIWTFrwkzl+sL2M5nuLnx+6Gl/dw4m233ZxKzwptVgC6uHYEdsMWQ 35Mlaw9aWnsxHx2Y+p1EFX+33v1xk/2v+7z2rM+pdF12Gn4gluJwWjTVm XICqv3/GFhXk34OJwVrzirdeb0iZl9Ix+n6qIDNpVzUaAtNzCISvLibDl 0=; X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0BQAgAZ4mhW/51dJa1egzpTbr0vAQ2BY?= =?us-ascii?q?hcKgj2DMQKBKzgUAQEBAQEBAYEKhDQBAQEDAQEBATc0CwULCxgJJQ8FEzYTiCc?= =?us-ascii?q?IDb9lAQEBAQEBAQEBAQEBAQEBAQEBAQEBFASLU4QhAySEeAWHUQiFVHY9hByDb?= =?us-ascii?q?Y05CZ0EHwEBQoQlHTSEEiWBIwEBAQ?= X-IronPort-AV: E=Sophos;i="5.20,406,1444694400"; d="scan'208";a="57864936" Received: from rcdn-core-6.cisco.com ([173.37.93.157]) by rcdn-iport-1.cisco.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 10 Dec 2015 02:28:54 +0000 Received: from mcast-linux1.cisco.com (mcast-linux1.cisco.com [172.27.244.121]) by rcdn-core-6.cisco.com (8.14.5/8.14.5) with ESMTP id tBA2Sspi021393 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 10 Dec 2015 02:28:54 GMT Received: from mcast-linux1.cisco.com (localhost.cisco.com [127.0.0.1]) by mcast-linux1.cisco.com (8.13.8/8.13.8) with ESMTP id tBA2SrZh009965; Wed, 9 Dec 2015 18:28:53 -0800 Received: (from eckert@localhost) by mcast-linux1.cisco.com (8.13.8/8.13.8/Submit) id tBA2SqHJ009964; Wed, 9 Dec 2015 18:28:52 -0800 Date: Wed, 9 Dec 2015 18:28:52 -0800 From: Toerless Eckert To: Michael Richardson Message-ID: <20151210022852.GS29056@cisco.com> References: <13379.1449515233@dooku.sandelman.ca> <20D831CB-5075-4899-9C4F-D3D04334B1CF@cisco.com> <2495.1449614267@dooku.sandelman.ca> <43C69994-D02E-44A0-A739-4A6E45A3CE8C@cisco.com> <566776A4.4080804@gmail.com> <20151209131234.GN29056@cisco.com> <56687A15.7070305@gmail.com> <20151209192313.GR29056@cisco.com> <25760.1449704977@sandelman.ca> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <25760.1449704977@sandelman.ca> User-Agent: Mutt/1.4.2.2i Archived-At: Cc: "anima-bootstrap@ietf.org" Subject: Re: [Anima-bootstrap] anima-bootstrap: Bootstrap proxy discovery options X-BeenThere: anima-bootstrap@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Mailing list for the bootstrap design team of the ANIMA WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 10 Dec 2015 02:29:04 -0000 Inline. On Wed, Dec 09, 2015 at 06:49:37PM -0500, Michael Richardson wrote: > > Toerless Eckert (eckert) wrote: > > > a) Lets assume we're talking bout announcements by Bob/Eve to connect to their ACP. > > > Minimally, Alice has no idea whom it wants to connect to. So it simply starts > > let's say dTLS to Bob and Eve. Alice will then figure out whether Bob and.or > > Eve have domain certs for the same domain Alice is in. If not, Alice (or Bob/Eve) > > will drop the dTLS connection. > > I don't know why you write *TLS here. There is no specification for running > IPv6 over TLS. This is in the realm of ACP spec to resolve i think. Let me just remove this discussion from this thread here by saying we firsst set up a TLS connection for GRASP, then GRASP negotiates the secure transport for ACP packets, eg: MTI is IPsec. (I prefer dTLS for ACP packets because of code size, but that's yet another derailing discussion). It is now the TLS security exchange that will make Alice trust Bob/Eve and vice versa. Or not, in which case the connection would be dropped. And, oh, by the way. Here is more generically how i think of "optional" parameters for the discovery: There are things that would make the TLS connection setup fail. Alice vs. Bob/Eve could be in different domains. Or Bob/Eve certificate might have changed, or Bob/Eve had a broken clock backup battery and thinks its 1990. Or there was an internal redundancy failover that was not completely stateful, so Bob/Eve would like connections rebuilt. If any of this gets fixed/changed, Bob/Eve would hope that Alice will try to reconnect periodically after it failed. Now, if Bob/Eve want to be friendly, they could try to figure out if any relevant elements for the successfull mutual TLS set have changed (such as above), and if they have changed, they will signal in their discovery that there was change. In Multicast PIM we call this parameter of discovery (Hello) a GenID. There it was pec'ed only for internal redundancy failover or reboot, but IMHO its a more generally applicable concept. It's just a number thats changed. Eg: Timestamp of relevant last change. In result, Alice would not need to periodically try to reconnect, but only when there is a GenID change. And of course we would need to specify a minimum interval for reconnection attempts in case Bob/Eve are evil and continuosly change change GenID. Maybe Alice wants to even do backoff in case a candidate neighbor connection fails, its GenID changes, connection attempt still fails. And maybe still do a periodic re-connection attempt after a longer period even if GenID has not changed. Instead of letting the sending node figure out itself all the possible changes it has had into a single GenID, it could also explicitly announce those parameter values, like explicitly announcing domain name into discovery. But the goal would just be to further optimize the non-need for another TLS connection attempt by Alice. SO we can discuss if thats worth it. In summary: I think what we put as parameters into the discovery only serves to manage how to do re-connects of the following (TLS) security association. > > b) Lets assume we're talking about announcements by Bob/Eve to be enrollment proxies. > > > So now Alice is not in a domain and will set up ESP "randomnly" to Bob and/or Eve. > > I think you mean, EST? ETYPO. Thanks. > > If we do not have a MASA, then Alice is really at the mercy of > > The guy who plugs Alice's cable into some network connection. > > "Do not plug into an untusty socket". > > We can do things without a MASA, but the certificate validation chain is more complex. Well, lets not call it MASA for a second but let me just generalize the two conditions: Alice was sold to some owner X. IN general, it can not have a trust point for an arbitrary owner X. Instead it can only have trust-points for eg: its manufacturer and whatever trusted third-parties the manufacturer burned trustpoints into Alice's firmware. In the "insecure" case, the manufacturer and its trusted third-parties are too lazy to set up any backend functions to make Alice confident that it belongs to X (which in Max'es definition really is "Alice feels confident that its manufacturer or one of its trusted henchmen will remember that Bob/Eves domain claims to own Alice). In the "secure" case, they do this. These backend functions could be a MASA or maybe something else. But i thought the way Max has defined MASA it should be a good superset of any possible ways to give Alice this confidence. Not sure though. Hopefully Max will chime in. > > Aka: Both Bob and Eve belong to friendly domains only accepting devices > > they know they own. > > > If we do have a MASA, Alice can feel more secure. So it connects to Eve, > > and Eve 's domain registrar wants to have Alice - even thoug alice doesn't below > > to Eves domain, but Eve is evil in this case. Alice will only accept enrollment > > when Eve is producing to Alice a ticket from the MASA stating that Alice belongs > > to Alices domain. And Alice trusts this ticket because it ultimately came from > > Here, where you write "Alices domain", you mean "Eve's domain" Right. > > I can't see how Bob/Eve announcing their certs here would help Alice at all > > before establishing the EST connection. > > It could help if both Bob and Eve are part of the same domain, and so after a > failure with Bob, Alice would know to go on to Frank, skipping Eve. There are probably like for ACP also for bootstrap reasons for it to fail via Bob that would not apply to Eve even if Bob/Eve are in the same domain. > But, I agree that it doesn't in general help, because neither Bob nor Eve's > certificate has any verifiable meaning to Alice. Right. Cheers Toerless > -- > Michael Richardson , Sandelman Software Works > -= IPv6 IoT consulting =- > > > > _______________________________________________ > Anima-bootstrap mailing list > Anima-bootstrap@ietf.org > https://www.ietf.org/mailman/listinfo/anima-bootstrap -- --- Toerless Eckert, eckert@cisco.com From nobody Wed Dec 9 18:47:49 2015 Return-Path: X-Original-To: anima-bootstrap@ietfa.amsl.com Delivered-To: anima-bootstrap@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B4C5C1ACDC8 for ; Wed, 9 Dec 2015 18:47:48 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -14.51 X-Spam-Level: X-Spam-Status: No, score=-14.51 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, T_RP_MATCHES_RCVD=-0.01, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id A-t-EzAKw4LH for ; Wed, 9 Dec 2015 18:47:47 -0800 (PST) Received: from rcdn-iport-2.cisco.com (rcdn-iport-2.cisco.com [173.37.86.73]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 01E6B1ACDBD for ; Wed, 9 Dec 2015 18:47:46 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=2935; q=dns/txt; s=iport; t=1449715666; x=1450925266; h=date:from:to:cc:subject:message-id:references: mime-version:in-reply-to; bh=qisDCoCXSWwBrkwndVDP+vUxmDfvHVx6YVSAfO71T1M=; b=EO1mbzNtOZDV/VQyoPoSu9Xdf/KInxMw900TwCBlQy3hAGT0BfQFYk1n K5VQUVn0ael+QeIOfxRQarlgUDGmfKFARGhhtlVDr2j8XGVoHoxA1pw6u Rp65d7DymNlRvbwgNw9fsda4A05CTLNXzYpl/b0p88kbgZZF5rhibaVqD 4=; X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0BQAgB552hW/49dJa1egzpTbr0vAQ2BY?= =?us-ascii?q?hcKgj2DMQKBKzgUAQEBAQEBAYEKhDQBAQEDAQEBATc0CwULCxgJJQ8FEzYTiCc?= =?us-ascii?q?IDb9iAQEBAQEBAQEBAQEBAQEBAQEBAQEBFASLU4lABY4jiEaNOQmBW5c2g3MfA?= =?us-ascii?q?QFChCUdNIVaAQEB?= X-IronPort-AV: E=Sophos;i="5.20,406,1444694400"; d="scan'208";a="56992310" Received: from rcdn-core-7.cisco.com ([173.37.93.143]) by rcdn-iport-2.cisco.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 10 Dec 2015 02:47:46 +0000 Received: from mcast-linux1.cisco.com (mcast-linux1.cisco.com [172.27.244.121]) by rcdn-core-7.cisco.com (8.14.5/8.14.5) with ESMTP id tBA2ljiC021090 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 10 Dec 2015 02:47:46 GMT Received: from mcast-linux1.cisco.com (localhost.cisco.com [127.0.0.1]) by mcast-linux1.cisco.com (8.13.8/8.13.8) with ESMTP id tBA2ljLJ010768; Wed, 9 Dec 2015 18:47:45 -0800 Received: (from eckert@localhost) by mcast-linux1.cisco.com (8.13.8/8.13.8/Submit) id tBA2ljJo010767; Wed, 9 Dec 2015 18:47:45 -0800 Date: Wed, 9 Dec 2015 18:47:45 -0800 From: Toerless Eckert To: Michael Richardson Message-ID: <20151210024745.GT29056@cisco.com> References: <20151204014333.GZ29056@cisco.com> <6471865864850e6c34961f12d45853cd@xs4all.nl> <5665D85C.5010604@gmail.com> <92ddd96dc21275a00aab797656407971@xs4all.nl> <20151209132224.GO29056@cisco.com> <22773.1449695264@sandelman.ca> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <22773.1449695264@sandelman.ca> User-Agent: Mutt/1.4.2.2i Archived-At: Cc: "anima-bootstrap@ietf.org" Subject: Re: [Anima-bootstrap] anima-bootstrap: Bootstrap proxy discovery options X-BeenThere: anima-bootstrap@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Mailing list for the bootstrap design team of the ANIMA WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 10 Dec 2015 02:47:48 -0000 On Wed, Dec 09, 2015 at 04:07:44PM -0500, Michael Richardson wrote: > > Toerless Eckert (eckert) wrote: > > Lets assume we replace EST bootstraap with "a guy with a USB stick feeding > > manually domain certs to greenfield devices". > > Yes, I've no problem with that. > > > a) I agree that we would want to make sure our protocols are set up so that even such > > a device could perfectly bring up ACP afterwards and continue with the rest > > of autonomic functions (GRASP inside ACP, agents,...). > > I don't see a problem here. Well, i was arguing that for optimization we could have a single GRASP discovery message to indicate bot ACP-service (oops: objective ;-) (aka: you can build ACP to me) as well as bootstrap-proxy objective. If your partial-AN device only does one of those two things then the device would of course only announce the objective it does support. So yes, even with optimization i don't see an issue, but it's worthwhile to remember the "partial device" aspect and continue to vet the design against it. > > b) I don't think we would want to call such a device "autonomic". It's partial > > autonomic at best. But yes, it may be perfectly valid and relevant to some > > industries. > > It's part of the ACP, and it could participate in lots of self-healing > efforts. So, it's autonomic. What it isn't is *zero-touch*. Haha... Ok. I like these naming discussions more than i should: I think "zero-touch" is a required part of day-0 autonomic behavior. Agreeably, unless we have routers that double as drones/robots, and physcially self-connect to the network (into the right place, by cable), the bootstrap itself is necessary but may considered not to be sufficient enough so the device can be called day 0 autonomic. I thought we call humans autonomic/autonomous, do we ? Down to which age ? I should stop here ;-) > > Btw: This also goes the other way, eg: it would IHO make sense that the bootstrap > > spec can be deplpoyed on devices that do not want any further AN functions after > > the certificates are enrolled. I think that option is also something we want to > > explain in the bootstrap draft. > > Yes. That's how I view IoT devices (such as in the 6tisch space) --- they > will do much of the bootstrap mechanism, but they won't build an ACP, and > won't run GRASP. Haven't had enough engaement to have a founded opinion. > > Perhaps, ditto HomeNet devices. Yes, good example. Cheers Toerless > > > -- > Michael Richardson , Sandelman Software Works > -= IPv6 IoT consulting =- > > > > _______________________________________________ > Anima-bootstrap mailing list > Anima-bootstrap@ietf.org > https://www.ietf.org/mailman/listinfo/anima-bootstrap -- --- Toerless Eckert, eckert@cisco.com From nobody Wed Dec 9 18:51:49 2015 Return-Path: X-Original-To: anima-bootstrap@ietfa.amsl.com Delivered-To: anima-bootstrap@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1383E1ACDD1 for ; Wed, 9 Dec 2015 18:51:48 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -14.51 X-Spam-Level: X-Spam-Status: No, score=-14.51 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, T_RP_MATCHES_RCVD=-0.01, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xLG_o3ZqcREu for ; Wed, 9 Dec 2015 18:51:40 -0800 (PST) Received: from alln-iport-5.cisco.com (alln-iport-5.cisco.com [173.37.142.92]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F1C2B1ACDDB for ; Wed, 9 Dec 2015 18:51:37 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=1274; q=dns/txt; s=iport; t=1449715897; x=1450925497; h=date:from:to:cc:subject:message-id:references: mime-version:in-reply-to; bh=nCYyfTQiQTQAijkA28QtBJUUulDDqrkLQlHN2pEE0vs=; b=Ja03hh3cD7Avh8YrZg/K5tnqsm3fjiCj/A5P92OtvvkMq+YO1FkLLpLj fphD6t2P2jORcOe+Vob5+gr54LASk8HBIU6GrryA1qmvd/fitXBZ4GcjN Bm2EJrgBMXmNCDh1FAtZjfdb00U4muhhGafEDYCYpwcG84lbzhgkfQEn/ I=; X-IronPort-AV: E=Sophos;i="5.20,406,1444694400"; d="scan'208";a="216418287" Received: from alln-core-12.cisco.com ([173.36.13.134]) by alln-iport-5.cisco.com with ESMTP/TLS/DHE-RSA-AES256-SHA; 10 Dec 2015 02:51:37 +0000 Received: from mcast-linux1.cisco.com (mcast-linux1.cisco.com [172.27.244.121]) by alln-core-12.cisco.com (8.14.5/8.14.5) with ESMTP id tBA2patx012065 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 10 Dec 2015 02:51:37 GMT Received: from mcast-linux1.cisco.com (localhost.cisco.com [127.0.0.1]) by mcast-linux1.cisco.com (8.13.8/8.13.8) with ESMTP id tBA2pahq010934; Wed, 9 Dec 2015 18:51:36 -0800 Received: (from eckert@localhost) by mcast-linux1.cisco.com (8.13.8/8.13.8/Submit) id tBA2pauG010933; Wed, 9 Dec 2015 18:51:36 -0800 Date: Wed, 9 Dec 2015 18:51:36 -0800 From: "Toerless Eckert (eckert)" To: Michael Richardson Message-ID: <20151210025136.GU29056@cisco.com> References: <20151204014333.GZ29056@cisco.com> <13379.1449515233@dooku.sandelman.ca> <20D831CB-5075-4899-9C4F-D3D04334B1CF@cisco.com> <2495.1449614267@dooku.sandelman.ca> <43C69994-D02E-44A0-A739-4A6E45A3CE8C@cisco.com> <566776A4.4080804@gmail.com> <12428.1449692380@sandelman.ca> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <12428.1449692380@sandelman.ca> User-Agent: Mutt/1.4.2.2i Archived-At: Cc: "Max Pritikin \(pritikin\)" , "anima-bootstrap@ietf.org" Subject: Re: [Anima-bootstrap] anima-bootstrap: Bootstrap proxy discovery options X-BeenThere: anima-bootstrap@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Mailing list for the bootstrap design team of the ANIMA WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 10 Dec 2015 02:51:48 -0000 On Wed, Dec 09, 2015 at 03:19:40PM -0500, Michael Richardson wrote: > Brian E Carpenter wrote: > > I *really* don't see how the first step can be anything other than a > > recognizable unencrypted multicast probe, whether it is sent by the joiner or > > by some node that is already trusted. You could require that the unencrypted > > probe includes a public key so that a unicast response can be encrypted; but > > neither end is authenticated at that stage. > > Yes, that's true. > The point isn't that it's other than unencrypted multicast probe. > > The point is that if this unencrypted multicast probe is a normal part of ACP > operation, then it is not obvious to (passive!) malicious observers which > device is actually bootstraping vs helping. If we do not distinguish bootstrap vs ACP in the discovery messages we may also make the behavior of partial-autonomic devices that only care about one of those things more obfuscated. Aka: I should be prepared to get eg: EST connection attempts all the time even though i don't do it, or ACP connection attempts even though i don't do that. I don't think we buy useful security by obfuscating what objectives we offer. Cheers Toerless From nobody Wed Dec 9 19:01:45 2015 Return-Path: X-Original-To: anima-bootstrap@ietfa.amsl.com Delivered-To: anima-bootstrap@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 14AAD1ACE07 for ; Wed, 9 Dec 2015 19:01:44 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -14.51 X-Spam-Level: X-Spam-Status: No, score=-14.51 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, T_RP_MATCHES_RCVD=-0.01, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id AjIUFK-jX40b for ; Wed, 9 Dec 2015 19:01:35 -0800 (PST) Received: from alln-iport-1.cisco.com (alln-iport-1.cisco.com [173.37.142.88]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AA44C1ACDF4 for ; Wed, 9 Dec 2015 19:01:35 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=1568; q=dns/txt; s=iport; t=1449716495; x=1450926095; h=date:from:to:cc:subject:message-id:references: mime-version:in-reply-to; bh=TzaTzfKIKbAFrt3EKAOYIDoB5hTUMhNvpuabnmhuLnI=; b=c2F2Io4egcjP7B90fACM8+w11lZjWdjsjEWOjGGWorWLCWN1+bcT43R2 06ZMm3L5/qadyxMiIQxNuIuSPppStfUX9FX7QQ0sr9WzOj5gqyifZCJNX x3m/z9r/YeBkpg8kqpcIS8uNDJerc7TnAdR0or5Fb+HgcAa5qR+lzO0sI M=; X-IronPort-AV: E=Sophos;i="5.20,406,1444694400"; d="scan'208";a="216775040" Received: from alln-core-8.cisco.com ([173.36.13.141]) by alln-iport-1.cisco.com with ESMTP/TLS/DHE-RSA-AES256-SHA; 10 Dec 2015 03:01:35 +0000 Received: from mcast-linux1.cisco.com (mcast-linux1.cisco.com [172.27.244.121]) by alln-core-8.cisco.com (8.14.5/8.14.5) with ESMTP id tBA31YX9014332 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 10 Dec 2015 03:01:34 GMT Received: from mcast-linux1.cisco.com (localhost.cisco.com [127.0.0.1]) by mcast-linux1.cisco.com (8.13.8/8.13.8) with ESMTP id tBA31Y6j011372; Wed, 9 Dec 2015 19:01:34 -0800 Received: (from eckert@localhost) by mcast-linux1.cisco.com (8.13.8/8.13.8/Submit) id tBA31Ywe011371; Wed, 9 Dec 2015 19:01:34 -0800 Date: Wed, 9 Dec 2015 19:01:34 -0800 From: "Toerless Eckert (eckert)" To: Michael Richardson Message-ID: <20151210030134.GV29056@cisco.com> References: <20151204014333.GZ29056@cisco.com> <13379.1449515233@dooku.sandelman.ca> <20D831CB-5075-4899-9C4F-D3D04334B1CF@cisco.com> <2495.1449614267@dooku.sandelman.ca> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <2495.1449614267@dooku.sandelman.ca> User-Agent: Mutt/1.4.2.2i Archived-At: Cc: "Max Pritikin \(pritikin\)" , "anima-bootstrap@ietf.org" Subject: Re: [Anima-bootstrap] anima-bootstrap: Bootstrap proxy discovery options X-BeenThere: anima-bootstrap@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Mailing list for the bootstrap design team of the ANIMA WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 10 Dec 2015 03:01:44 -0000 On Tue, Dec 08, 2015 at 05:37:47PM -0500, Michael Richardson wrote: > > Are you agreeing with Toerless??? argument that the new device should be > > a responder? > > No. I'm saying that a new device should do as little as possible to call > attention to itself, and should prefer to do things that all other devices > are already doing. My argument why it should rather do as little as possible (nothing) to call attention to itself (which i think is different to what you're saying) is that the attacker can also observe waht everybody else is doing and attack everybody else. Only that everybody else will likely have stronger defenses having been already enrolled and hopefully gotten software upgrades and hardening through intent/config/whatever. But, this is just an optimization proposal from my side. No strong opinions. Would just like to hear why it may not be a worthwhile enough optimization if you think it ain't. Cheers Toerless > > Or, are you arguing that the new device should initiate the > > bootstrapping; but do so in a way that does not expose it is a new > > device? > > For non-challenged (IoT) devices on non-challenged networks, the new device should > initiate and drive the bootstrapping. > > It would be best if this communication was indistinguishable from other ACP > communication to an outsider. > > > -- > Michael Richardson , Sandelman Software Works > -= IPv6 IoT consulting =- > > > -- --- Toerless Eckert, eckert@cisco.com From nobody Thu Dec 10 15:25:58 2015 Return-Path: X-Original-To: anima-bootstrap@ietfa.amsl.com Delivered-To: anima-bootstrap@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5F4101B2DE7 for ; Thu, 10 Dec 2015 15:25:52 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -14.509 X-Spam-Level: X-Spam-Status: No, score=-14.509 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, T_RP_MATCHES_RCVD=-0.01, USER_IN_DEF_DKIM_WL=-7.5, WEIRD_PORT=0.001] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jMYYVHKlM3OY for ; Thu, 10 Dec 2015 15:25:46 -0800 (PST) Received: from rcdn-iport-6.cisco.com (rcdn-iport-6.cisco.com [173.37.86.77]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6C9E01B2E49 for ; Thu, 10 Dec 2015 15:25:46 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=3038; q=dns/txt; s=iport; t=1449789946; x=1450999546; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-id:content-transfer-encoding: mime-version; bh=Vwxg6jwWQeFXTFPfh+kMWffO5xTdMzQlTEQmg03kaMs=; b=k2EnCQbfbEqHyP7ELFfwSE8B0dymU9poctHJdYZxerGlTs1Yf12N3vt1 wOTBb4PCX6acjJTbuT5lZQzGeu6t2/S6d0rZL4ClnERaMjeQEXLamjVDj 46ppTQJEg3SlNbGOI+k+n4D9kpJ4p+UpiBO8sxnkpAA6Mg/in1uU23xX0 o=; X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0BsAACXCWpW/5ldJa1EFwODOlNuBrw/d?= =?us-ascii?q?gENfgRgFwWCQoJSXwIcgSA4FAEBAQEBAQGBCoQ0AQEBAwEBAQEgETIICwULAgE?= =?us-ascii?q?IGAICEAQMBgICAiULFQ8BAgEDDgWIGgMKCA07rGeFMYxZAQEBAQEBAQEBAQEBA?= =?us-ascii?q?QEBAQEBAQEBGIEBh2SCboFAgROBdigLJgeCTi+BGgWWbwGFM4gPgiSaZAEfAQF?= =?us-ascii?q?CghENEIEHT3IBhE+BBwEBAQ?= X-IronPort-AV: E=Sophos;i="5.20,410,1444694400"; d="scan'208";a="54528768" Received: from rcdn-core-2.cisco.com ([173.37.93.153]) by rcdn-iport-6.cisco.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 10 Dec 2015 23:25:45 +0000 Received: from XCH-ALN-013.cisco.com (xch-aln-013.cisco.com [173.36.7.23]) by rcdn-core-2.cisco.com (8.14.5/8.14.5) with ESMTP id tBANPj3V021002 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Thu, 10 Dec 2015 23:25:45 GMT Received: from xch-aln-013.cisco.com (173.36.7.23) by XCH-ALN-013.cisco.com (173.36.7.23) with Microsoft SMTP Server (TLS) id 15.0.1104.5; Thu, 10 Dec 2015 17:25:44 -0600 Received: from xch-aln-013.cisco.com ([173.36.7.23]) by XCH-ALN-013.cisco.com ([173.36.7.23]) with mapi id 15.00.1104.009; Thu, 10 Dec 2015 17:25:44 -0600 From: "Max Pritikin (pritikin)" To: Michael Richardson Thread-Topic: [Anima-bootstrap] anima bootstrap meeting: 2015-12-10 details Thread-Index: AQHRMsTUDV/iJH4z7kOJkbi+ToFmr57FQzmA Date: Thu, 10 Dec 2015 23:25:44 +0000 Message-ID: <24A98F79-8673-4D3C-82EA-1D23B45A7596@cisco.com> References: <8242.1449509816@dooku.sandelman.ca> <21477.1449694902@sandelman.ca> In-Reply-To: <21477.1449694902@sandelman.ca> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ms-exchange-messagesentrepresentingtype: 1 x-ms-exchange-transport-fromentityheader: Hosted x-originating-ip: [10.99.106.4] Content-Type: text/plain; charset="utf-8" Content-ID: <55AC416F1D5D944E8D0182CA998D04CF@emea.cisco.com> Content-Transfer-Encoding: base64 MIME-Version: 1.0 Archived-At: Cc: anima-bootstrap Subject: Re: [Anima-bootstrap] anima bootstrap meeting: 2015-12-10 details X-BeenThere: anima-bootstrap@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Mailing list for the bootstrap design team of the ANIMA WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 10 Dec 2015 23:25:52 -0000 DQpXZSBlbmRlZCB1cCBzcGVuZGluZyBtb3N0IG9mIHRoZSAxMi0xMCB0aW1lIG9uIHRoZSDigJxk aXNjb3ZlcnkgbWVjaGFuaXNt4oCdIGFuZCB3aWxsIGRpc2N1c3MgcHJvdG9jb2wgc3RhY2sgYXQg dGhlIG5leHQgbWVldGluZy4gDQoNCk0uUmljaGFyZHNvbiwgd2hhdCBJIG1lYW4gYnkgdGhhdCBp czogSWYgR1JBU1AgZGVwZW5kcyBvbiBBQ1AgYW5kIEFDUCBkZXBlbmRzIG9uIGNyZWRlbnRpYWxz IGFuZCBjcmVkZW50aWFscyBkZXBlbmRzIG9uIGJvb3RzdHJhcHBpbmcgYW5kIGJvb3RzdHJhcHBp bmcgZGVwZW5kcyBvbiBHUkFTUOKApiB0aGVuIHdlIGhhdmUgYSBjaXJjdWxhciBkZXBlbmRlbmN5 LiBDdXR0aW5nIHRoaXMgc2hvcnQgc29tZXdoZXJlIG1lYW5zIGVpdGhlciBmaW5kaW5nIGFkZGlu ZyB0aGUgY29ycmVjdCBvcHRpb24gc3RhdGVtZW50cyB0byBhbGwgb2YgdGhlc2UgcHJvdG9jb2xz IHRvIGNvdmVyIHNlY3VyZSBhbmQgaW5zZWN1cmUgc3RhdGVzIG9yIChteSBwcmVmZXJlbmNlKSBk ZWZpbmluZyBib290c3RyYXBwaW5nIHRvIF9ub3RfIGRlcGVuZCBhbnkgb3RoZXIgYW5pbWEgcHJv dG9jb2wuIChJIHJlY29nbml6ZSB0aGUgdmFsdWUgYXJndW1lbnRzIGFuZCB0aGlzIGlzIHdoYXQg d2XigJlsbCBkaXNjdXNzIGZ1cnRoZXIgbmV4dCB3ZWVrKS4NCg0KLSBtYXgNCg0KPiBPbiBEZWMg OSwgMjAxNSwgYXQgMjowMSBQTSwgTWljaGFlbCBSaWNoYXJkc29uIDxtY3IraWV0ZkBzYW5kZWxt YW4uY2E+IHdyb3RlOg0KPiANCj4gDQo+IE1pY2hhZWwgUmljaGFyZHNvbiA8bWNyK2lldGZAc2Fu ZGVsbWFuLmNhPiB3cm90ZToNCj4+IFRvcGljIGZvciB0aGlzIHdlZWsgd2FzIGNvbnRlbnRzIG9m IGNlcnRpZmljYXRlIHRoYXQgd2lsbCBiZSBwcm92aXNpb25lZA0KPj4gdmlhIEVTVC4NCj4+IChU b3BpY3MgZm9yIG5leHQgdHdvIHdlZWtzOg0KPj4gMS4gUFJPVE9DT0wgU1RBQ0sgICAgICAgICAg ICAgIDIwMTUtMTItMTAuDQo+PiAyLiBESVNDT1ZFUlkgTUVDSEFOSVNNICAgICAgICAgMjAxNS0x Mi0xNy4NCj4+ICkNCj4gDQo+IEkgaG9wZSB0aGF0IFRvZXJsZXNzIG9yIE1pY2hhZWwgQiwgY2Fu IGFydGljdWxhdGUgbW9yZSBjbGVhcmx5IHdoYXQgaXMgbWVhbnQNCj4gYnkgUFJPVE9DT0wgU1RB Q0ssIGFzIEkgaGF2ZSBtYW55IHBvc3NpYmxlIGludGVycHJldGF0aW9ucy4NCj4gDQo+IERldGFp bHMgdG8gY29ubmVjdDoNCj4gICAgICAgIGh0dHBzOi8vaWV0Zi53ZWJleC5jb20vaWV0Zi9qLnBo cD9NVElEPW0wOWNlNzZmYjdlOWFlN2FmMDE1ZDMwMzNiNDJjNTRjMg0KPiANCj4gbWVldGluZyBu dW1iZXI6ICAgNjQ5IDc3MCA3NDINCj4gTWVldGluZyBwYXNzd29yZDogYm9vdHN0cmFwDQo+IDEt ODc3LTY2OC00NDkzIENhbGwtaW4gdG9sbCBmcmVlIG51bWJlciAoVVMvQ2FuYWRhKQ0KPiAxLTY1 MC00NzktMzIwOCBDYWxsLWluIHRvbGwgbnVtYmVyIChVUy9DYW5hZGEpDQo+IA0KPiBXZSB3aWxs IHVzZSB0aGUgZXRoZXJwYWQgYXQ6DQo+ICAgaHR0cDovL2V0aGVycGFkLnRvb2xzLmlldGYub3Jn OjkwMDAvcC9hbmltYS1ib29zdHJhcHBpbmc/dXNlTW9ub3NwYWNlRm9udD10cnVlDQo+ICAgKG5v dGUgdHlwbyBpbiBib29zdHJhcHBpbmcpDQo+IA0KPiBJIHNlbnQgYW4gaWNhbCBpbnZpdGUgdG8g dGhlIGxpc3Qgd2hpY2ggaXMgcHJvYmFibHkgbG9zdCBpbiBsaXN0IG1vZGVyYXRpb24uDQo+IFRo aXMgbGluayBtaWdodCBoZWxwOg0KPiAgaHR0cHM6Ly9jYWxlbmRhci5nb29nbGUuY29tL2NhbGVu ZGFyL2V2ZW50P2FjdGlvbj1URU1QTEFURSZ0bWVpZD1NSFIwYWpSdGJETTJNblUxTm1VMllXOW9j V3RyTkdZMlpHOWZNakF4TlRFeU1UQlVNVFl3TURBd1dpQnRZMmhoY214bGMzSkFiUSZ0bXNyYz1t Y2hhcmxlc3IlNDBnbWFpbC5jb20NCj4gDQo+IEl0J3MgYXQgMTYwMFVUQy4NCj4gDQo+IC0tDQo+ IE1pY2hhZWwgUmljaGFyZHNvbiA8bWNyK0lFVEZAc2FuZGVsbWFuLmNhPiwgU2FuZGVsbWFuIFNv ZnR3YXJlIFdvcmtzDQo+IC09IElQdjYgSW9UIGNvbnN1bHRpbmcgPS0NCj4gDQo+IA0KPiANCj4g X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX18NCj4gQW5pbWEt Ym9vdHN0cmFwIG1haWxpbmcgbGlzdA0KPiBBbmltYS1ib290c3RyYXBAaWV0Zi5vcmcNCj4gaHR0 cHM6Ly93d3cuaWV0Zi5vcmcvbWFpbG1hbi9saXN0aW5mby9hbmltYS1ib290c3RyYXANCg0K From nobody Wed Dec 16 01:04:38 2015 Return-Path: X-Original-To: anima-bootstrap@ietfa.amsl.com Delivered-To: anima-bootstrap@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 91CF91ACC91 for ; Wed, 16 Dec 2015 01:04:36 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -14.509 X-Spam-Level: X-Spam-Status: No, score=-14.509 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, T_RP_MATCHES_RCVD=-0.01, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id na7O4U82K5Fy for ; Wed, 16 Dec 2015 01:04:34 -0800 (PST) Received: from rcdn-iport-6.cisco.com (rcdn-iport-6.cisco.com [173.37.86.77]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D9A961ACAD5 for ; Wed, 16 Dec 2015 01:04:30 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=13519; q=dns/txt; s=iport; t=1450256670; x=1451466270; h=from:to:subject:date:message-id:mime-version; bh=Ya+4zJDpKiFslEwrzUy31HN1yOkxK8Ga2spJ315b1zs=; b=kqGxmotPsXVjE9iWdxz2OOsqD0/hdUrfsmIlnUigl3ylCFCN4SOYdCOO sQ8U9qdlr0j9qRclt69q/0tAYmqOVxvMHW4xr1eF9SYbUcboEBFOLxfhH jil2+Ino8TpiJ4LaoDMdMKgpiHBr1QG61hPOBX00wWlx2zBhw3HBsIWR/ Y=; X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0BgAADfJ3FW/5tdJa1EFwOCbg89Um0Gh?= =?us-ascii?q?Bq5QQENfgVgI4VqHoEeOBQBAQEBAQEBgQqENwICI0MhBAE0BAwGAgQZFyQCAQE?= =?us-ascii?q?DARqIJw47q1iFMYxYAQEBAQEBAQMBAQEBAQEBARIJBI0PAYEwgVgoCwwaB4JOg?= =?us-ascii?q?UkFiDOKU4N2AYU4hVSCNIFjFoQvkwWDcwEfAQFCghEdgQdPcgGDKAQ/gQgBAQE?= X-IronPort-AV: E=Sophos; i="5.20,436,1444694400"; d="scan'208,217"; a="56038481" Received: from rcdn-core-4.cisco.com ([173.37.93.155]) by rcdn-iport-6.cisco.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 16 Dec 2015 09:04:29 +0000 Received: from XCH-ALN-012.cisco.com (xch-aln-012.cisco.com [173.36.7.22]) by rcdn-core-4.cisco.com (8.14.5/8.14.5) with ESMTP id tBG94Tdm028303 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Wed, 16 Dec 2015 09:04:29 GMT Received: from xch-rcd-003.cisco.com (173.37.102.13) by XCH-ALN-012.cisco.com (173.36.7.22) with Microsoft SMTP Server (TLS) id 15.0.1104.5; Wed, 16 Dec 2015 03:04:29 -0600 Received: from xch-rcd-003.cisco.com ([173.37.102.13]) by XCH-RCD-003.cisco.com ([173.37.102.13]) with mapi id 15.00.1104.009; Wed, 16 Dec 2015 03:04:28 -0600 From: "Toerless Eckert (eckert)" To: "Max Pritikin (pritikin)" , "Jason Coleman (colemaj)" , "mcr+ietf@sandelman.ca" , "ietf@sandeep.de" , "Michael Behringer (mbehring)" , "alper.yegin@yegin.org" , "jiangsheng@huawei.com" , "leo.liubing@huawei.com" , "brian.e.carpenter@gmail.com" , "kwatsen@juniper.net" , "anima-bootstrap@ietf.org" Thread-Topic: Weekly Webex invite for anima bootstrap team meeting Thread-Index: AdCq3XIOlfGppXwlS+iXiAzrSXhA3g== Date: Wed, 16 Dec 2015 09:04:28 +0000 Message-ID: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ms-exchange-transport-fromentityheader: Hosted x-originating-ip: [10.32.225.68] Content-Type: multipart/alternative; boundary="_000_b9e905257fac4b6e832ba85c6cbd7c3dXCHRCD003ciscocom_" MIME-Version: 1.0 Archived-At: Subject: [Anima-bootstrap] Canceled: Weekly Webex invite for anima bootstrap team meeting X-BeenThere: anima-bootstrap@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Mailing list for the bootstrap design team of the ANIMA WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 16 Dec 2015 09:04:36 -0000 --_000_b9e905257fac4b6e832ba85c6cbd7c3dXCHRCD003ciscocom_ Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Deleting this old series. So Wednesday 7 AM PST seems to be the best slot - it fits everybody except = Brian and myself, and I think I can get the other meeting moved. Michael Ri= chardson also mentioned that we may be on/off 1 hour due to daylight saving= times, so let me shoot the meeting invite out here with outlook and webex,= and see if this still works for everybody else. Cheers Toerless -- Do not delete or change any of the following text. -- Join WebEx meeting Meeting number: 200 557 721 Meeting password: boot If you are the host, you can use the meeting host key to pass the host priv= ilege to another participant or to start the meeting from a video conferenc= ing system or application. To find the host key for this meeting, go here.<= https://cisco.webex.com/ciscosales/j.php?MTID=3Dm0ab0c7d2c43095ce03ec01239f= d109bf> Join by phone +1-866-432-9903 Call-in toll-free number (US/Canada) +1-408-525-6800 Call-in toll number (US/Canada) Access code: 200 557 721 Global call-in numbers | Toll-free calling restricti= ons Can't join the meeting? Contact support. IMPORTANT NOTICE: Please note that this WebEx service allows audio and othe= r information sent during the session to be recorded, which may be discover= able in a legal matter. By joining this session, you automatically consent = to such recordings. If you do not consent to being recorded, discuss your c= oncerns with the host or do not join the session.. --_000_b9e905257fac4b6e832ba85c6cbd7c3dXCHRCD003ciscocom_ Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable
Deleting this old series.

So Wednesday 7 AM PST seems to be the best slot – it fits everyb= ody except Brian and myself, and I think I can get the other meeting moved.= Michael Richardson also mentioned that we may be on/off 1 hour due to dayl= ight saving times, so let me shoot the meeting invite out here with outlook and webex, and see if this still work= s for everybody else.

Cheers
Toerless


-- Do not delete or change any= of the following text. --


Join WebEx meeting
Meeting number: 200 557 7= 21
Meeting password: = boot


If you are the host, you = can use the meeting host key to pass the host privilege to another particip= ant or to start the meeting from a video conferencing system or application= . To find the host key for this meeting, go here.

Join by phone
+1-866-432-99= 03 Call-in toll-free number (US/Canada)
+1-408-525-68= 00 Call-in toll number (US/Canada)
Access code: 200 557 721<= /font>
Global call-in numbers | Toll-free calling restrictions=


Can't join the meeting? Contact support.

IMPORTANT NOTICE: Please = note that this WebEx service allows audio and other information sent during= the session to be recorded, which may be discoverable in a legal matter. B= y joining this session, you automatically consent to such recordings. If you do not consent to being recorded, discu= ss your concerns with the host or do not join the session.. --_000_b9e905257fac4b6e832ba85c6cbd7c3dXCHRCD003ciscocom_ Content-Type: text/calendar; charset="utf-8"; method=CANCEL Content-Transfer-Encoding: base64 QkVHSU46VkNBTEVOREFSDQpNRVRIT0Q6Q0FOQ0VMDQpQUk9ESUQ6TWljcm9zb2Z0IEV4Y2hhbmdl IFNlcnZlciAyMDEwDQpWRVJTSU9OOjIuMA0KQkVHSU46VlRJTUVaT05FDQpUWklEOlBhY2lmaWMg U3RhbmRhcmQgVGltZQ0KQkVHSU46U1RBTkRBUkQNCkRUU1RBUlQ6MTYwMTAxMDFUMDIwMDAwDQpU Wk9GRlNFVEZST006LTA3MDANClRaT0ZGU0VUVE86LTA4MDANClJSVUxFOkZSRVE9WUVBUkxZO0lO VEVSVkFMPTE7QllEQVk9MVNVO0JZTU9OVEg9MTENCkVORDpTVEFOREFSRA0KQkVHSU46REFZTElH SFQNCkRUU1RBUlQ6MTYwMTAxMDFUMDIwMDAwDQpUWk9GRlNFVEZST006LTA4MDANClRaT0ZGU0VU VE86LTA3MDANClJSVUxFOkZSRVE9WUVBUkxZO0lOVEVSVkFMPTE7QllEQVk9MlNVO0JZTU9OVEg9 Mw0KRU5EOkRBWUxJR0hUDQpFTkQ6VlRJTUVaT05FDQpCRUdJTjpWRVZFTlQNCk9SR0FOSVpFUjtD Tj1Ub2VybGVzcyBFY2tlcnQgKGVja2VydCk6TUFJTFRPOmVja2VydEBjaXNjby5jb20NCkFUVEVO REVFO1JPTEU9UkVRLVBBUlRJQ0lQQU5UO1BBUlRTVEFUPU5FRURTLUFDVElPTjtSU1ZQPVRSVUU7 Q049TWF4IFByaXRpaw0KIGluIChwcml0aWtpbik6TUFJTFRPOnByaXRpa2luQGNpc2NvLmNvbQ0K QVRURU5ERUU7Uk9MRT1SRVEtUEFSVElDSVBBTlQ7UEFSVFNUQVQ9TkVFRFMtQUNUSU9OO1JTVlA9 VFJVRTtDTj1KYXNvbiBDb2xlDQogbWFuIChjb2xlbWFqKTpNQUlMVE86Y29sZW1hakBjaXNjby5j b20NCkFUVEVOREVFO1JPTEU9UkVRLVBBUlRJQ0lQQU5UO1BBUlRTVEFUPU5FRURTLUFDVElPTjtS U1ZQPVRSVUU7Q049bWNyK2lldGZAcw0KIGFuZGVsbWFuLmNhOk1BSUxUTzptY3IraWV0ZkBzYW5k ZWxtYW4uY2ENCkFUVEVOREVFO1JPTEU9UkVRLVBBUlRJQ0lQQU5UO1BBUlRTVEFUPU5FRURTLUFD VElPTjtSU1ZQPVRSVUU7Q049aWV0ZkBzYW5kZQ0KIGVwLmRlOk1BSUxUTzppZXRmQHNhbmRlZXAu ZGUNCkFUVEVOREVFO1JPTEU9UkVRLVBBUlRJQ0lQQU5UO1BBUlRTVEFUPU5FRURTLUFDVElPTjtS U1ZQPVRSVUU7Q049TWljaGFlbCBCZQ0KIGhyaW5nZXIgKG1iZWhyaW5nKTpNQUlMVE86bWJlaHJp bmdAY2lzY28uY29tDQpBVFRFTkRFRTtST0xFPVJFUS1QQVJUSUNJUEFOVDtQQVJUU1RBVD1ORUVE Uy1BQ1RJT047UlNWUD1UUlVFO0NOPWFscGVyLnllZ2kNCiBuQHllZ2luLm9yZzpNQUlMVE86YWxw ZXIueWVnaW5AeWVnaW4ub3JnDQpBVFRFTkRFRTtST0xFPVJFUS1QQVJUSUNJUEFOVDtQQVJUU1RB VD1ORUVEUy1BQ1RJT047UlNWUD1UUlVFO0NOPWppYW5nc2hlbmcNCiBAaHVhd2VpLmNvbTpNQUlM VE86amlhbmdzaGVuZ0BodWF3ZWkuY29tDQpBVFRFTkRFRTtST0xFPVJFUS1QQVJUSUNJUEFOVDtQ QVJUU1RBVD1ORUVEUy1BQ1RJT047UlNWUD1UUlVFO0NOPWxlby5saXViaW4NCiBnQGh1YXdlaS5j b206TUFJTFRPOmxlby5saXViaW5nQGh1YXdlaS5jb20NCkFUVEVOREVFO1JPTEU9UkVRLVBBUlRJ Q0lQQU5UO1BBUlRTVEFUPU5FRURTLUFDVElPTjtSU1ZQPVRSVUU7Q049YnJpYW4uZS5jYQ0KIHJw ZW50ZXJAZ21haWwuY29tOk1BSUxUTzpicmlhbi5lLmNhcnBlbnRlckBnbWFpbC5jb20NCkFUVEVO REVFO1JPTEU9UkVRLVBBUlRJQ0lQQU5UO1BBUlRTVEFUPU5FRURTLUFDVElPTjtSU1ZQPVRSVUU7 Q049a3dhdHNlbkBqdQ0KIG5pcGVyLm5ldDpNQUlMVE86a3dhdHNlbkBqdW5pcGVyLm5ldA0KQVRU RU5ERUU7Uk9MRT1SRVEtUEFSVElDSVBBTlQ7UEFSVFNUQVQ9TkVFRFMtQUNUSU9OO1JTVlA9VFJV RTtDTj1hbmltYS1ib290DQogc3RyYXBAaWV0Zi5vcmc6TUFJTFRPOmFuaW1hLWJvb3RzdHJhcEBp ZXRmLm9yZw0KREVTQ1JJUFRJT047TEFOR1VBR0U9ZW4tVVM6RGVsZXRpbmcgdGhpcyBvbGQgc2Vy aWVzLlxuXG5TbyBXZWRuZXNkYXkgNyBBTSBQDQogU1Qgc2VlbXMgdG8gYmUgdGhlIGJlc3Qgc2xv dCDigJMgaXQgZml0cyBldmVyeWJvZHkgZXhjZXB0IEJyaWFuIGFuZCBteXNlbGYNCiBcLCBhbmQg SSB0aGluayBJIGNhbiBnZXQgdGhlIG90aGVyIG1lZXRpbmcgbW92ZWQuIE1pY2hhZWwgUmljaGFy ZHNvbiBhbHNvIA0KIG1lbnRpb25lZCB0aGF0IHdlIG1heSBiZSBvbi9vZmYgMSBob3VyIGR1ZSB0 byBkYXlsaWdodCBzYXZpbmcgdGltZXNcLCBzbyBsDQogZXQgbWUgc2hvb3QgdGhlIG1lZXRpbmcg aW52aXRlIG91dCBoZXJlIHdpdGggb3V0bG9vayBhbmQgd2ViZXhcLCBhbmQgc2VlIGkNCiBmIHRo aXMgc3RpbGwgd29ya3MgZm9yIGV2ZXJ5Ym9keSBlbHNlLlxuXG5DaGVlcnNcblRvZXJsZXNzXG5c blxuLS0gRG8gbm90IA0KIGRlbGV0ZSBvciBjaGFuZ2UgYW55IG9mIHRoZSBmb2xsb3dpbmcgdGV4 dC4gLS1cblxuXG5Kb2luIFdlYkV4IG1lZXRpbmc8aHR0DQogcHM6Ly9jaXNjby53ZWJleC5jb20v Y2lzY29zYWxlcy9qLnBocD9NVElEPW1hNWE3MTc4ZDAyYTJlZGNiMGM2ZDdiNDNlNTMxNWYNCiAw OD5cbk1lZXRpbmcgbnVtYmVyOiAyMDAgNTU3IDcyMVxuTWVldGluZyBwYXNzd29yZDogYm9vdFxu XG5cbklmIHlvdSBhcmUgdA0KIGhlIGhvc3RcLCB5b3UgY2FuIHVzZSB0aGUgbWVldGluZyBob3N0 IGtleSB0byBwYXNzIHRoZSBob3N0IHByaXZpbGVnZSB0byBhDQogbm90aGVyIHBhcnRpY2lwYW50 IG9yIHRvIHN0YXJ0IHRoZSBtZWV0aW5nIGZyb20gYSB2aWRlbyBjb25mZXJlbmNpbmcgc3lzdGUN CiBtIG9yIGFwcGxpY2F0aW9uLiBUbyBmaW5kIHRoZSBob3N0IGtleSBmb3IgdGhpcyBtZWV0aW5n XCwgZ28gaGVyZS48aHR0cHM6Lw0KIC9jaXNjby53ZWJleC5jb20vY2lzY29zYWxlcy9qLnBocD9N VElEPW0wYWIwYzdkMmM0MzA5NWNlMDNlYzAxMjM5ZmQxMDliZj5cDQogblxuSm9pbiBieSBwaG9u ZVxuKzEtODY2LTQzMi05OTAzIENhbGwtaW4gdG9sbC1mcmVlIG51bWJlciAoVVMvQ2FuYWRhKVxu KzENCiAtNDA4LTUyNS02ODAwIENhbGwtaW4gdG9sbCBudW1iZXIgKFVTL0NhbmFkYSlcbkFjY2Vz cyBjb2RlOiAyMDAgNTU3IDcyMVxuRw0KIGxvYmFsIGNhbGwtaW4gbnVtYmVyczxodHRwczovL2Np c2NvLndlYmV4LmNvbS9jaXNjb3NhbGVzL2dsb2JhbGNhbGxpbi5waHA/DQogc2VydmljZVR5cGU9 TUMmRUQ9MzE3MTg2NTMyJnRvbGxGcmVlPTE+IHwgVG9sbC1mcmVlIGNhbGxpbmcgcmVzdHJpY3Rp b25zPGgNCiB0dHA6Ly93d3cud2ViZXguY29tL3BkZi90b2xsZnJlZV9yZXN0cmljdGlvbnMucGRm PlxuXG5cbkNhbid0IGpvaW4gdGhlIG1lZQ0KIHRpbmc/IENvbnRhY3Qgc3VwcG9ydC48aHR0cHM6 Ly9jaXNjby53ZWJleC5jb20vY2lzY29zYWxlcy9tYz5cblxuSU1QT1JUQU5UDQogIE5PVElDRTog UGxlYXNlIG5vdGUgdGhhdCB0aGlzIFdlYkV4IHNlcnZpY2UgYWxsb3dzIGF1ZGlvIGFuZCBvdGhl ciBpbmZvcm0NCiBhdGlvbiBzZW50IGR1cmluZyB0aGUgc2Vzc2lvbiB0byBiZSByZWNvcmRlZFws IHdoaWNoIG1heSBiZSBkaXNjb3ZlcmFibGUgaQ0KIG4gYSBsZWdhbCBtYXR0ZXIuIEJ5IGpvaW5p bmcgdGhpcyBzZXNzaW9uXCwgeW91IGF1dG9tYXRpY2FsbHkgY29uc2VudCB0byBzDQogdWNoIHJl Y29yZGluZ3MuIElmIHlvdSBkbyBub3QgY29uc2VudCB0byBiZWluZyByZWNvcmRlZFwsIGRpc2N1 c3MgeW91ciBjb24NCiBjZXJucyB3aXRoIHRoZSBob3N0IG9yIGRvIG5vdCBqb2luIHRoZSBzZXNz aW9uLi5cbg0KUlJVTEU6RlJFUT1XRUVLTFk7SU5URVJWQUw9MTtCWURBWT1XRTtXS1NUPVNVDQpT VU1NQVJZO0xBTkdVQUdFPWVuLVVTOkNhbmNlbGVkOiBXZWVrbHkgV2ViZXggaW52aXRlIGZvciBh bmltYSBib290c3RyYXAgdGUNCiBhbSBtZWV0aW5nDQpEVFNUQVJUO1RaSUQ9UGFjaWZpYyBTdGFu ZGFyZCBUaW1lOjIwMTUwNjI0VDA3MDAwMA0KRFRFTkQ7VFpJRD1QYWNpZmljIFN0YW5kYXJkIFRp bWU6MjAxNTA2MjRUMDgwMDAwDQpVSUQ6NTEwMjYyOTQtMTA2Qy00MzI1LTlBQjQtQjQ0ODA5OUYx MjM4DQpDTEFTUzpQVUJMSUMNClBSSU9SSVRZOjUNCkRUU1RBTVA6MjAxNTEyMTZUMDkwNDI4Wg0K VFJBTlNQOk9QQVFVRQ0KU1RBVFVTOkNBTkNFTExFRA0KU0VRVUVOQ0U6MQ0KTE9DQVRJT047TEFO R1VBR0U9ZW4tVVM6V2ViZXggLSBWaWRlby9BdWRpbw0KWC1NSUNST1NPRlQtQ0RPLUFQUFQtU0VR VUVOQ0U6MQ0KWC1NSUNST1NPRlQtQ0RPLU9XTkVSQVBQVElEOjIxMTMzMTM4NjQNClgtTUlDUk9T T0ZULUNETy1CVVNZU1RBVFVTOkZSRUUNClgtTUlDUk9TT0ZULUNETy1JTlRFTkRFRFNUQVRVUzpG UkVFDQpYLU1JQ1JPU09GVC1DRE8tQUxMREFZRVZFTlQ6RkFMU0UNClgtTUlDUk9TT0ZULUNETy1J TVBPUlRBTkNFOjENClgtTUlDUk9TT0ZULUNETy1JTlNUVFlQRToxDQpYLU1JQ1JPU09GVC1ESVNB TExPVy1DT1VOVEVSOkZBTFNFDQpFTkQ6VkVWRU5UDQpCRUdJTjpWRVZFTlQNClNVTU1BUlk6DQpE VFNUQVJUO1RaSUQ9UGFjaWZpYyBTdGFuZGFyZCBUaW1lOjIwMTUwNjI0VDA3MDAwMA0KRFRFTkQ7 VFpJRD1QYWNpZmljIFN0YW5kYXJkIFRpbWU6MjAxNTA2MjRUMDgwMDAwDQpVSUQ6NTEwMjYyOTQt MTA2Qy00MzI1LTlBQjQtQjQ0ODA5OUYxMjM4DQpSRUNVUlJFTkNFLUlEO1RaSUQ9UGFjaWZpYyBT dGFuZGFyZCBUaW1lOjIwMTUwNjI0VDAwMDAwMA0KQ0xBU1M6UFVCTElDDQpQUklPUklUWTo1DQpE VFNUQU1QOjIwMTUxMjE2VDA5MDQyOVoNClRSQU5TUDpPUEFRVUUNClNUQVRVUzpDT05GSVJNRUQN ClNFUVVFTkNFOjANCkxPQ0FUSU9OOldlYmV4IC0gVmlkZW8vQXVkaW8NClgtTUlDUk9TT0ZULUNE Ty1BUFBULVNFUVVFTkNFOjANClgtTUlDUk9TT0ZULUNETy1CVVNZU1RBVFVTOkJVU1kNClgtTUlD Uk9TT0ZULUNETy1JTlRFTkRFRFNUQVRVUzpCVVNZDQpYLU1JQ1JPU09GVC1DRE8tQUxMREFZRVZF TlQ6RkFMU0UNClgtTUlDUk9TT0ZULUNETy1JTVBPUlRBTkNFOjENClgtTUlDUk9TT0ZULUNETy1J TlNUVFlQRTowDQpYLU1JQ1JPU09GVC1ESVNBTExPVy1DT1VOVEVSOkZBTFNFDQpFTkQ6VkVWRU5U DQpCRUdJTjpWRVZFTlQNClNVTU1BUlk6DQpEVFNUQVJUO1RaSUQ9UGFjaWZpYyBTdGFuZGFyZCBU aW1lOjIwMTUwNzIyVDA3MDAwMA0KRFRFTkQ7VFpJRD1QYWNpZmljIFN0YW5kYXJkIFRpbWU6MjAx NTA3MjJUMDgwMDAwDQpVSUQ6NTEwMjYyOTQtMTA2Qy00MzI1LTlBQjQtQjQ0ODA5OUYxMjM4DQpS RUNVUlJFTkNFLUlEO1RaSUQ9UGFjaWZpYyBTdGFuZGFyZCBUaW1lOjIwMTUwNzIyVDAwMDAwMA0K Q0xBU1M6UFVCTElDDQpQUklPUklUWTo1DQpEVFNUQU1QOjIwMTUxMjE2VDA5MDQyOVoNClRSQU5T UDpPUEFRVUUNClNUQVRVUzpDT05GSVJNRUQNClNFUVVFTkNFOjANCkxPQ0FUSU9OOldlYmV4IC0g VmlkZW8vQXVkaW8NClgtTUlDUk9TT0ZULUNETy1BUFBULVNFUVVFTkNFOjANClgtTUlDUk9TT0ZU LUNETy1CVVNZU1RBVFVTOkJVU1kNClgtTUlDUk9TT0ZULUNETy1JTlRFTkRFRFNUQVRVUzpCVVNZ DQpYLU1JQ1JPU09GVC1DRE8tQUxMREFZRVZFTlQ6RkFMU0UNClgtTUlDUk9TT0ZULUNETy1JTVBP UlRBTkNFOjENClgtTUlDUk9TT0ZULUNETy1JTlNUVFlQRTowDQpYLU1JQ1JPU09GVC1ESVNBTExP Vy1DT1VOVEVSOkZBTFNFDQpFTkQ6VkVWRU5UDQpFTkQ6VkNBTEVOREFSDQo= --_000_b9e905257fac4b6e832ba85c6cbd7c3dXCHRCD003ciscocom_-- From nobody Wed Dec 16 01:11:55 2015 Return-Path: X-Original-To: anima-bootstrap@ietfa.amsl.com Delivered-To: anima-bootstrap@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5F62E1ACC92 for ; Wed, 16 Dec 2015 01:11:54 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -14.508 X-Spam-Level: X-Spam-Status: No, score=-14.508 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, T_RP_MATCHES_RCVD=-0.01, USER_IN_DEF_DKIM_WL=-7.5, WEIRD_PORT=0.001] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3Qf326Msaa4M for ; Wed, 16 Dec 2015 01:11:52 -0800 (PST) Received: from alln-iport-6.cisco.com (alln-iport-6.cisco.com [173.37.142.93]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C2BAC1ACC89 for ; Wed, 16 Dec 2015 01:11:52 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=8661; q=dns/txt; s=iport; t=1450257112; x=1451466712; h=from:to:subject:date:message-id:mime-version; bh=idSkHnLurl+c9+DKFBVQclQCpQnik5mACu1FcCWA1uY=; b=iS8/jgWkpQAwyZKYv1fyea/rX4JCHJxQ30PQuaHt2XB0vvW75FLmKMWm 5Y/XiSLhwJRAgkGBsJrOAr0OZX0IgX8NNiJUz60P8pCYoRaCihIzEFUon v/lt2jg7wrGjVBO0yMGd6M/rUviLzFfi4Z58oFno1Gg5c+pPI4kZKGeM/ 0=; X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0BjAAC+KXFW/4kNJK1EFwOCbkxSbQaEG?= =?us-ascii?q?rhLdgENfgVgHIUSfYEbOBQBAQEBAQEBgQqENwQjQyUBDCgEDAYCBDAkAgEBAwE?= =?us-ascii?q?SCIgSAxIOO6tdhTGMWAEBAQEBAQEBAQEBAQEBAQEBAQEBAQ8JjRMBgRKBdlkHg?= =?us-ascii?q?k6BSQWNb4kNAYU4iAiCLJp0AR8BAUKCER2BB09yAYNrgQgBAQE?= X-IronPort-AV: E=Sophos;i="5.20,436,1444694400"; d="scan'208,217";a="218508794" Received: from alln-core-4.cisco.com ([173.36.13.137]) by alln-iport-6.cisco.com with ESMTP/TLS/DHE-RSA-AES256-SHA; 16 Dec 2015 09:11:52 +0000 Received: from XCH-RCD-009.cisco.com (xch-rcd-009.cisco.com [173.37.102.19]) by alln-core-4.cisco.com (8.14.5/8.14.5) with ESMTP id tBG9BpHK010789 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Wed, 16 Dec 2015 09:11:51 GMT Received: from xch-rcd-003.cisco.com (173.37.102.13) by XCH-RCD-009.cisco.com (173.37.102.19) with Microsoft SMTP Server (TLS) id 15.0.1104.5; Wed, 16 Dec 2015 03:11:51 -0600 Received: from xch-rcd-003.cisco.com ([173.37.102.13]) by XCH-RCD-003.cisco.com ([173.37.102.13]) with mapi id 15.00.1104.009; Wed, 16 Dec 2015 03:11:51 -0600 From: "Toerless Eckert (eckert)" To: "Max Pritikin (pritikin)" , "Jason Coleman (colemaj)" , "mcr+ietf@sandelman.ca" , "ietf@sandeep.de" , "Michael Behringer (mbehring)" , "alper.yegin@yegin.org" , "jiangsheng@huawei.com" , "leo.liubing@huawei.com" , "brian.e.carpenter@gmail.com" , "kwatsen@juniper.net" , "anima-bootstrap@ietf.org" Thread-Topic: Weekly Webex invite for anima bootstrap team meeting Thread-Index: AdE34cx1gXFHBFwsmky5Li84+1zjog== Date: Wed, 16 Dec 2015 09:11:50 +0000 Message-ID: <71e4d7dd93594580843368a1c9bb9b93@XCH-RCD-003.cisco.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ms-exchange-messagesentrepresentingtype: 1 x-ms-exchange-transport-fromentityheader: Hosted x-originating-ip: [10.32.225.68] Content-Type: multipart/alternative; boundary="_000_71e4d7dd93594580843368a1c9bb9b93XCHRCD003ciscocom_" MIME-Version: 1.0 Archived-At: Subject: [Anima-bootstrap] Weekly Webex invite for anima bootstrap team meeting X-BeenThere: anima-bootstrap@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Mailing list for the bootstrap design team of the ANIMA WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 16 Dec 2015 09:11:54 -0000 --_000_71e4d7dd93594580843368a1c9bb9b93XCHRCD003ciscocom_ Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Outlook invite for new series with IETF Webex set up by Michael Richardson. Time: Weekly, Thursday, 1600UTC. Etherpad: http://etherpad.tools.ietf.org:9000/p/anima-boostrapping?useMonospaceFon= t=3Dtrue (note typo in boostrapping) iCal: https://calendar.google.com/calendar/event?action=3DTEMPLATE&tmeid=3DMHR0= ajRtbDM2MnU1NmU2YW9ocWtrNGY2ZG9fMjAxNTEyMTBUMTYwMDAwWiBtY2hhcmxlc3JAbQ&tmsr= c=3Dmcharlesr%40gmail.com Webex set up by Michael Richardson : Dialin: https://ietf.webex.com/ietf/j.php?MTID=3Dm09ce76fb7e9ae7af015d3033b42c54c= 2 meeting number: 649 770 742 Meeting password: bootstrap 1-877-668-4493 Call-in toll free number (US/Canada) 1-650-479-3208 Call-in toll number (US/Canada) --_000_71e4d7dd93594580843368a1c9bb9b93XCHRCD003ciscocom_ Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable
Outlook invite for new series with IETF Webex set up by Michael Richar= dson.

Time= :

Week= ly, Thursday, 1600UTC.


Ethe= rpad:

http= ://etherpad.tools.ietf.org:9000/p/anima-boostrapping?useMonospaceFont=3Dtru= e

(not= e typo in boostrapping)


iCal= :

http= s://calendar.google.com/calendar/event?action=3DTEMPLATE&tmeid=3DMHR0aj= RtbDM2MnU1NmU2YW9ocWtrNGY2ZG9fMjAxNTEyMTBUMTYwMDAwWiBtY2hhcmxlc3JAbQ&tm= src=3Dmcharlesr%40gmail.com



Webe= x set up by Michael Richardson :

Dial= in:

http= s://ietf.webex.com/ietf/j.php?MTID=3Dm09ce76fb7e9ae7af015d3033b42c54c2

meet= ing number: 649 770 742

Meet= ing password: bootstrap

1-87= 7-668-4493 Call-in toll free number (US/Canada)

1-65= 0-479-3208 Call-in toll number (US/Canada)


--_000_71e4d7dd93594580843368a1c9bb9b93XCHRCD003ciscocom_ Content-Type: text/calendar; charset="utf-8"; method=REQUEST Content-Transfer-Encoding: base64 QkVHSU46VkNBTEVOREFSDQpNRVRIT0Q6UkVRVUVTVA0KUFJPRElEOk1pY3Jvc29mdCBFeGNoYW5n ZSBTZXJ2ZXIgMjAxMA0KVkVSU0lPTjoyLjANCkJFR0lOOlZUSU1FWk9ORQ0KVFpJRDpVVEMNCkJF R0lOOlNUQU5EQVJEDQpEVFNUQVJUOjE2MDEwMTAxVDAwMDAwMA0KVFpPRkZTRVRGUk9NOiswMDAw DQpUWk9GRlNFVFRPOiswMDAwDQpFTkQ6U1RBTkRBUkQNCkJFR0lOOkRBWUxJR0hUDQpEVFNUQVJU OjE2MDEwMTAxVDAwMDAwMA0KVFpPRkZTRVRGUk9NOiswMDAwDQpUWk9GRlNFVFRPOiswMDAwDQpF TkQ6REFZTElHSFQNCkVORDpWVElNRVpPTkUNCkJFR0lOOlZFVkVOVA0KT1JHQU5JWkVSO0NOPVRv ZXJsZXNzIEVja2VydCAoZWNrZXJ0KTpNQUlMVE86ZWNrZXJ0QGNpc2NvLmNvbQ0KQVRURU5ERUU7 Uk9MRT1SRVEtUEFSVElDSVBBTlQ7UEFSVFNUQVQ9TkVFRFMtQUNUSU9OO1JTVlA9VFJVRTtDTj1N YXggUHJpdGlrDQogaW4gKHByaXRpa2luKTpNQUlMVE86cHJpdGlraW5AY2lzY28uY29tDQpBVFRF TkRFRTtST0xFPVJFUS1QQVJUSUNJUEFOVDtQQVJUU1RBVD1ORUVEUy1BQ1RJT047UlNWUD1UUlVF O0NOPUphc29uIENvbGUNCiBtYW4gKGNvbGVtYWopOk1BSUxUTzpjb2xlbWFqQGNpc2NvLmNvbQ0K QVRURU5ERUU7Uk9MRT1SRVEtUEFSVElDSVBBTlQ7UEFSVFNUQVQ9TkVFRFMtQUNUSU9OO1JTVlA9 VFJVRTtDTj1tY3IraWV0ZkBzDQogYW5kZWxtYW4uY2E6TUFJTFRPOm1jcitpZXRmQHNhbmRlbG1h bi5jYQ0KQVRURU5ERUU7Uk9MRT1SRVEtUEFSVElDSVBBTlQ7UEFSVFNUQVQ9TkVFRFMtQUNUSU9O O1JTVlA9VFJVRTtDTj1pZXRmQHNhbmRlDQogZXAuZGU6TUFJTFRPOmlldGZAc2FuZGVlcC5kZQ0K QVRURU5ERUU7Uk9MRT1SRVEtUEFSVElDSVBBTlQ7UEFSVFNUQVQ9TkVFRFMtQUNUSU9OO1JTVlA9 VFJVRTtDTj1NaWNoYWVsIEJlDQogaHJpbmdlciAobWJlaHJpbmcpOk1BSUxUTzptYmVocmluZ0Bj aXNjby5jb20NCkFUVEVOREVFO1JPTEU9UkVRLVBBUlRJQ0lQQU5UO1BBUlRTVEFUPU5FRURTLUFD VElPTjtSU1ZQPVRSVUU7Q049YWxwZXIueWVnaQ0KIG5AeWVnaW4ub3JnOk1BSUxUTzphbHBlci55 ZWdpbkB5ZWdpbi5vcmcNCkFUVEVOREVFO1JPTEU9UkVRLVBBUlRJQ0lQQU5UO1BBUlRTVEFUPU5F RURTLUFDVElPTjtSU1ZQPVRSVUU7Q049amlhbmdzaGVuZw0KIEBodWF3ZWkuY29tOk1BSUxUTzpq aWFuZ3NoZW5nQGh1YXdlaS5jb20NCkFUVEVOREVFO1JPTEU9UkVRLVBBUlRJQ0lQQU5UO1BBUlRT VEFUPU5FRURTLUFDVElPTjtSU1ZQPVRSVUU7Q049bGVvLmxpdWJpbg0KIGdAaHVhd2VpLmNvbTpN QUlMVE86bGVvLmxpdWJpbmdAaHVhd2VpLmNvbQ0KQVRURU5ERUU7Uk9MRT1SRVEtUEFSVElDSVBB TlQ7UEFSVFNUQVQ9TkVFRFMtQUNUSU9OO1JTVlA9VFJVRTtDTj1icmlhbi5lLmNhDQogcnBlbnRl ckBnbWFpbC5jb206TUFJTFRPOmJyaWFuLmUuY2FycGVudGVyQGdtYWlsLmNvbQ0KQVRURU5ERUU7 Uk9MRT1SRVEtUEFSVElDSVBBTlQ7UEFSVFNUQVQ9TkVFRFMtQUNUSU9OO1JTVlA9VFJVRTtDTj1r d2F0c2VuQGp1DQogbmlwZXIubmV0Ok1BSUxUTzprd2F0c2VuQGp1bmlwZXIubmV0DQpBVFRFTkRF RTtST0xFPVJFUS1QQVJUSUNJUEFOVDtQQVJUU1RBVD1ORUVEUy1BQ1RJT047UlNWUD1UUlVFO0NO PWFuaW1hLWJvb3QNCiBzdHJhcEBpZXRmLm9yZzpNQUlMVE86YW5pbWEtYm9vdHN0cmFwQGlldGYu b3JnDQpERVNDUklQVElPTjtMQU5HVUFHRT1lbi1VUzpPdXRsb29rIGludml0ZSBmb3IgbmV3IHNl cmllcyB3aXRoIElFVEYgV2ViZXggc2UNCiB0IHVwIGJ5IE1pY2hhZWwgUmljaGFyZHNvbi5cblxu XG5UaW1lOlxuICBXZWVrbHlcLCBUaHVyc2RheVwsIDE2MDBVVEMuXG5cbg0KIFxuRXRoZXJwYWQ6 XG4gICBodHRwOi8vZXRoZXJwYWQudG9vbHMuaWV0Zi5vcmc6OTAwMC9wL2FuaW1hLWJvb3N0cmFw cGluZz91DQogc2VNb25vc3BhY2VGb250PXRydWVcbiAgIChub3RlIHR5cG8gaW4gYm9vc3RyYXBw aW5nKVxuXG5cbmlDYWw6XG4gIGh0dHBzOi8NCiAvY2FsZW5kYXIuZ29vZ2xlLmNvbS9jYWxlbmRh ci9ldmVudD9hY3Rpb249VEVNUExBVEUmdG1laWQ9TUhSMGFqUnRiRE0yTW5VMQ0KIE5tVTJZVzlv Y1d0ck5HWTJaRzlmTWpBeE5URXlNVEJVTVRZd01EQXdXaUJ0WTJoaGNteGxjM0pBYlEmdG1zcmM9 bWNoYXJsZXNyDQogJTQwZ21haWwuY29tXG5cblxuXG5cbldlYmV4IHNldCB1cCBieSBNaWNoYWVs IFJpY2hhcmRzb24gPG1jcitJRVRGQHNhbmRlbG0NCiBhbi5jYT46XG5cbkRpYWxpbjpcbiAgaHR0 cHM6Ly9pZXRmLndlYmV4LmNvbS9pZXRmL2oucGhwP01USUQ9bTA5Y2U3NmZiN2U5YQ0KIGU3YWYw MTVkMzAzM2I0MmM1NGMyXG5cbiAgbWVldGluZyBudW1iZXI6ICAgNjQ5IDc3MCA3NDJcbiAgTWVl dGluZyBwYXNzd29yDQogZDogYm9vdHN0cmFwXG4gIDEtODc3LTY2OC00NDkzIENhbGwtaW4gdG9s bCBmcmVlIG51bWJlciAoVVMvQ2FuYWRhKVxuICAxLTYNCiA1MC00NzktMzIwOCBDYWxsLWluIHRv bGwgbnVtYmVyIChVUy9DYW5hZGEpXG5cbg0KUlJVTEU6RlJFUT1XRUVLTFk7SU5URVJWQUw9MTtC WURBWT1USDtXS1NUPVNVDQpTVU1NQVJZO0xBTkdVQUdFPWVuLVVTOldlZWtseSBXZWJleCBpbnZp dGUgZm9yIGFuaW1hIGJvb3RzdHJhcCB0ZWFtIG1lZXRpbmcNCkRUU1RBUlQ7VFpJRD1VVEM6MjAx NTEyMTdUMTYwMDAwDQpEVEVORDtUWklEPVVUQzoyMDE1MTIxN1QxNzAwMDANClVJRDo0QzU2QkJB NS03NUM0LTRERDYtODJCQy0xREY1Nzc3QkMyNDENCkNMQVNTOlBVQkxJQw0KUFJJT1JJVFk6NQ0K RFRTVEFNUDoyMDE1MTIxNlQwOTExNTBaDQpUUkFOU1A6T1BBUVVFDQpTVEFUVVM6Q09ORklSTUVE DQpTRVFVRU5DRTowDQpMT0NBVElPTjtMQU5HVUFHRT1lbi1VUzpJRVRGIFdlYmV4DQpYLU1JQ1JP U09GVC1DRE8tQVBQVC1TRVFVRU5DRTowDQpYLU1JQ1JPU09GVC1DRE8tT1dORVJBUFBUSUQ6MjEx MzcwMDU0MA0KWC1NSUNST1NPRlQtQ0RPLUJVU1lTVEFUVVM6VEVOVEFUSVZFDQpYLU1JQ1JPU09G VC1DRE8tSU5URU5ERURTVEFUVVM6QlVTWQ0KWC1NSUNST1NPRlQtQ0RPLUFMTERBWUVWRU5UOkZB TFNFDQpYLU1JQ1JPU09GVC1DRE8tSU1QT1JUQU5DRToxDQpYLU1JQ1JPU09GVC1DRE8tSU5TVFRZ UEU6MQ0KWC1NSUNST1NPRlQtRElTQUxMT1ctQ09VTlRFUjpGQUxTRQ0KQkVHSU46VkFMQVJNDQpE RVNDUklQVElPTjpSRU1JTkRFUg0KVFJJR0dFUjtSRUxBVEVEPVNUQVJUOi1QVDE1TQ0KQUNUSU9O OkRJU1BMQVkNCkVORDpWQUxBUk0NCkVORDpWRVZFTlQNCkVORDpWQ0FMRU5EQVINCg== --_000_71e4d7dd93594580843368a1c9bb9b93XCHRCD003ciscocom_-- From nobody Wed Dec 16 01:13:35 2015 Return-Path: X-Original-To: anima-bootstrap@ietfa.amsl.com Delivered-To: anima-bootstrap@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3D2351ACD1D for ; Wed, 16 Dec 2015 01:13:31 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -14.508 X-Spam-Level: X-Spam-Status: No, score=-14.508 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, T_RP_MATCHES_RCVD=-0.01, USER_IN_DEF_DKIM_WL=-7.5, WEIRD_PORT=0.001] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id l_dVwq6fYZyL for ; Wed, 16 Dec 2015 01:13:29 -0800 (PST) Received: from alln-iport-8.cisco.com (alln-iport-8.cisco.com [173.37.142.95]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7AB641ACCE4 for ; Wed, 16 Dec 2015 01:13:29 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=8661; q=dns/txt; s=iport; t=1450257209; x=1451466809; h=from:to:subject:date:message-id:mime-version; bh=z2V45afEZPdbVBJQ9uI64Xt5PoMXZYJOkBaJZfAF+8A=; b=HuO3nVikMjQsHmtdcR+fFMrfWOzyPTKVmCXTBlzxFpwAHmJmEf1pCC5Y tpo3dZ3dBy9ToBnfDtYzTOAN3I1l0s1Xr492Xr9Y+pT3ikxZbJr6gpeof gUu6ZoEksg4B5M9t0RhXvWCMH/C+pYd8PwZWipA5Q4RUESFfl7vfvOVQV I=; X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0BjAAAHKnFW/4sNJK1EFwOCbkxSbQaEG?= =?us-ascii?q?rhLdgENfgVgHIUSfYEbOBQBAQEBAQEBgQqENwQjQyUBDCgEDAYCBDAkAgEBAwE?= =?us-ascii?q?SCIgSAxIOO6tchTGMWAEBAQEBAQEBAQEBAQEBAQEBAQEBAQ8JjRMBgRKBdlkHg?= =?us-ascii?q?k6BSQWNb4kNAYU4iAiCLJp0AR8BAUKCER2BB09yAYNrgQgBAQE?= X-IronPort-AV: E=Sophos;i="5.20,436,1444694400"; d="scan'208,217";a="218590427" Received: from alln-core-6.cisco.com ([173.36.13.139]) by alln-iport-8.cisco.com with ESMTP/TLS/DHE-RSA-AES256-SHA; 16 Dec 2015 09:13:27 +0000 Received: from XCH-ALN-008.cisco.com (xch-aln-008.cisco.com [173.36.7.18]) by alln-core-6.cisco.com (8.14.5/8.14.5) with ESMTP id tBG9DR6B009764 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Wed, 16 Dec 2015 09:13:27 GMT Received: from xch-rcd-003.cisco.com (173.37.102.13) by XCH-ALN-008.cisco.com (173.36.7.18) with Microsoft SMTP Server (TLS) id 15.0.1104.5; Wed, 16 Dec 2015 03:13:26 -0600 Received: from xch-rcd-003.cisco.com ([173.37.102.13]) by XCH-RCD-003.cisco.com ([173.37.102.13]) with mapi id 15.00.1104.009; Wed, 16 Dec 2015 03:13:26 -0600 From: "Toerless Eckert (eckert)" To: "Max Pritikin (pritikin)" , "Jason Coleman (colemaj)" , "mcr+ietf@sandelman.ca" , "ietf@sandeep.de" , "Michael Behringer (mbehring)" , "alper.yegin@yegin.org" , "jiangsheng@huawei.com" , "leo.liubing@huawei.com" , "brian.e.carpenter@gmail.com" , "kwatsen@juniper.net" , "anima-bootstrap@ietf.org" Thread-Topic: Weekly Webex invite for anima bootstrap team meeting Thread-Index: AdE34cx1gXFHBFwsmky5Li84+1zjog== Date: Wed, 16 Dec 2015 09:13:26 +0000 Message-ID: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ms-exchange-messagesentrepresentingtype: 1 x-ms-exchange-transport-fromentityheader: Hosted x-originating-ip: [10.32.225.68] Content-Type: multipart/alternative; boundary="_000_f97cba362b6249ca939dc9eefddf6aecXCHRCD003ciscocom_" MIME-Version: 1.0 Archived-At: Subject: [Anima-bootstrap] Weekly Webex invite for anima bootstrap team meeting X-BeenThere: anima-bootstrap@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Mailing list for the bootstrap design team of the ANIMA WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 16 Dec 2015 09:13:31 -0000 --_000_f97cba362b6249ca939dc9eefddf6aecXCHRCD003ciscocom_ Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Outlook invite for new series with IETF Webex set up by Michael Richardson. Time: Weekly, Thursday, 1600UTC. Etherpad: http://etherpad.tools.ietf.org:9000/p/anima-boostrapping?useMonospaceFon= t=3Dtrue (note typo in boostrapping) iCal: https://calendar.google.com/calendar/event?action=3DTEMPLATE&tmeid=3DMHR0= ajRtbDM2MnU1NmU2YW9ocWtrNGY2ZG9fMjAxNTEyMTBUMTYwMDAwWiBtY2hhcmxlc3JAbQ&tmsr= c=3Dmcharlesr%40gmail.com Webex set up by Michael Richardson : Dialin: https://ietf.webex.com/ietf/j.php?MTID=3Dm09ce76fb7e9ae7af015d3033b42c54c= 2 meeting number: 649 770 742 Meeting password: bootstrap 1-877-668-4493 Call-in toll free number (US/Canada) 1-650-479-3208 Call-in toll number (US/Canada) --_000_f97cba362b6249ca939dc9eefddf6aecXCHRCD003ciscocom_ Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable
Outlook invite for new series with IETF Webex set up by Michael Richar= dson.

Time= :

Week= ly, Thursday, 1600UTC.


Ethe= rpad:

http= ://etherpad.tools.ietf.org:9000/p/anima-boostrapping?useMonospaceFont=3Dtru= e

(not= e typo in boostrapping)


iCal= :

http= s://calendar.google.com/calendar/event?action=3DTEMPLATE&tmeid=3DMHR0aj= RtbDM2MnU1NmU2YW9ocWtrNGY2ZG9fMjAxNTEyMTBUMTYwMDAwWiBtY2hhcmxlc3JAbQ&tm= src=3Dmcharlesr%40gmail.com



Webe= x set up by Michael Richardson :

Dial= in:

http= s://ietf.webex.com/ietf/j.php?MTID=3Dm09ce76fb7e9ae7af015d3033b42c54c2

meet= ing number: 649 770 742

Meet= ing password: bootstrap

1-87= 7-668-4493 Call-in toll free number (US/Canada)

1-65= 0-479-3208 Call-in toll number (US/Canada)


--_000_f97cba362b6249ca939dc9eefddf6aecXCHRCD003ciscocom_ Content-Type: text/calendar; charset="utf-8"; method=REQUEST Content-Transfer-Encoding: base64 QkVHSU46VkNBTEVOREFSDQpNRVRIT0Q6UkVRVUVTVA0KUFJPRElEOk1pY3Jvc29mdCBFeGNoYW5n ZSBTZXJ2ZXIgMjAxMA0KVkVSU0lPTjoyLjANCkJFR0lOOlZUSU1FWk9ORQ0KVFpJRDpVVEMNCkJF R0lOOlNUQU5EQVJEDQpEVFNUQVJUOjE2MDEwMTAxVDAwMDAwMA0KVFpPRkZTRVRGUk9NOiswMDAw DQpUWk9GRlNFVFRPOiswMDAwDQpFTkQ6U1RBTkRBUkQNCkJFR0lOOkRBWUxJR0hUDQpEVFNUQVJU OjE2MDEwMTAxVDAwMDAwMA0KVFpPRkZTRVRGUk9NOiswMDAwDQpUWk9GRlNFVFRPOiswMDAwDQpF TkQ6REFZTElHSFQNCkVORDpWVElNRVpPTkUNCkJFR0lOOlZFVkVOVA0KT1JHQU5JWkVSO0NOPVRv ZXJsZXNzIEVja2VydCAoZWNrZXJ0KTpNQUlMVE86ZWNrZXJ0QGNpc2NvLmNvbQ0KQVRURU5ERUU7 Uk9MRT1SRVEtUEFSVElDSVBBTlQ7UEFSVFNUQVQ9TkVFRFMtQUNUSU9OO1JTVlA9VFJVRTtDTj1N YXggUHJpdGlrDQogaW4gKHByaXRpa2luKTpNQUlMVE86cHJpdGlraW5AY2lzY28uY29tDQpBVFRF TkRFRTtST0xFPVJFUS1QQVJUSUNJUEFOVDtQQVJUU1RBVD1ORUVEUy1BQ1RJT047UlNWUD1UUlVF O0NOPUphc29uIENvbGUNCiBtYW4gKGNvbGVtYWopOk1BSUxUTzpjb2xlbWFqQGNpc2NvLmNvbQ0K QVRURU5ERUU7Uk9MRT1SRVEtUEFSVElDSVBBTlQ7UEFSVFNUQVQ9TkVFRFMtQUNUSU9OO1JTVlA9 VFJVRTtDTj1tY3IraWV0ZkBzDQogYW5kZWxtYW4uY2E6TUFJTFRPOm1jcitpZXRmQHNhbmRlbG1h bi5jYQ0KQVRURU5ERUU7Uk9MRT1SRVEtUEFSVElDSVBBTlQ7UEFSVFNUQVQ9TkVFRFMtQUNUSU9O O1JTVlA9VFJVRTtDTj1pZXRmQHNhbmRlDQogZXAuZGU6TUFJTFRPOmlldGZAc2FuZGVlcC5kZQ0K QVRURU5ERUU7Uk9MRT1SRVEtUEFSVElDSVBBTlQ7UEFSVFNUQVQ9TkVFRFMtQUNUSU9OO1JTVlA9 VFJVRTtDTj1NaWNoYWVsIEJlDQogaHJpbmdlciAobWJlaHJpbmcpOk1BSUxUTzptYmVocmluZ0Bj aXNjby5jb20NCkFUVEVOREVFO1JPTEU9UkVRLVBBUlRJQ0lQQU5UO1BBUlRTVEFUPU5FRURTLUFD VElPTjtSU1ZQPVRSVUU7Q049YWxwZXIueWVnaQ0KIG5AeWVnaW4ub3JnOk1BSUxUTzphbHBlci55 ZWdpbkB5ZWdpbi5vcmcNCkFUVEVOREVFO1JPTEU9UkVRLVBBUlRJQ0lQQU5UO1BBUlRTVEFUPU5F RURTLUFDVElPTjtSU1ZQPVRSVUU7Q049amlhbmdzaGVuZw0KIEBodWF3ZWkuY29tOk1BSUxUTzpq aWFuZ3NoZW5nQGh1YXdlaS5jb20NCkFUVEVOREVFO1JPTEU9UkVRLVBBUlRJQ0lQQU5UO1BBUlRT VEFUPU5FRURTLUFDVElPTjtSU1ZQPVRSVUU7Q049bGVvLmxpdWJpbg0KIGdAaHVhd2VpLmNvbTpN QUlMVE86bGVvLmxpdWJpbmdAaHVhd2VpLmNvbQ0KQVRURU5ERUU7Uk9MRT1SRVEtUEFSVElDSVBB TlQ7UEFSVFNUQVQ9TkVFRFMtQUNUSU9OO1JTVlA9VFJVRTtDTj1icmlhbi5lLmNhDQogcnBlbnRl ckBnbWFpbC5jb206TUFJTFRPOmJyaWFuLmUuY2FycGVudGVyQGdtYWlsLmNvbQ0KQVRURU5ERUU7 Uk9MRT1SRVEtUEFSVElDSVBBTlQ7UEFSVFNUQVQ9TkVFRFMtQUNUSU9OO1JTVlA9VFJVRTtDTj1r d2F0c2VuQGp1DQogbmlwZXIubmV0Ok1BSUxUTzprd2F0c2VuQGp1bmlwZXIubmV0DQpBVFRFTkRF RTtST0xFPVJFUS1QQVJUSUNJUEFOVDtQQVJUU1RBVD1ORUVEUy1BQ1RJT047UlNWUD1UUlVFO0NO PWFuaW1hLWJvb3QNCiBzdHJhcEBpZXRmLm9yZzpNQUlMVE86YW5pbWEtYm9vdHN0cmFwQGlldGYu b3JnDQpERVNDUklQVElPTjtMQU5HVUFHRT1lbi1VUzpPdXRsb29rIGludml0ZSBmb3IgbmV3IHNl cmllcyB3aXRoIElFVEYgV2ViZXggc2UNCiB0IHVwIGJ5IE1pY2hhZWwgUmljaGFyZHNvbi5cblxu XG5UaW1lOlxuICBXZWVrbHlcLCBUaHVyc2RheVwsIDE2MDBVVEMuXG5cbg0KIFxuRXRoZXJwYWQ6 XG4gICBodHRwOi8vZXRoZXJwYWQudG9vbHMuaWV0Zi5vcmc6OTAwMC9wL2FuaW1hLWJvb3N0cmFw cGluZz91DQogc2VNb25vc3BhY2VGb250PXRydWVcbiAgIChub3RlIHR5cG8gaW4gYm9vc3RyYXBw aW5nKVxuXG5cbmlDYWw6XG4gIGh0dHBzOi8NCiAvY2FsZW5kYXIuZ29vZ2xlLmNvbS9jYWxlbmRh ci9ldmVudD9hY3Rpb249VEVNUExBVEUmdG1laWQ9TUhSMGFqUnRiRE0yTW5VMQ0KIE5tVTJZVzlv Y1d0ck5HWTJaRzlmTWpBeE5URXlNVEJVTVRZd01EQXdXaUJ0WTJoaGNteGxjM0pBYlEmdG1zcmM9 bWNoYXJsZXNyDQogJTQwZ21haWwuY29tXG5cblxuXG5cbldlYmV4IHNldCB1cCBieSBNaWNoYWVs IFJpY2hhcmRzb24gPG1jcitJRVRGQHNhbmRlbG0NCiBhbi5jYT46XG5cbkRpYWxpbjpcbiAgaHR0 cHM6Ly9pZXRmLndlYmV4LmNvbS9pZXRmL2oucGhwP01USUQ9bTA5Y2U3NmZiN2U5YQ0KIGU3YWYw MTVkMzAzM2I0MmM1NGMyXG5cbiAgbWVldGluZyBudW1iZXI6ICAgNjQ5IDc3MCA3NDJcbiAgTWVl dGluZyBwYXNzd29yDQogZDogYm9vdHN0cmFwXG4gIDEtODc3LTY2OC00NDkzIENhbGwtaW4gdG9s bCBmcmVlIG51bWJlciAoVVMvQ2FuYWRhKVxuICAxLTYNCiA1MC00NzktMzIwOCBDYWxsLWluIHRv bGwgbnVtYmVyIChVUy9DYW5hZGEpXG5cbg0KUlJVTEU6RlJFUT1XRUVLTFk7SU5URVJWQUw9MTtC WURBWT1USDtXS1NUPVNVDQpTVU1NQVJZO0xBTkdVQUdFPWVuLVVTOldlZWtseSBXZWJleCBpbnZp dGUgZm9yIGFuaW1hIGJvb3RzdHJhcCB0ZWFtIG1lZXRpbmcNCkRUU1RBUlQ7VFpJRD1VVEM6MjAx NTEyMTdUMTYwMDAwDQpEVEVORDtUWklEPVVUQzoyMDE1MTIxN1QxNzAwMDANClVJRDo0QzU2QkJB NS03NUM0LTRERDYtODJCQy0xREY1Nzc3QkMyNDENCkNMQVNTOlBVQkxJQw0KUFJJT1JJVFk6NQ0K RFRTVEFNUDoyMDE1MTIxNlQwOTEzMjZaDQpUUkFOU1A6T1BBUVVFDQpTVEFUVVM6Q09ORklSTUVE DQpTRVFVRU5DRToxDQpMT0NBVElPTjtMQU5HVUFHRT1lbi1VUzpJRVRGIFdlYmV4DQpYLU1JQ1JP U09GVC1DRE8tQVBQVC1TRVFVRU5DRToxDQpYLU1JQ1JPU09GVC1DRE8tT1dORVJBUFBUSUQ6MjEx MzcwMDU0MA0KWC1NSUNST1NPRlQtQ0RPLUJVU1lTVEFUVVM6VEVOVEFUSVZFDQpYLU1JQ1JPU09G VC1DRE8tSU5URU5ERURTVEFUVVM6QlVTWQ0KWC1NSUNST1NPRlQtQ0RPLUFMTERBWUVWRU5UOkZB TFNFDQpYLU1JQ1JPU09GVC1DRE8tSU1QT1JUQU5DRToxDQpYLU1JQ1JPU09GVC1DRE8tSU5TVFRZ UEU6MQ0KWC1NSUNST1NPRlQtRElTQUxMT1ctQ09VTlRFUjpGQUxTRQ0KQkVHSU46VkFMQVJNDQpE RVNDUklQVElPTjpSRU1JTkRFUg0KVFJJR0dFUjtSRUxBVEVEPVNUQVJUOi1QVDE1TQ0KQUNUSU9O OkRJU1BMQVkNCkVORDpWQUxBUk0NCkVORDpWRVZFTlQNCkVORDpWQ0FMRU5EQVINCg== --_000_f97cba362b6249ca939dc9eefddf6aecXCHRCD003ciscocom_-- From nobody Wed Dec 16 01:23:49 2015 Return-Path: X-Original-To: anima-bootstrap@ietfa.amsl.com Delivered-To: anima-bootstrap@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 998F31ACD58 for ; Wed, 16 Dec 2015 01:23:47 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -14.508 X-Spam-Level: X-Spam-Status: No, score=-14.508 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, T_RP_MATCHES_RCVD=-0.01, USER_IN_DEF_DKIM_WL=-7.5, WEIRD_PORT=0.001] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Ck17gVpYaK8p for ; Wed, 16 Dec 2015 01:23:46 -0800 (PST) Received: from alln-iport-3.cisco.com (alln-iport-3.cisco.com [173.37.142.90]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 189481ACD3A for ; Wed, 16 Dec 2015 01:23:46 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=9270; q=dns/txt; s=iport; t=1450257826; x=1451467426; h=from:to:subject:date:message-id:mime-version; bh=ptkF3yQUf5I4pvuGXxv9OU10DdD5+tNqjJeR8d65kWo=; b=LfXtiLgSPnkzx3kLgpeeCl5MbhWTLM9MuDy8D29GsanMbQREpa7rjmGB fc6DlA6IgLXBlA3bGdsUnxnVxDCwjSvnkuf1Hd+7R7ceC5SGdt1tjDjht EW+9MOfDqkzeOEWNrlR/vWIqEKuPQamKJx/tMrg5cnOhgEaL+q4bj6u0F U=; X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0B7AADbLHFW/4oNJK1EFwOCbkxSbQaEG?= =?us-ascii?q?rhLdgENfgVgHIUSfYETOBQBAQEBAQEBgQqENwQjQyUBDCgEDAYCBDAkAgEBAwE?= =?us-ascii?q?SCIgSAxIOO6tahTGMXgEBAQEBAQEBAgEBAQEBAQEBAREJjRMBgRKBdlkHgk6BS?= =?us-ascii?q?QWNb4kNAYU4iAiCLJp0AR8BAUKCER2BB09yAYQIgQgBAQE?= X-IronPort-AV: E=Sophos;i="5.20,436,1444694400"; d="scan'208,217";a="218051271" Received: from alln-core-5.cisco.com ([173.36.13.138]) by alln-iport-3.cisco.com with ESMTP/TLS/DHE-RSA-AES256-SHA; 16 Dec 2015 09:23:45 +0000 Received: from XCH-ALN-014.cisco.com (xch-aln-014.cisco.com [173.36.7.24]) by alln-core-5.cisco.com (8.14.5/8.14.5) with ESMTP id tBG9Njle013371 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Wed, 16 Dec 2015 09:23:45 GMT Received: from xch-rcd-003.cisco.com (173.37.102.13) by XCH-ALN-014.cisco.com (173.36.7.24) with Microsoft SMTP Server (TLS) id 15.0.1104.5; Wed, 16 Dec 2015 03:23:44 -0600 Received: from xch-rcd-003.cisco.com ([173.37.102.13]) by XCH-RCD-003.cisco.com ([173.37.102.13]) with mapi id 15.00.1104.009; Wed, 16 Dec 2015 03:23:44 -0600 From: "Toerless Eckert (eckert)" To: "Max Pritikin (pritikin)" , "Jason Coleman (colemaj)" , "mcr+ietf@sandelman.ca" , "ietf@sandeep.de" , "Michael Behringer (mbehring)" , "alper.yegin@yegin.org" , "jiangsheng@huawei.com" , "leo.liubing@huawei.com" , "brian.e.carpenter@gmail.com" , "kwatsen@juniper.net" , "anima-bootstrap@ietf.org" Thread-Topic: Weekly Webex invite for anima bootstrap team meeting Thread-Index: AdE34cx1gXFHBFwsmky5Li84+1zjog== Date: Wed, 16 Dec 2015 09:23:44 +0000 Message-ID: <8238f61757244baab368c036b2033ceb@XCH-RCD-003.cisco.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ms-exchange-messagesentrepresentingtype: 1 x-ms-exchange-transport-fromentityheader: Hosted x-originating-ip: [10.32.225.68] Content-Type: multipart/alternative; boundary="_000_8238f61757244baab368c036b2033cebXCHRCD003ciscocom_" MIME-Version: 1.0 Archived-At: Subject: [Anima-bootstrap] Weekly Webex invite for anima bootstrap team meeting X-BeenThere: anima-bootstrap@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Mailing list for the bootstrap design team of the ANIMA WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 16 Dec 2015 09:23:47 -0000 --_000_8238f61757244baab368c036b2033cebXCHRCD003ciscocom_ Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Added URL for non-US dialin numbers to the webex. Outlook invite for new series with IETF Webex set up by Michael Richardson. Time: Weekly, Thursday, 1600UTC. Etherpad: http://etherpad.tools.ietf.org:9000/p/anima-boostrapping?useMonospaceFon= t=3Dtrue (note typo in boostrapping) iCal: https://calendar.google.com/calendar/event?action=3DTEMPLATE&tmeid=3DMHR0= ajRtbDM2MnU1NmU2YW9ocWtrNGY2ZG9fMjAxNTEyMTBUMTYwMDAwWiBtY2hhcmxlc3JAbQ&tmsr= c=3Dmcharlesr%40gmail.com Webex set up by Michael Richardson : Dialin: https://ietf.webex.com/ietf/j.php?MTID=3Dm09ce76fb7e9ae7af015d3033b42c54c= 2 meeting number: 649 770 742 Meeting password: bootstrap 1-877-668-4493 Call-in toll free number (US/Canada) 1-650-479-3208 Call-in toll number (US/Canada) More global dialin numbers: https://ietf.webex.com/ietf/globalcallin.php --_000_8238f61757244baab368c036b2033cebXCHRCD003ciscocom_ Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable
Added URL for non-US dialin numbers to the webex.
Outlook invite for new series with IETF Webex set up by Michael Richar= dson.

Time= :

Week= ly, Thursday, 1600UTC.


Ethe= rpad:

http= ://etherpad.tools.ietf.org:9000/p/anima-boostrapping?useMonospaceFont=3Dtru= e

(not= e typo in boostrapping)


iCal= :

http= s://calendar.google.com/calendar/event?action=3DTEMPLATE&tmeid=3DMHR0aj= RtbDM2MnU1NmU2YW9ocWtrNGY2ZG9fMjAxNTEyMTBUMTYwMDAwWiBtY2hhcmxlc3JAbQ&tm= src=3Dmcharlesr%40gmail.com



Webe= x set up by Michael Richardson :

Dial= in:

http= s://ietf.webex.com/ietf/j.php?MTID=3Dm09ce76fb7e9ae7af015d3033b42c54c2

meet= ing number: 649 770 742

Meet= ing password: bootstrap

1-87= 7-668-4493 Call-in toll free number (US/Canada)

1-65= 0-479-3208 Call-in toll number (US/Canada)

More= global dialin numbers:

http= s://ietf.webex.com/ietf/globalcallin.php


--_000_8238f61757244baab368c036b2033cebXCHRCD003ciscocom_ Content-Type: text/calendar; charset="utf-8"; method=REQUEST Content-Transfer-Encoding: base64 QkVHSU46VkNBTEVOREFSDQpNRVRIT0Q6UkVRVUVTVA0KUFJPRElEOk1pY3Jvc29mdCBFeGNoYW5n ZSBTZXJ2ZXIgMjAxMA0KVkVSU0lPTjoyLjANCkJFR0lOOlZUSU1FWk9ORQ0KVFpJRDpVVEMNCkJF R0lOOlNUQU5EQVJEDQpEVFNUQVJUOjE2MDEwMTAxVDAwMDAwMA0KVFpPRkZTRVRGUk9NOiswMDAw DQpUWk9GRlNFVFRPOiswMDAwDQpFTkQ6U1RBTkRBUkQNCkJFR0lOOkRBWUxJR0hUDQpEVFNUQVJU OjE2MDEwMTAxVDAwMDAwMA0KVFpPRkZTRVRGUk9NOiswMDAwDQpUWk9GRlNFVFRPOiswMDAwDQpF TkQ6REFZTElHSFQNCkVORDpWVElNRVpPTkUNCkJFR0lOOlZFVkVOVA0KT1JHQU5JWkVSO0NOPVRv ZXJsZXNzIEVja2VydCAoZWNrZXJ0KTpNQUlMVE86ZWNrZXJ0QGNpc2NvLmNvbQ0KQVRURU5ERUU7 Uk9MRT1SRVEtUEFSVElDSVBBTlQ7UEFSVFNUQVQ9TkVFRFMtQUNUSU9OO1JTVlA9VFJVRTtDTj1N YXggUHJpdGlrDQogaW4gKHByaXRpa2luKTpNQUlMVE86cHJpdGlraW5AY2lzY28uY29tDQpBVFRF TkRFRTtST0xFPVJFUS1QQVJUSUNJUEFOVDtQQVJUU1RBVD1ORUVEUy1BQ1RJT047UlNWUD1UUlVF O0NOPUphc29uIENvbGUNCiBtYW4gKGNvbGVtYWopOk1BSUxUTzpjb2xlbWFqQGNpc2NvLmNvbQ0K QVRURU5ERUU7Uk9MRT1SRVEtUEFSVElDSVBBTlQ7UEFSVFNUQVQ9TkVFRFMtQUNUSU9OO1JTVlA9 VFJVRTtDTj1tY3IraWV0ZkBzDQogYW5kZWxtYW4uY2E6TUFJTFRPOm1jcitpZXRmQHNhbmRlbG1h bi5jYQ0KQVRURU5ERUU7Uk9MRT1SRVEtUEFSVElDSVBBTlQ7UEFSVFNUQVQ9TkVFRFMtQUNUSU9O O1JTVlA9VFJVRTtDTj1pZXRmQHNhbmRlDQogZXAuZGU6TUFJTFRPOmlldGZAc2FuZGVlcC5kZQ0K QVRURU5ERUU7Uk9MRT1SRVEtUEFSVElDSVBBTlQ7UEFSVFNUQVQ9TkVFRFMtQUNUSU9OO1JTVlA9 VFJVRTtDTj1NaWNoYWVsIEJlDQogaHJpbmdlciAobWJlaHJpbmcpOk1BSUxUTzptYmVocmluZ0Bj aXNjby5jb20NCkFUVEVOREVFO1JPTEU9UkVRLVBBUlRJQ0lQQU5UO1BBUlRTVEFUPU5FRURTLUFD VElPTjtSU1ZQPVRSVUU7Q049YWxwZXIueWVnaQ0KIG5AeWVnaW4ub3JnOk1BSUxUTzphbHBlci55 ZWdpbkB5ZWdpbi5vcmcNCkFUVEVOREVFO1JPTEU9UkVRLVBBUlRJQ0lQQU5UO1BBUlRTVEFUPU5F RURTLUFDVElPTjtSU1ZQPVRSVUU7Q049amlhbmdzaGVuZw0KIEBodWF3ZWkuY29tOk1BSUxUTzpq aWFuZ3NoZW5nQGh1YXdlaS5jb20NCkFUVEVOREVFO1JPTEU9UkVRLVBBUlRJQ0lQQU5UO1BBUlRT VEFUPU5FRURTLUFDVElPTjtSU1ZQPVRSVUU7Q049bGVvLmxpdWJpbg0KIGdAaHVhd2VpLmNvbTpN QUlMVE86bGVvLmxpdWJpbmdAaHVhd2VpLmNvbQ0KQVRURU5ERUU7Uk9MRT1SRVEtUEFSVElDSVBB TlQ7UEFSVFNUQVQ9TkVFRFMtQUNUSU9OO1JTVlA9VFJVRTtDTj1icmlhbi5lLmNhDQogcnBlbnRl ckBnbWFpbC5jb206TUFJTFRPOmJyaWFuLmUuY2FycGVudGVyQGdtYWlsLmNvbQ0KQVRURU5ERUU7 Uk9MRT1SRVEtUEFSVElDSVBBTlQ7UEFSVFNUQVQ9TkVFRFMtQUNUSU9OO1JTVlA9VFJVRTtDTj1r d2F0c2VuQGp1DQogbmlwZXIubmV0Ok1BSUxUTzprd2F0c2VuQGp1bmlwZXIubmV0DQpBVFRFTkRF RTtST0xFPVJFUS1QQVJUSUNJUEFOVDtQQVJUU1RBVD1ORUVEUy1BQ1RJT047UlNWUD1UUlVFO0NO PWFuaW1hLWJvb3QNCiBzdHJhcEBpZXRmLm9yZzpNQUlMVE86YW5pbWEtYm9vdHN0cmFwQGlldGYu b3JnDQpERVNDUklQVElPTjtMQU5HVUFHRT1lbi1VUzpBZGRlZCBVUkwgZm9yIG5vbi1VUyBkaWFs aW4gbnVtYmVycyB0byB0aGUgd2ViZXgNCiAuXG5PdXRsb29rIGludml0ZSBmb3IgbmV3IHNlcmll cyB3aXRoIElFVEYgV2ViZXggc2V0IHVwIGJ5IE1pY2hhZWwgUmljaGFyZA0KIHNvbi5cblxuXG5U aW1lOlxuICBXZWVrbHlcLCBUaHVyc2RheVwsIDE2MDBVVEMuXG5cblxuRXRoZXJwYWQ6XG4gICBo dHRwOi8vDQogZXRoZXJwYWQudG9vbHMuaWV0Zi5vcmc6OTAwMC9wL2FuaW1hLWJvb3N0cmFwcGlu Zz91c2VNb25vc3BhY2VGb250PXRydWVcbiANCiAgIChub3RlIHR5cG8gaW4gYm9vc3RyYXBwaW5n KVxuXG5cbmlDYWw6XG4gIGh0dHBzOi8vY2FsZW5kYXIuZ29vZ2xlLmNvbS9jYQ0KIGxlbmRhci9l dmVudD9hY3Rpb249VEVNUExBVEUmdG1laWQ9TUhSMGFqUnRiRE0yTW5VMU5tVTJZVzlvY1d0ck5H WTJaRzlmTWpBDQogeE5URXlNVEJVTVRZd01EQXdXaUJ0WTJoaGNteGxjM0pBYlEmdG1zcmM9bWNo YXJsZXNyJTQwZ21haWwuY29tXG5cblxuXG5cblcNCiBlYmV4IHNldCB1cCBieSBNaWNoYWVsIFJp Y2hhcmRzb24gPG1jcitJRVRGQHNhbmRlbG1hbi5jYT46XG5cbkRpYWxpbjpcbiAgaA0KIHR0cHM6 Ly9pZXRmLndlYmV4LmNvbS9pZXRmL2oucGhwP01USUQ9bTA5Y2U3NmZiN2U5YWU3YWYwMTVkMzAz M2I0MmM1NGMyXG5cDQogbiAgbWVldGluZyBudW1iZXI6ICAgNjQ5IDc3MCA3NDJcbiAgTWVldGlu ZyBwYXNzd29yZDogYm9vdHN0cmFwXG4gIDEtODc3LTYNCiA2OC00NDkzIENhbGwtaW4gdG9sbCBm cmVlIG51bWJlciAoVVMvQ2FuYWRhKVxuICAxLTY1MC00NzktMzIwOCBDYWxsLWluIHRvbA0KIGwg bnVtYmVyIChVUy9DYW5hZGEpXG4gIE1vcmUgZ2xvYmFsIGRpYWxpbiBudW1iZXJzOlxuICBodHRw czovL2lldGYud2ViZXguDQogY29tL2lldGYvZ2xvYmFsY2FsbGluLnBocFxuXG4NClJSVUxFOkZS RVE9V0VFS0xZO0lOVEVSVkFMPTE7QllEQVk9VEg7V0tTVD1TVQ0KU1VNTUFSWTtMQU5HVUFHRT1l bi1VUzpXZWVrbHkgV2ViZXggaW52aXRlIGZvciBhbmltYSBib290c3RyYXAgdGVhbSBtZWV0aW5n DQpEVFNUQVJUO1RaSUQ9VVRDOjIwMTUxMjE3VDE2MDAwMA0KRFRFTkQ7VFpJRD1VVEM6MjAxNTEy MTdUMTcwMDAwDQpVSUQ6NEM1NkJCQTUtNzVDNC00REQ2LTgyQkMtMURGNTc3N0JDMjQxDQpDTEFT UzpQVUJMSUMNClBSSU9SSVRZOjUNCkRUU1RBTVA6MjAxNTEyMTZUMDkyMzQ0Wg0KVFJBTlNQOk9Q QVFVRQ0KU1RBVFVTOkNPTkZJUk1FRA0KU0VRVUVOQ0U6Mg0KTE9DQVRJT047TEFOR1VBR0U9ZW4t VVM6SUVURiBXZWJleA0KWC1NSUNST1NPRlQtQ0RPLUFQUFQtU0VRVUVOQ0U6Mg0KWC1NSUNST1NP RlQtQ0RPLU9XTkVSQVBQVElEOjIxMTM3MDA1NDANClgtTUlDUk9TT0ZULUNETy1CVVNZU1RBVFVT OlRFTlRBVElWRQ0KWC1NSUNST1NPRlQtQ0RPLUlOVEVOREVEU1RBVFVTOkJVU1kNClgtTUlDUk9T T0ZULUNETy1BTExEQVlFVkVOVDpGQUxTRQ0KWC1NSUNST1NPRlQtQ0RPLUlNUE9SVEFOQ0U6MQ0K WC1NSUNST1NPRlQtQ0RPLUlOU1RUWVBFOjENClgtTUlDUk9TT0ZULURJU0FMTE9XLUNPVU5URVI6 RkFMU0UNCkJFR0lOOlZBTEFSTQ0KREVTQ1JJUFRJT046UkVNSU5ERVINClRSSUdHRVI7UkVMQVRF RD1TVEFSVDotUFQxNU0NCkFDVElPTjpESVNQTEFZDQpFTkQ6VkFMQVJNDQpFTkQ6VkVWRU5UDQpF TkQ6VkNBTEVOREFSDQo= --_000_8238f61757244baab368c036b2033cebXCHRCD003ciscocom_-- From nobody Wed Dec 16 01:25:10 2015 Return-Path: X-Original-To: anima-bootstrap@ietfa.amsl.com Delivered-To: anima-bootstrap@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0E8691ACD5F for ; Wed, 16 Dec 2015 01:25:08 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -14.51 X-Spam-Level: X-Spam-Status: No, score=-14.51 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, T_RP_MATCHES_RCVD=-0.01, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NbUZ7ZHWnC1x for ; Wed, 16 Dec 2015 01:25:07 -0800 (PST) Received: from rcdn-iport-2.cisco.com (rcdn-iport-2.cisco.com [173.37.86.73]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DB1F11ACD2A for ; Wed, 16 Dec 2015 01:25:06 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=176; q=dns/txt; s=iport; t=1450257906; x=1451467506; h=date:from:to:subject:message-id:mime-version; bh=jQR2zkDekQpRmE333h7TyjyIjTPAmvzfOUJ26v56eGQ=; b=gC6HuLUwnf09cRjkK/jjEMYs0GQqOwFlEJkQAtaw6rktEVSkWjZ2RHSi pihbYdXRRU/ALQxWrez8RtxQoBUlmkHZPioDxa8yvis7Q1wMYQaWOsIzn gtywTbEvo5CZQ9zUyaVC3bJ+7ksbxrcpQO408Lqr2eEYFyjHcPc/iZUjH I=; X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0D6AQBLLXFW/49dJa1egzpSbb1hAQ2BY?= =?us-ascii?q?yGHHDgUAQEBAQEBAYEKhHV7NAVJiEIOnCehfwEBAQEBAQQBAQEBAQEBARcElRM?= =?us-ascii?q?FjiyIUIU5iAYJnRofAQFChCUdNYUQAQEB?= X-IronPort-AV: E=Sophos;i="5.20,436,1444694400"; d="scan'208";a="58802032" Received: from rcdn-core-7.cisco.com ([173.37.93.143]) by rcdn-iport-2.cisco.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 16 Dec 2015 09:25:06 +0000 Received: from mcast-linux1.cisco.com (mcast-linux1.cisco.com [172.27.244.121]) by rcdn-core-7.cisco.com (8.14.5/8.14.5) with ESMTP id tBG9P5jW029451 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Wed, 16 Dec 2015 09:25:05 GMT Received: from mcast-linux1.cisco.com (localhost.cisco.com [127.0.0.1]) by mcast-linux1.cisco.com (8.13.8/8.13.8) with ESMTP id tBG9P5Gd003026 for ; Wed, 16 Dec 2015 01:25:05 -0800 Received: (from eckert@localhost) by mcast-linux1.cisco.com (8.13.8/8.13.8/Submit) id tBG9P50w003025 for anima-bootstrap@ietf.org; Wed, 16 Dec 2015 01:25:05 -0800 Date: Wed, 16 Dec 2015 01:25:05 -0800 From: Toerless Eckert To: anima-bootstrap Message-ID: <20151216092505.GY29056@cisco.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.4.2.2i Archived-At: Subject: [Anima-bootstrap] [anima-bootstrap] Recurring meeting X-BeenThere: anima-bootstrap@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Mailing list for the bootstrap design team of the ANIMA WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 16 Dec 2015 09:25:08 -0000 Updated ANIMA bootstrap wiki and sent out outlook invite for new regular anima-bootstrap weekly meeting time. See https://trac.tools.ietf.org/wg/anima/trac/wiki/Bootstrap From nobody Wed Dec 16 06:20:03 2015 Return-Path: X-Original-To: anima-bootstrap@ietfa.amsl.com Delivered-To: anima-bootstrap@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3FCE51B2DB2 for ; Wed, 16 Dec 2015 06:20:02 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.611 X-Spam-Level: X-Spam-Status: No, score=-2.611 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IqPzuLK3FzfF for ; Wed, 16 Dec 2015 06:19:58 -0800 (PST) Received: from tuna.sandelman.ca (tuna.sandelman.ca [209.87.249.19]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 20D6A1B2DBE for ; Wed, 16 Dec 2015 06:19:58 -0800 (PST) Received: from sandelman.ca (obiwan.sandelman.ca [209.87.249.21]) by tuna.sandelman.ca (Postfix) with ESMTP id BACD2200A3; Wed, 16 Dec 2015 09:25:57 -0500 (EST) Received: from obiwan.sandelman.ca (localhost [127.0.0.1]) by sandelman.ca (Postfix) with ESMTP id E40F963797; Wed, 16 Dec 2015 09:19:56 -0500 (EST) From: Michael Richardson To: "Toerless Eckert \(eckert\)" In-Reply-To: References: X-Mailer: MH-E 8.6; nmh 1.6+dev; GNU Emacs 24.4.2 X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m Archived-At: Cc: "ietf@sandeep.de" , "Max Pritikin \(pritikin\)" , "alper.yegin@yegin.org" , "Michael Behringer \(mbehring\)" , "anima-bootstrap@ietf.org" , "leo.liubing@huawei.com" , "kwatsen@juniper.net" , "Jason Coleman \(colemaj\)" , "jiangsheng@huawei.com" Subject: Re: [Anima-bootstrap] Canceled: Weekly Webex invite for anima bootstrap team meeting X-BeenThere: anima-bootstrap@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Mailing list for the bootstrap design team of the ANIMA WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 16 Dec 2015 14:20:02 -0000 Toerless Eckert (eckert) wrote: > So Wednesday 7 AM PST seems to be the best slot =E2=80=93 it fits eve= rybody > except Brian and myself, and I think I can get the other meeting > moved. Michael Richardson also mentioned that we may be on/off 1 hour > due to daylight saving times, so let me shoot the meeting invite out > here with outlook and webex, and see if this still works for everybody > else. huh? I thought we had concluded on Thursday at 11am already. -- ] Never tell me the odds! | ipv6 mesh network= s [ ] Michael Richardson, Sandelman Software Works | network architect= [ ] mcr@sandelman.ca http://www.sandelman.ca/ | ruby on rails = [ From nobody Wed Dec 16 06:40:32 2015 Return-Path: X-Original-To: anima-bootstrap@ietfa.amsl.com Delivered-To: anima-bootstrap@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id ADE271B2DE3 for ; Wed, 16 Dec 2015 06:40:30 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -14.51 X-Spam-Level: X-Spam-Status: No, score=-14.51 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, T_RP_MATCHES_RCVD=-0.01, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9UE7cIibQNdO for ; Wed, 16 Dec 2015 06:40:25 -0800 (PST) Received: from rcdn-iport-3.cisco.com (rcdn-iport-3.cisco.com [173.37.86.74]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A20E31B2DBC for ; Wed, 16 Dec 2015 06:40:23 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=994; q=dns/txt; s=iport; t=1450276823; x=1451486423; h=date:from:to:cc:subject:message-id:references: mime-version:in-reply-to; bh=uHJpZKi78FW2Q3ryVzV/aBEB1WJIBAXrMSgbt6RCSMY=; b=kiEpNxGGQTkDZVsKNzdxSh+AaJQI9w7opOqFet/ZpkatU4Y5Bk0HIC1o LvkR6UJTHNM7wa1/1duA7WDQtKrXeYstJ27byeB49b1cud7Cf+uFgvAo5 7fWb/mHPxbiMoCrAWT2NbTUdmTENIxLq29G+OxUcZyceAozeZmxoWk9wf 4=; X-IronPort-AV: E=Sophos;i="5.20,437,1444694400"; d="scan'208";a="59522591" Received: from rcdn-core-10.cisco.com ([173.37.93.146]) by rcdn-iport-3.cisco.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 16 Dec 2015 14:40:22 +0000 Received: from mcast-linux1.cisco.com (mcast-linux1.cisco.com [172.27.244.121]) by rcdn-core-10.cisco.com (8.14.5/8.14.5) with ESMTP id tBGEeMUm022340 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Wed, 16 Dec 2015 14:40:22 GMT Received: from mcast-linux1.cisco.com (localhost.cisco.com [127.0.0.1]) by mcast-linux1.cisco.com (8.13.8/8.13.8) with ESMTP id tBGEeLAV017116; Wed, 16 Dec 2015 06:40:21 -0800 Received: (from eckert@localhost) by mcast-linux1.cisco.com (8.13.8/8.13.8/Submit) id tBGEeKuW017114; Wed, 16 Dec 2015 06:40:20 -0800 Date: Wed, 16 Dec 2015 06:40:20 -0800 From: "Toerless Eckert (eckert)" To: Michael Richardson Message-ID: <20151216144020.GG29056@cisco.com> References: <18168.1450275596@obiwan.sandelman.ca> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <18168.1450275596@obiwan.sandelman.ca> User-Agent: Mutt/1.4.2.2i Archived-At: Cc: "ietf@sandeep.de" , "Max Pritikin \(pritikin\)" , "alper.yegin@yegin.org" , "Michael Behringer \(mbehring\)" , "anima-bootstrap@ietf.org" , "leo.liubing@huawei.com" , "kwatsen@juniper.net" , "Jason Coleman \(colemaj\)" , "jiangsheng@huawei.com" Subject: Re: [Anima-bootstrap] Canceled: Weekly Webex invite for anima bootstrap team meeting X-BeenThere: anima-bootstrap@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Mailing list for the bootstrap design team of the ANIMA WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 16 Dec 2015 14:40:30 -0000 Old email popping up ? I just sent out outlook, wiki update for the thursday slot. On Wed, Dec 16, 2015 at 09:19:56AM -0500, Michael Richardson wrote: > > Toerless Eckert (eckert) wrote: > > So Wednesday 7 AM PST seems to be the best slot ??? it fits everybody > > except Brian and myself, and I think I can get the other meeting > > moved. Michael Richardson also mentioned that we may be on/off 1 hour > > due to daylight saving times, so let me shoot the meeting invite out > > here with outlook and webex, and see if this still works for everybody > > else. > > huh? I thought we had concluded on Thursday at 11am already. > > -- > ] Never tell me the odds! | ipv6 mesh networks [ > ] Michael Richardson, Sandelman Software Works | network architect [ > ] mcr@sandelman.ca http://www.sandelman.ca/ | ruby on rails [ > -- --- Toerless Eckert, eckert@cisco.com From nobody Thu Dec 17 14:27:00 2015 Return-Path: X-Original-To: anima-bootstrap@ietfa.amsl.com Delivered-To: anima-bootstrap@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 540651A8BB1 for ; Thu, 17 Dec 2015 14:26:59 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -14.511 X-Spam-Level: X-Spam-Status: No, score=-14.511 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id h1mfNqgMdFGc for ; Thu, 17 Dec 2015 14:26:57 -0800 (PST) Received: from rcdn-iport-6.cisco.com (rcdn-iport-6.cisco.com [173.37.86.77]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8AFA31A8ACA for ; Thu, 17 Dec 2015 14:26:57 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=3830; q=dns/txt; s=iport; t=1450391217; x=1451600817; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=MmRNbLMn21xwsQSgRKs+NO3X4v+dFr67oZq6vbEl5PY=; b=izcNHl5JXnMcSDZM+QnHWgdWNNLGnZFmSPb5TWYbuxCpZTMPXKdM/sjU lq7F2C8cSLGoaMKprOPxowuSwSuklzOPVR2fja7LJfK+YXtWt46xpoB8Y 6pqI25MgJuTD0dgYyQ4am1lwtujKMJOYSKzPZBuL0fY9T0PuvpjHmysNg I=; X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0D8AQCbNXNW/4YNJK1egzpSXg8GvVMBD?= =?us-ascii?q?YFiFwqFbAKBPTgUAQEBAQEBAYEKhDQBAQEDAQEBATc0CwUHBAIBCBEEAQEBHhA?= =?us-ascii?q?hBgsdCAIEDgUIiBIDCggOuT0NhCkBAQEBAQEBAQEBAQEBAQEBAQEBAQEUBIZWh?= =?us-ascii?q?H6CU4FWhRcFln0Bi0+BcZVJh1oBIAEBQoQEcgGDYYEIAQEB?= X-IronPort-AV: E=Sophos;i="5.20,443,1444694400"; d="scan'208";a="56631876" Received: from alln-core-12.cisco.com ([173.36.13.134]) by rcdn-iport-6.cisco.com with ESMTP/TLS/DHE-RSA-AES256-SHA; 17 Dec 2015 22:26:56 +0000 Received: from XCH-ALN-003.cisco.com (xch-aln-003.cisco.com [173.36.7.13]) by alln-core-12.cisco.com (8.14.5/8.14.5) with ESMTP id tBHMQupk022166 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Thu, 17 Dec 2015 22:26:56 GMT Received: from xch-rcd-006.cisco.com (173.37.102.16) by XCH-ALN-003.cisco.com (173.36.7.13) with Microsoft SMTP Server (TLS) id 15.0.1104.5; Thu, 17 Dec 2015 16:26:55 -0600 Received: from xch-rcd-006.cisco.com ([173.37.102.16]) by XCH-RCD-006.cisco.com ([173.37.102.16]) with mapi id 15.00.1104.009; Thu, 17 Dec 2015 16:26:55 -0600 From: "Michael Behringer (mbehring)" To: "Toerless Eckert (eckert)" Thread-Topic: [Anima-bootstrap] anima-bootstrap: Bootstrap proxy discovery options Thread-Index: AQHRLjUzV0yYB4U3OkOkSfr7faNAW56/ogkAgACqeACAARe8AIABQjvQgABq+gCADKhzwA== Date: Thu, 17 Dec 2015 22:26:55 +0000 Message-ID: <65bbfa373d044c869bca321c1600a63b@XCH-RCD-006.cisco.com> References: <20151204014333.GZ29056@cisco.com> <6471865864850e6c34961f12d45853cd@xs4all.nl> <5665D85C.5010604@gmail.com> <92ddd96dc21275a00aab797656407971@xs4all.nl> <20151209132224.GO29056@cisco.com> In-Reply-To: <20151209132224.GO29056@cisco.com> Accept-Language: en-GB, en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ms-exchange-transport-fromentityheader: Hosted x-originating-ip: [10.55.238.133] Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Archived-At: Cc: "anima-bootstrap@ietf.org" , "consultancy@vanderstok.org" Subject: Re: [Anima-bootstrap] anima-bootstrap: Bootstrap proxy discovery options X-BeenThere: anima-bootstrap@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Mailing list for the bootstrap design team of the ANIMA WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 17 Dec 2015 22:26:59 -0000 > -----Original Message----- > From: Toerless Eckert (eckert) > Sent: 09 December 2015 14:22 > To: Michael Behringer (mbehring) > Cc: consultancy@vanderstok.org; Brian E Carpenter > ; anima-bootstrap@ietf.org > Subject: Re: [Anima-bootstrap] anima-bootstrap: Bootstrap proxy discovery > options >=20 >=20 > Michael: >=20 > Lets assume we replace EST bootstraap with "a guy with a USB stick feedin= g > manually domain certs to greenfield devices". >=20 > a) I agree that we would want to make sure our protocols are set up so th= at > even such > a device could perfectly bring up ACP afterwards and continue with the= rest > of autonomic functions (GRASP inside ACP, agents,...). We agree.=20 =20 > b) I don't think we would want to call such a device "autonomic". It's pa= rtial > autonomic at best. But yes, it may be perfectly valid and relevant to = some > industries. I don't care what we call it. "fully autonomic" won't happen for a long tim= e anyway. But aside of the naming, I really think the key value of AN is way beyond b= ootstrap. Not today, but in the future. So frankly, if someone wants to use= another method to bootstrap, I really don't care.=20 > If you agree, then the problem is IMHO primarily in the reference model > calling out that devices that for one reason or the other can not / want-= not > implement the whole ANIMA suite can perfectly well implement just parts o= f > it, because ANIMA is defined such that the different building blocks are > modular. Just that such a device is only "partial-autonomic" (or whateve= r you > think is a good naming to distinguish it from a truely autonomic device). Yup. we can do that.=20 > Btw: This also goes the other way, eg: it would IHO make sense that the > bootstrap spec can be deplpoyed on devices that do not want any further A= N > functions after the certificates are enrolled. I think that option is als= o > something we want to explain in the bootstrap draft. True. And we do already have customers that are JUST interested in the boot= strap, Sprint was one case. Remember, they wanted to disable AN after boots= trap!!=20 All I'm saying, let's be practical, not religious. :-)=20 Michael > Cheers > Toerless >=20 > On Wed, Dec 09, 2015 at 01:08:39PM +0000, Michael Behringer (mbehring) > wrote: > > > The discovery alternatives cited by toerless impress me as a list of > > > services of which at least one must be present. > > > > > > Therefore my consideration that for something as basic as Service > > > discovery, some industries may regret that they need for example > > > mDNS next to their favoured discovery service e.g. Resource Directory= . > > > Faced with this choice they may decide that mDNS is not wanted but > > > replaced by RD; and the Anima code in their products is adapted for > > > that choice; while maintaining interoperability with ANIMA routers > > > in all other respects. > > > > At the end of the day I personally don't care *how* a domain certificat= e > gets onto a new device. > > > > Probably we should be more clear on this, draw a big line, and state th= at > the domain enrolment process may be replaced by many other methods, > and that's ok. > > > > So for us here that means, AN must also work if the domain certificates= are > (for whatever reason) already on the devices. I.e., what happens later in= the > AN process must not depend on anything in the bootstrap process, except > the PKI info. > > > > Michael > > > > > Peter > > > > > > _______________________________________________ > > > Anima-bootstrap mailing list > > > Anima-bootstrap@ietf.org > > > https://www.ietf.org/mailman/listinfo/anima-bootstrap From nobody Thu Dec 17 23:10:51 2015 Return-Path: X-Original-To: anima-bootstrap@ietfa.amsl.com Delivered-To: anima-bootstrap@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 09C6B1B33E4 for ; Thu, 17 Dec 2015 23:10:50 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.601 X-Spam-Level: X-Spam-Status: No, score=-2.601 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id o-Rws3Q5vGvP for ; Thu, 17 Dec 2015 23:10:47 -0800 (PST) Received: from lb3-smtp-cloud6.xs4all.net (lb3-smtp-cloud6.xs4all.net [194.109.24.31]) (using TLSv1 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6BD771B33E3 for ; Thu, 17 Dec 2015 23:10:47 -0800 (PST) Received: from webmail.xs4all.nl ([194.109.20.213]) by smtp-cloud6.xs4all.net with ESMTP id uvAl1r00U4bqPqS01vAlh3; Fri, 18 Dec 2015 08:10:45 +0100 Received: from 2001:983:a264:1:c0f1:ac64:aca8:e5e by webmail.xs4all.nl with HTTP (HTTP/1.1 POST); Fri, 18 Dec 2015 08:10:45 +0100 MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII; format=flowed Content-Transfer-Encoding: 7bit Date: Fri, 18 Dec 2015 08:10:45 +0100 From: peter van der Stok To: "Michael Behringer (mbehring)" Organization: vanderstok consultancy Mail-Reply-To: consultancy@vanderstok.org In-Reply-To: <65bbfa373d044c869bca321c1600a63b@XCH-RCD-006.cisco.com> References: <20151204014333.GZ29056@cisco.com> <6471865864850e6c34961f12d45853cd@xs4all.nl> <5665D85C.5010604@gmail.com> <92ddd96dc21275a00aab797656407971@xs4all.nl> <20151209132224.GO29056@cisco.com> <65bbfa373d044c869bca321c1600a63b@XCH-RCD-006.cisco.com> Message-ID: <28930023d0c1e8ef2329a81a86302ff4@xs4all.nl> X-Sender: stokcons@xs4all.nl (muTCS2vD3yL64tS8j0qoi//e2BXcufK/) User-Agent: XS4ALL Webmail Archived-At: Cc: "Toerless Eckert \(eckert\)" , anima-bootstrap@ietf.org, consultancy@vanderstok.org Subject: Re: [Anima-bootstrap] anima-bootstrap: Bootstrap proxy discovery options X-BeenThere: anima-bootstrap@ietf.org X-Mailman-Version: 2.1.15 Precedence: list Reply-To: consultancy@vanderstok.org List-Id: Mailing list for the bootstrap design team of the ANIMA WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 18 Dec 2015 07:10:50 -0000 Hi all, +1 for me. I like the direction of this discussion given my background. Peter Michael Behringer (mbehring) schreef op 2015-12-17 23:26: >> -----Original Message----- >> From: Toerless Eckert (eckert) >> Sent: 09 December 2015 14:22 >> To: Michael Behringer (mbehring) >> Cc: consultancy@vanderstok.org; Brian E Carpenter >> ; anima-bootstrap@ietf.org >> Subject: Re: [Anima-bootstrap] anima-bootstrap: Bootstrap proxy >> discovery >> options >> >> >> Michael: >> >> Lets assume we replace EST bootstraap with "a guy with a USB stick >> feeding >> manually domain certs to greenfield devices". >> >> a) I agree that we would want to make sure our protocols are set up so >> that >> even such >> a device could perfectly bring up ACP afterwards and continue with >> the rest >> of autonomic functions (GRASP inside ACP, agents,...). > > We agree. > >> b) I don't think we would want to call such a device "autonomic". It's >> partial >> autonomic at best. But yes, it may be perfectly valid and relevant >> to some >> industries. > > I don't care what we call it. "fully autonomic" won't happen for a > long time anyway. > > But aside of the naming, I really think the key value of AN is way > beyond bootstrap. Not today, but in the future. So frankly, if someone > wants to use another method to bootstrap, I really don't care. > >> If you agree, then the problem is IMHO primarily in the reference >> model >> calling out that devices that for one reason or the other can not / >> want-not >> implement the whole ANIMA suite can perfectly well implement just >> parts of >> it, because ANIMA is defined such that the different building blocks >> are >> modular. Just that such a device is only "partial-autonomic" (or >> whatever you >> think is a good naming to distinguish it from a truely autonomic >> device). > > Yup. we can do that. > >> Btw: This also goes the other way, eg: it would IHO make sense that >> the >> bootstrap spec can be deplpoyed on devices that do not want any >> further AN >> functions after the certificates are enrolled. I think that option is >> also >> something we want to explain in the bootstrap draft. > > True. And we do already have customers that are JUST interested in the > bootstrap, Sprint was one case. Remember, they wanted to disable AN > after bootstrap!! > > All I'm saying, let's be practical, not religious. :-) > > Michael > >> Cheers >> Toerless >> >> On Wed, Dec 09, 2015 at 01:08:39PM +0000, Michael Behringer (mbehring) >> wrote: >> > > The discovery alternatives cited by toerless impress me as a list of >> > > services of which at least one must be present. >> > > >> > > Therefore my consideration that for something as basic as Service >> > > discovery, some industries may regret that they need for example >> > > mDNS next to their favoured discovery service e.g. Resource Directory. >> > > Faced with this choice they may decide that mDNS is not wanted but >> > > replaced by RD; and the Anima code in their products is adapted for >> > > that choice; while maintaining interoperability with ANIMA routers >> > > in all other respects. >> > >> > At the end of the day I personally don't care *how* a domain certificate >> gets onto a new device. >> > >> > Probably we should be more clear on this, draw a big line, and state that >> the domain enrolment process may be replaced by many other methods, >> and that's ok. >> > >> > So for us here that means, AN must also work if the domain certificates are >> (for whatever reason) already on the devices. I.e., what happens later >> in the >> AN process must not depend on anything in the bootstrap process, >> except >> the PKI info. >> > >> > Michael >> > >> > > Peter >> > > >> > > _______________________________________________ >> > > Anima-bootstrap mailing list >> > > Anima-bootstrap@ietf.org >> > > https://www.ietf.org/mailman/listinfo/anima-bootstrap > > _______________________________________________ > Anima-bootstrap mailing list > Anima-bootstrap@ietf.org > https://www.ietf.org/mailman/listinfo/anima-bootstrap